Lucene search
K

9794 matches found

NVD
NVD
added 2021/04/14 4:15 p.m.20 views

CVE-2021-27250

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. When...

6.5CVSS0.66045EPSS
Exploits0References2
Prion
Prion
added 2021/04/14 4:15 p.m.18 views

Design/Logic Flaw

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. The issue result...

8.3CVSS8.8AI score0.05089EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2021/04/14 4:15 p.m.17 views

Stack overflow

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. When parsing the...

8.3CVSS8.8AI score0.026EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2021/04/14 4:15 p.m.23 views

Design/Logic Flaw

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. When...

3.3CVSS6.2AI score0.66045EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/04/14 3:45 p.m.76 views

CVE-2021-27250

Summary (CVE-2021-27250) : Affected product is D-Link DAP-2020 Wi‑Fi access points (v1.01rc001). The flaw is in CGI script handling, specifically when parsing the errorpage parameter; the process does not validate a user-supplied path before using it in file operations, enabling a network-adjacen...

6.5CVSS6.4AI score0.66045EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/04/14 3:45 p.m.21 views

CVE-2021-27250

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. When...

6.5CVSS6.9AI score0.66045EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/04/14 3:45 p.m.16 views

CVE-2021-27249

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. The issue result...

8.8CVSS9AI score0.05089EPSS
Exploits0References2
CVE
CVE
added 2021/04/14 3:45 p.m.75 views

CVE-2021-27248

CVE-2021-27248 affects D-Link DAP-2020 v1.01rc001. The vulnerability is a stack-based buffer overflow in the webproc CGI handling of the getpage parameter, where the length of user data is not properly validated before copying to a fixed-length stack buffer. This allows network-adjacent, unauthen...

8.8CVSS8.8AI score0.026EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/04/14 3:45 p.m.21 views

CVE-2021-27248

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. When parsing the...

8.8CVSS9AI score0.026EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2021/04/14 12:0 a.m.4 views

The vulnerability of QTS web servers for operating systems and QNAP network storage devices allows a hacker to execute arbitrary code.

The vulnerability of the QTS web server for operating systems and QNAP network storage devices is related to insufficient protection of operational data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code via CGI scripts from the /mnt/HDAROOT/home/httpd/cgi-bin...

10CVSS6AI score
Exploits0References1
CNVD
CNVD
added 2021/04/13 12:0 a.m.5 views

D-Link DAP-1880AC OS Command Execution Vulnerability

The D-Link DAP-1880AC is a wireless access point from AUO D-Link of Taiwan, China. It provides to build a simultaneous dual-band wireless network that enables a wide range of wireless areas in the 2.4GHz and 5GHz bands. A command injection vulnerability exists in DAP-1880AC firmware version 1.2.1...

9CVSS7.9AI score0.02399EPSS
Exploits0References1
OSV
OSV
added 2021/04/12 11:15 a.m.6 views

CVE-2020-24285

INTELBRAS TELEFONE IP TIP200 version 60.61.75.22 allows an attacker to obtain sensitive information through /cgi-bin/cgiServer.exx...

7.5CVSS7.2AI score0.03943EPSS
Exploits1References2
Cvelist
Cvelist
added 2021/04/12 10:49 a.m.24 views

CVE-2020-24285

INTELBRAS TELEFONE IP TIP200 version 60.61.75.22 allows an attacker to obtain sensitive information through /cgi-bin/cgiServer.exx...

7.3AI score0.03943EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/04/12 12:0 a.m.7 views

Intelbras TIP 200 信息泄露漏洞

Intelbras TIP 200 is an IP phone product from Intelbras, Brazil. The device is an IP terminal that supports up to two SIP accounts and has features such as high voice quality HD Voice, LCD 2x15, and power PoE Power over Ethernet. An information disclosure vulnerability exists in INTELBRAS TELEFON...

7.5CVSS7.6AI score0.03943EPSS
Exploits1References3
VulnCheck KEV
VulnCheck KEV
added 2021/04/12 12:0 a.m.4 views

VulnCheck KEV: CVE-2013-1599

A Command Injection vulnerability exists in the /var/www/cgi-bin/rtpd.cgi script in D-Link IP Cameras DCS-3411/3430 firmware 1.02, DCS-5605/5635 1.01, DCS-1100L/1130L 1.04, DCS-1100/1130 1.03, DCS-1100/1130 1.04US, DCS-2102/2121 1.05RU, DCS-3410 1.02, DCS-5230 1.02, DCS-5230L 1.02, DCS-6410...

10CVSS7.3AI score0.40353EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/12 12:0 a.m.6 views

VulnCheck KEV: CVE-2019-0232

When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by...

9.3CVSS7.4AI score0.99652EPSS
Exploits9References1
NVD
NVD
added 2021/04/09 1:15 p.m.28 views

CVE-2021-25328

Skyworth Digital Technology RN510 V.3.1.0.4 RN510 V.3.1.0.4 contains a buffer overflow vulnerability in /cgi-bin/app-staticIP.asp. An authenticated attacker can send a specially crafted request to endpoint which can lead to a denial of service DoS or possible code execution on the device...

8.8CVSS0.03942EPSS
Exploits3References3
CVE
CVE
added 2021/04/09 12:19 p.m.85 views

CVE-2021-25328

The CVE-2021-25328 vulnerability affects Skyworth Digital Technology RN510 firmware v3.1.0.4. It is a buffer overflow in /cgi-bin/app-staticIP.asp. An authenticated attacker can send a specially crafted request to that endpoint, potentially causing a denial of service or executing code on the dev...

8.8CVSS8.8AI score0.03942EPSS
Exploits3References3Affected Software1
Positive Technologies
Positive Technologies
added 2021/04/09 12:0 a.m.7 views

PT-2021-16521 · Skyworth Digital Technology · Rn510

Name of the Vulnerable Software and Affected Versions: Skyworth Digital Technology RN510 version 3.1.0.4 Description: The issue is related to an incorrect access control vulnerability in the /cgi-bin/test version.asp endpoint. If Wi-Fi is connected and an unauthenticated user visits a specific UR...

5.4CVSS5.4AI score0.01486EPSS
Exploits3References7
CNNVD
CNNVD
added 2021/04/07 12:0 a.m.5 views

Rust 缓冲区错误漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A buffer overflow vulnerability exists in Rust outercgi crate versions prior to 0.2.1, which originates when a user-supplied Read instance receives an uninitialized memory buffer from a KeyValueReader. No detail...

9.8CVSS5.9AI score0.011EPSS
Exploits0References2
Rows per page
Query Builder