9794 matches found
CVE-2021-27250
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. When...
Design/Logic Flaw
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. The issue result...
Stack overflow
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. When parsing the...
Design/Logic Flaw
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. When...
CVE-2021-27250
Summary (CVE-2021-27250) : Affected product is D-Link DAP-2020 Wi‑Fi access points (v1.01rc001). The flaw is in CGI script handling, specifically when parsing the errorpage parameter; the process does not validate a user-supplied path before using it in file operations, enabling a network-adjacen...
CVE-2021-27250
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. When...
CVE-2021-27249
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. The issue result...
CVE-2021-27248
CVE-2021-27248 affects D-Link DAP-2020 v1.01rc001. The vulnerability is a stack-based buffer overflow in the webproc CGI handling of the getpage parameter, where the length of user data is not properly validated before copying to a fixed-length stack buffer. This allows network-adjacent, unauthen...
CVE-2021-27248
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. When parsing the...
The vulnerability of QTS web servers for operating systems and QNAP network storage devices allows a hacker to execute arbitrary code.
The vulnerability of the QTS web server for operating systems and QNAP network storage devices is related to insufficient protection of operational data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code via CGI scripts from the /mnt/HDAROOT/home/httpd/cgi-bin...
D-Link DAP-1880AC OS Command Execution Vulnerability
The D-Link DAP-1880AC is a wireless access point from AUO D-Link of Taiwan, China. It provides to build a simultaneous dual-band wireless network that enables a wide range of wireless areas in the 2.4GHz and 5GHz bands. A command injection vulnerability exists in DAP-1880AC firmware version 1.2.1...
CVE-2020-24285
INTELBRAS TELEFONE IP TIP200 version 60.61.75.22 allows an attacker to obtain sensitive information through /cgi-bin/cgiServer.exx...
CVE-2020-24285
INTELBRAS TELEFONE IP TIP200 version 60.61.75.22 allows an attacker to obtain sensitive information through /cgi-bin/cgiServer.exx...
Intelbras TIP 200 信息泄露漏洞
Intelbras TIP 200 is an IP phone product from Intelbras, Brazil. The device is an IP terminal that supports up to two SIP accounts and has features such as high voice quality HD Voice, LCD 2x15, and power PoE Power over Ethernet. An information disclosure vulnerability exists in INTELBRAS TELEFON...
VulnCheck KEV: CVE-2013-1599
A Command Injection vulnerability exists in the /var/www/cgi-bin/rtpd.cgi script in D-Link IP Cameras DCS-3411/3430 firmware 1.02, DCS-5605/5635 1.01, DCS-1100L/1130L 1.04, DCS-1100/1130 1.03, DCS-1100/1130 1.04US, DCS-2102/2121 1.05RU, DCS-3410 1.02, DCS-5230 1.02, DCS-5230L 1.02, DCS-6410...
VulnCheck KEV: CVE-2019-0232
When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by...
CVE-2021-25328
Skyworth Digital Technology RN510 V.3.1.0.4 RN510 V.3.1.0.4 contains a buffer overflow vulnerability in /cgi-bin/app-staticIP.asp. An authenticated attacker can send a specially crafted request to endpoint which can lead to a denial of service DoS or possible code execution on the device...
CVE-2021-25328
The CVE-2021-25328 vulnerability affects Skyworth Digital Technology RN510 firmware v3.1.0.4. It is a buffer overflow in /cgi-bin/app-staticIP.asp. An authenticated attacker can send a specially crafted request to that endpoint, potentially causing a denial of service or executing code on the dev...
PT-2021-16521 · Skyworth Digital Technology · Rn510
Name of the Vulnerable Software and Affected Versions: Skyworth Digital Technology RN510 version 3.1.0.4 Description: The issue is related to an incorrect access control vulnerability in the /cgi-bin/test version.asp endpoint. If Wi-Fi is connected and an unauthenticated user visits a specific UR...
Rust 缓冲区错误漏洞
Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A buffer overflow vulnerability exists in Rust outercgi crate versions prior to 0.2.1, which originates when a user-supplied Read instance receives an uninitialized memory buffer from a KeyValueReader. No detail...