48 matches found
CVE-2026-8888
Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new RegExp without complexity validation. An on-path attacker can inject specific patterns to cause catastrophic backtracking, resulting in...
CVE-2026-8888
Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new RegExp without complexity validation. An on-path attacker can inject specific patterns to cause catastrophic backtracking, resulting in...
CVE-2026-8888 CVE-2026-8888
Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new RegExp without complexity validation. An on-path attacker can inject specific patterns to cause catastrophic backtracking, resulting in...
EUVD-2026-34168
Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new RegExp without complexity validation. An on-path attacker can inject specific patterns to cause catastrophic backtracking, resulting in...
CVE-2026-8888
The CVE-2026-8888 entry applies to the Securly Chrome Extension (v3.0.7). It downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new RegExp() without complexity validation, enabling an on-path attacker to inject patterns that cause catastrop...
PT-2026-46053
Name of the Vulnerable Software and Affected Versions Securly Chrome Extension version 3.0.7 Description The software downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions using the new RegExp function without complexity validation. An on-path...
Exploit for CVE-2022-30075
TP-L-NK-SIZMA-EXPLO-T TP-Link Router Authenticated RCE Exploit...
CVE-2026-27514
The CVE-2026-27514 entry affects Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi. The vulnerability is in the configuration download functionality, where the response exposes the router password and administrative password in plaintext. Additionally, the response lacks proper Cache-...
PT-2026-21532
Name of the Vulnerable Software and Affected Versions Shenzhen Tenda F3 Wireless Router firmware version V12.01.01.55 multi Description The router firmware contains a flaw where the configuration download feature reveals the router password and administrative password in plaintext. The response...
CVE-2021-47802
CVE-2021-47802 affects Tenda D151 and D301 routers. The issue is an unauthenticated configuration download vulnerability reachable via /goform/getimage, permitting remote attackers to retrieve router configuration data, including admin credentials. The provided connected sources corroborate the v...
CVE-2023-53896 D-Link DAP-1325 Hardware A1 Unauthenticated Configuration Download
D-Link DAP-1325 firmware version 1.01 contains a broken access control vulnerability that allows unauthenticated attackers to download device configuration settings without authentication. Attackers can exploit the /cgi-bin/ExportSettings.sh endpoint to retrieve sensitive configuration informatio...
CVE-2023-53770
MiniDVBLinux 5.4 contains an unauthenticated configuration download vulnerability that allows remote attackers to access sensitive system configuration files through a direct object reference. Attackers can exploit the backup download endpoint by sending a GET request with 'action=getconfig' to...
CVE-2025-29514
Incorrect access control in the config.xgi function of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to download the configuration file via providing a crafted web request...
CVE-2023-22636
An unauthorized configuration download vulnerability in FortiWeb 6.3.6 through 6.3.21, 6.4.0 through 6.4.2 and 7.0.0 through 7.0.4 may allow a local attacker to access confidential configuration files via a crafted http request...
Brocade Fabric OS before 9.2.2 does not enforce strict host key checking
A vulnerability in Brocade Fabric OS versions before 9.2.2 could allow man-in-the-middle attackers to conduct remote Service Session Hijacking that may arise from the attacker's ability to forge an SSH key while the Brocade Fabric OS Switch is performing various remote operations initiated by a...
ABB Cylon Aspect 3.08.01 mapConfigurationDownload.php Configuration Download Vulnerability
ABB Cylon Aspect version 3.08.01 suffers from an unauthenticated configuration download vulnerability. This can be exploited to download the SQLite DB that contains the configuration mappings information via the FTControlServlet by directly calling the mapConfigurationDownload.php script. ABB Cyl...
ABB Cylon Aspect 3.08.01 (mapConfigurationDownload.php) Config Download
Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from an unauthenticated...
PT-2024-26442 · Anpviz · Anpviz
Name of the Vulnerable Software and Affected Versions: Anpviz products versions 3.2.2.2 and lower Description: The issue allows unauthenticated users to download the running configuration of the device via a HTTP GET request to "/ConfigFile.ini" or "/config.xml" URIs. This configuration file...
Exploit for Improper Authentication in Hikvision Ds-2Cd2032-I_Firmware
cve-2017-7921-Mass-Exploit Mass Config Download python3 dow...
CVE-2023-6940
with only one user interactiondownload a malicious config, attackers can gain full command execution on the victim system...