PT-2026-1921

Name of the Vulnerable Software and Affected Versions KAYSUS KS-WR3600 router version 1.0.5.9.1 Description KAYSUS KS-WR3600 routers with firmware version 1.0.5.9.1 have a configuration management issue. An attacker with an active user session can query the backup endpoint and download a full...

KAYSUS KS-WR3600 安全漏洞

The KAYSUS KS-WR3600 is a wireless router from the Chinese company KAYSUS. A security vulnerability exists in the KAYSUS KS-WR3600 version 1.0.5.9.1, which stems from improper configuration management and could allow an attacker to download a full configuration archive containing sensitive files...

CVE-2025-68719

KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 mishandle configuration management. Once any user is logged in and maintains an active session, an attacker can directly query the backup endpoint and download a full configuration archive. This archive contains sensitive files such as /etc/shadow,...

EUVD-2019-19377

Dongyoung Media DM-AP240T/W wireless access points contain an unauthenticated configuration disclosure vulnerability in the /cgi-bin/syssystemconfig management endpoint. The endpoint allows remote retrieval of a compressed configuration archive without requiring authentication or authorization. T...

EUVD-2019-5908

Malware in sbrugna...

Magento 2 Community Edition RCE Vulnerability

A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to import features can execute arbitrary code via crafted configuration archive file upload. As...

CVE-2021-27857

A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, unauthenticated attacker to download a configuration archive. The attacker needs to know or correctly guess the hostname o...

Authorization

A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, unauthenticated attacker to download a configuration archive. The attacker needs to know or correctly guess the hostname o...

CVE-2021-27857

CVE-2021-27857 describes a missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN. Before versions 10.1.2r60p91 and 10.2.2r42, remote unauthenticated attackers can download a configuration archive, with the hostname used as part of the file name. Old...

Design/Logic Flaw

A vulnerability in the configuration archive functionality of Cisco DNA Center could allow any privilege-level authenticated, remote attacker to obtain the full unmasked running configuration of managed devices. The vulnerability is due to the configuration archives files being stored in clear...

CVE-2021-1265 Cisco DNA Center Information Disclosure Vulnerability

A vulnerability in the configuration archive functionality of Cisco DNA Center could allow any privilege-level authenticated, remote attacker to obtain the full unmasked running configuration of managed devices. The vulnerability is due to the configuration archives files being stored in clear...

Cisco DNA Center Information Disclosure Vulnerability

A vulnerability in the configuration archive functionality of Cisco DNA Center could allow any privilege-level authenticated, remote attacker to obtain the full unmasked running configuration of managed devices. The vulnerability is due to the configuration archives files being stored in clear...

PT-2021-1811 · Cisco · Cisco Dna Center

Name of the Vulnerable Software and Affected Versions: Cisco DNA Center affected versions not specified Description: The issue is related to the configuration archive functionality, where confidential information is stored unencrypted. This could allow a remote attacker to gain unauthorized acces...

CVE-2019-8114

A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to import features can execute arbitrary code via crafted configuration archive file upload...

CVE-2019-8114

A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to import features can execute arbitrary code via crafted configuration archive file upload...