Command injection

An unauthenticated command injection vulnerability exists in the parameters of operation 3 in the controllerserver service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to...

Command injection

An unauthenticated command injection vulnerability exists in the parameters of operation 32 in the controllerserver service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet t...

Gryphon Tower 操作系统命令注入漏洞

A command injection vulnerability exists in Gryphon Tower, a wireless router from Gryphon. The vulnerability stems from a failure to properly filter user input for special characters, commands, etc. in the parameters of operation 49 in the controllerserver service on the router. An unauthenticate...

Gryphon Tower 操作系统命令注入漏洞

The Gryphon Tower is a wireless router from Gryphon. A command injection vulnerability exists in Gryphon Tower, which originates from the failure of the parameters of operation 32 in the controllerserver service on the router to correctly filter special characters, commands, etc. entered by the...

Gryphon Tower 操作系统命令注入漏洞

Gryphon Tower is a wireless router from Gryphon, Inc. A command injection vulnerability exists in Gryphon Tower, which stems from the failure to properly filter user input for special characters, commands, etc. in the controllerserver service on the router, which could be exploited by a remote,...

Gryphon Tower 操作系统命令注入漏洞

A command injection vulnerability exists in Gryphon Tower, a wireless router from Gryphon, which stems from a failure to properly filter user input for special characters, commands, etc. in the parameters of operation 10 in the controllerserver service on the router. An unauthenticated, remote...

CVE-2020-11922

An issue was discovered in WiZ Colors A60 1.14.0. The device sends unnecessary information to the cloud controller server. Although this information is sent encrypted and has low risk in isolation, it decreases the privacy of the end user. The information sent includes the local IP address being...

Design/Logic Flaw

An issue was discovered in WiZ Colors A60 1.14.0. The device sends unnecessary information to the cloud controller server. Although this information is sent encrypted and has low risk in isolation, it decreases the privacy of the end user. The information sent includes the local IP address being...

CVE-2020-11922

An issue was discovered in WiZ Colors A60 1.14.0. The device sends unnecessary information to the cloud controller server. Although this information is sent encrypted and has low risk in isolation, it decreases the privacy of the end user. The information sent includes the local IP address being...

WiZ Connected WiZ Colors A60 信息泄露漏洞

WiZ Connected WiZ Colors A60 is a smart LED light from the Chinese company WiZ Connected. An information disclosure vulnerability exists in WiZ Colors A60 version 1.14.0, which stems from the device sending unnecessary information to the cloud controller server. No details of the vulnerability ar...

PT-2021-9428 · Unknown · Wiz Colors A60

Name of the Vulnerable Software and Affected Versions: WiZ Colors A60 version 1.14.0 Description: An issue was discovered where the device sends unnecessary information to the cloud controller server, including the local IP address and the SSID of the Wi-Fi network it is connected to. Although th...