Lucene search
+L

439 matches found

OSV
OSV
added 2026/02/03 3:15 a.m.5 views

CVE-2026-24934

The DDNS function uses an insecure HTTP connection or fails to validate the SSL/TLS certificate when querying an external server for the device's WAN IP address. An unauthenticated remote attacker can perform a Man-in-the-Middle MitM attack to spoof the response, leading the device to update its...

3.7CVSS5.9AI score0.00156EPSS
Exploits0References1
NVD
NVD
added 2026/02/03 3:15 a.m.11 views

CVE-2026-24932

The DDNS update function in ADM fails to properly validate the hostname of the DDNS server's TLS/SSL certificate. Although the connection uses HTTPS, an improper validated TLS/SSL certificates allows a remote attacker can intercept the communication to perform a Man-in-the-Middle MitM attack, whi...

8.9CVSS0.00206EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/03 2:26 a.m.5 views

CVE-2026-24934 An improper certificate validation vulnerability was found in ADM while querying an external server for the device's WAN IP address.

The DDNS function uses an insecure HTTP connection or fails to validate the SSL/TLS certificate when querying an external server for the device's WAN IP address. An unauthenticated remote attacker can perform a Man-in-the-Middle MitM attack to spoof the response, leading the device to update its...

6.3CVSS5.6AI score0.00156EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/03 2:26 a.m.10 views

EUVD-2026-5285

The DDNS function uses an insecure HTTP connection or fails to validate the SSL/TLS certificate when querying an external server for the device's WAN IP address. An unauthenticated remote attacker can perform a Man-in-the-Middle MitM attack to spoof the response, leading the device to update its...

6.3CVSS5.6AI score0.00156EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/03 2:19 a.m.7 views

CVE-2026-24932 An improper certificate validation vulnerability was found in ADM while updating the DDNS settings.

The DDNS update function in ADM fails to properly validate the hostname of the DDNS server's TLS/SSL certificate. Although the connection uses HTTPS, an improper validated TLS/SSL certificates allows a remote attacker can intercept the communication to perform a Man-in-the-Middle MitM attack, whi...

8.9CVSS5.5AI score0.00206EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/03 2:19 a.m.36 views

CVE-2026-24932 An improper certificate validation vulnerability was found in ADM while updating the DDNS settings.

The DDNS update function in ADM fails to properly validate the hostname of the DDNS server's TLS/SSL certificate. Although the connection uses HTTPS, an improper validated TLS/SSL certificates allows a remote attacker can intercept the communication to perform a Man-in-the-Middle MitM attack, whi...

8.9CVSS0.00206EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/03 2:19 a.m.10 views

CVE-2026-24932

The DDNS update function in ADM fails to properly validate the hostname of the DDNS server's TLS/SSL certificate. Although the connection uses HTTPS, an improper validated TLS/SSL certificates allows a remote attacker can intercept the communication to perform a Man-in-the-Middle MitM attack, whi...

8.9CVSS5.5AI score0.00206EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.14 views

ASUSTOR ADM 安全漏洞

ASUSTOR ADM is a dedicated operating system developed by ASUSTOR Technology ASUSTOR for all ASUSTOR NAS devices. Vulnerabilities exist in versions 4.1.0 to 4.3.3.ROF1, and from version 5.0.0 to 5.1.1.RCI1 of ASUSTOR ADM. These vulnerabilities stem from the use of insecure HTTP connections in the...

6.3CVSS7.1AI score0.00156EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/26 12:0 a.m.16 views

PT-2026-6970

Name of the Vulnerable Software and Affected Versions D-Link DIR-823X version 250416 Description A security issue exists in the DDNS Service component of D-Link DIR-823X version 250416. The issue relates to the processing of the /goform/set ddns file. Manipulation of the ddnsType, ddnsDomainName,...

9CVSS5.7AI score0.04317EPSS
Exploits1References12
RedhatCVE
RedhatCVE
added 2026/01/09 9:33 a.m.28 views

CVE-2024-39229

An issue in GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, XE3000/X3000 v4, and B2200/MV1000/MV1000W/USB150/N300/SF1200 v3.216 allows attackers to...

6.5CVSS6.8AI score0.00179EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/26 3:3 p.m.17 views

CVE-2025-15081

A vulnerability has been found in JD Cloud BE6500 4.4.1.r4308. This issue affects the function sub4780 of the file /jdcapi. Such manipulation of the argument ddnsname leads to command injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used...

6.5CVSS6.6AI score0.02347EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/25 3:2 p.m.6 views

EUVD-2025-205379

A vulnerability has been found in JD Cloud BE6500 4.4.1.r4308. This issue affects the function sub4780 of the file /jdcapi. Such manipulation of the argument ddnsname leads to command injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used...

6.5CVSS6.2AI score0.02347EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/12/25 3:2 p.m.4 views

CVE-2025-15081 JD Cloud BE6500 jdcapi sub_4780 command injection

A vulnerability has been found in JD Cloud BE6500 4.4.1.r4308. This issue affects the function sub4780 of the file /jdcapi. Such manipulation of the argument ddnsname leads to command injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used...

6.5CVSS6.4AI score0.02347EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/25 12:0 a.m.7 views

PT-2025-53404

Name of the Vulnerable Software and Affected Versions JD Cloud BE6500 version 4.4.1.r4308 Description A command injection issue exists in JD Cloud BE6500 version 4.4.1.r4308. The issue is located in the /jdcapi file and affects the sub 4780 function. Manipulation of the ddns name argument can lea...

6.5CVSS7.1AI score0.02347EPSS
Exploits0References9
CNNVD
CNNVD
added 2025/12/25 12:0 a.m.10 views

JD Cloud BE6500 命令注入漏洞

The JD Cloud BE6500 is a WiFi router from the Chinese company Jingdong JD. A command injection vulnerability exists in the JD Cloud BE6500 version 4.4.1.r4308, which stems from misuse of the parameter ddnsname of the function sub4780 in the file /jdcapi, which could lead to a command injection...

6.5CVSS6.8AI score0.02347EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/12/23 12:0 a.m.32 views

CVE-2025-29229

linksys E5600 V1.1.0.26 is vulnerable to command injection in the function ddnsStatus...

0.01134EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/23 12:30 p.m.7 views

EUVD-2025-198565

A flaw has been found in D-Link DIR-822K and DWR-M920 1.0020250513164613/1.1.50. This affects an unknown part of the file /boafrm/formDdns. This manipulation of the argument submit-url causes memory corruption. The attack may be initiated remotely. The exploit has been published and may be used...

9CVSS6.3AI score0.00676EPSS
Exploits1References8
Vulnrichment
Vulnrichment
added 2025/11/23 11:2 a.m.6 views

CVE-2025-13547 D-Link DIR-822K/DWR-M920 formDdns memory corruption

A flaw has been found in D-Link DIR-822K and DWR-M920 1.0020250513164613/1.1.50. This affects an unknown part of the file /boafrm/formDdns. This manipulation of the argument submit-url causes memory corruption. The attack may be initiated remotely. The exploit has been published and may be used...

9CVSS6.5AI score0.00676EPSS
Exploits1References7
Rockylinux
Rockylinux
added 2025/11/21 6:19 p.m.5 views

kea security update

An update is available for kea. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list DHCP implementation from Internet Systems Consortium, Inc. that features fully...

7.5CVSS6.9AI score0.00387EPSS
Exploits0
OSV
OSV
added 2025/11/13 6:15 p.m.6 views

CVE-2025-60697

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1FW102B02 within the prog.cgi and rc binaries. The sub4438A4 function in prog.cgi stores user-supplied DDNS parameters ServerAddress and Hostname in NVRAM via nvramsafeset. These values are later retrieved in th...

7.3CVSS6.2AI score0.0382EPSS
Exploits1References4
Rows per page
Query Builder