Lucene search
K

86 matches found

OSV
OSV
added 2022/05/10 2:15 p.m.4 views

CVE-2022-28910

TOTOLink N600R V5.3c.7159B20190425 was discovered to contain a command injection vulnerability via the devicename parameter in /setting/setDeviceName...

9.8CVSS7.3AI score0.02463EPSS
Exploits1References1
Prion
Prion
added 2022/05/10 2:15 p.m.17 views

Command injection

TOTOLink N600R V5.3c.7159B20190425 was discovered to contain a command injection vulnerability via the devicename parameter in /setting/setDeviceName...

10CVSS9.7AI score0.02463EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2022/05/10 2:15 p.m.16 views

Design/Logic Flaw

D-Link DAP-1330OSS-firmware1.00b21 was discovered to contain a heap overflow via the devicename parameter in /goform/setDeviceSettings...

10CVSS9.6AI score0.13319EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/05/10 1:17 p.m.94 views

CVE-2022-28910

Summary (CVE-2022-28910) : A command injection vulnerability exists in TOTOLink N600R router due to the devicename parameter in the API endpoint /setting/setDeviceName . The issue, observed in version V5.3c.7159_B20190425, could allow an unauthenticated or remote attacker to inject and execute ar...

10CVSS9.8AI score0.02463EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/05/10 1:17 p.m.36 views

CVE-2022-28910

TOTOLink N600R V5.3c.7159B20190425 was discovered to contain a command injection vulnerability via the devicename parameter in /setting/setDeviceName...

10AI score0.02463EPSS
Exploits1References1
CVE
CVE
added 2022/05/10 1:16 p.m.65 views

CVE-2022-29329

CVE-2022-29329 affects D-Link DAP-1330 OSS firmware 1.00b21. A heap overflow is triggered by the devicename parameter in /goform/setDeviceSettings. The issue is described across multiple sources (NVD/Red Hat/CVE listings) as a heap-based vulnerability in the device settings endpoint, with network...

10CVSS9.6AI score0.13319EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2022/05/10 12:0 a.m.3 views

TOTOLINK N600R 操作系统命令注入漏洞

TOTOLINK N600R is a wireless router from Taiwan-based TOTOLINK, which is vulnerable to a command injection attack via the devicename parameter in /etting/setDeviceName...

10CVSS8.5AI score0.02463EPSS
Exploits1References2
OSV
OSV
added 2022/03/15 10:15 p.m.2 views

CVE-2022-26212

Totolink A830R V5.9c.4729B20191112, A3100R V4.1.2cu.5050B20200504, A950RG V4.1.2cu.5161B20200903, A800R V4.1.2cu.5137B20200730, A3000RU V5.9c.5185B20201128, and A810R V4.1.2cu.5182B20201026 were discovered to contain a command injection vulnerability in the function setDeviceName, via the deviceM...

9.8CVSS7.5AI score0.02806EPSS
Exploits1References1
NVD
NVD
added 2022/03/10 5:47 p.m.23 views

CVE-2022-25550

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service DoS via the deviceName parameter...

7.8CVSS0.01219EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/03/10 12:0 a.m.4 views

Tenda AX1806 缓冲区错误漏洞

The Tenda AX1806 is a WiFi6 wireless router from Tenda, a Chinese company. A stack overflow vulnerability exists in the Tenda AX1806 saveParentControlInfo function, which can be exploited by an attacker to cause a Denial of Service DoS via the deviceName parameter...

7.8CVSS5.8AI score0.01219EPSS
Exploits1References2
CVE
CVE
added 2022/03/09 6:27 p.m.113 views

CVE-2022-25550

The vulnerability CVE-2022-25550 affects the Tenda AX1806 (v1.0.0.1). A stack overflow in the saveParentControlInfo function can be triggered via the deviceName parameter, enabling a Denial of Service (DoS). The CVSS suggests HIGH impact with network access, low attack complexity, and no user int...

7.8CVSS7.6AI score0.01219EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/03/09 6:27 p.m.24 views

CVE-2022-25550

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service DoS via the deviceName parameter...

7.8AI score0.01219EPSS
Exploits1References1
OSV
OSV
added 2021/11/03 8:15 p.m.5 views

CVE-2021-38411

Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter deviceName of the API modbusWriter-Reader, which may allow an attacker to remotely execute code...

4.8CVSS5.8AI score
Exploits0References1
CISA KEV Catalog
CISA KEV Catalog
added 2021/11/03 12:0 a.m.22 views

Tenda AC1900 Router AC15 Model Remote Code Execution Vulnerability

Tenda AC1900 Router AC15 Model contains an unspecified vulnerability that allows remote attackers to execute system commands via the deviceName POST parameter...

10CVSS9.3AI score0.79673EPSS
In wildExploits2
OSV
OSV
added 2021/10/22 8:15 p.m.5 views

CVE-2020-36489

Dropouts Technologies LLP Air Share v1.2 was discovered to contain a cross-site scripting XSS vulnerability in the devicename parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the devicename information...

5.4CVSS6.2AI score0.00551EPSS
Exploits1References1
OSV
OSV
added 2021/10/22 8:15 p.m.5 views

CVE-2020-36502

Swift File Transfer Mobile v1.1.2 was discovered to contain a cross-site scripting XSS vulnerability via the devicename parameter which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered as the device name itself...

6.1CVSS5.9AI score0.00702EPSS
Exploits1References1
Prion
Prion
added 2021/10/22 8:15 p.m.8 views

Cross site scripting

Dropouts Technologies LLP Air Share v1.2 was discovered to contain a cross-site scripting XSS vulnerability in the devicename parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the devicename information...

3.5CVSS5.3AI score0.00551EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2021/10/21 12:0 a.m.4 views

Delta Electronics DiaLink 跨站脚本漏洞

DIALink is an equipment networking platform from Delta Electronics that effectively manages CNC machines and PLC-controlled machines, collects on-site equipment data and connects it to the upper management platform through a unified interface, and at the same time provides visual information...

5.5CVSS5.7AI score0.00604EPSS
Exploits0References5
VulnCheck KEV
VulnCheck KEV
added 2020/11/06 12:0 a.m.3 views

VulnCheck KEV: CVE-2020-10987

Tenda AC1900 Router AC15 Model contains an unspecified vulnerability that allows remote attackers to execute system commands via the deviceName POST parameter...

10CVSS7.6AI score0.79673EPSS
Exploits2References1
CNVD
CNVD
added 2020/07/14 12:0 a.m.2 views

Tenda AC15 AC1900 Remote Code Execution Vulnerability

Tenda AC15 AC1900 is a wireless router from Tenda, a Chinese company. A remote code execution vulnerability exists in the goform/setUsbUnload endpoint in the Tenda AC15 AC1900 version 15.03.05.19, which can be exploited to execute arbitrary system commands via the deviceName POST parameter...

10CVSS9.9AI score0.79673EPSS
Exploits2References1
Rows per page
Query Builder