86 matches found
CVE-2022-28910
TOTOLink N600R V5.3c.7159B20190425 was discovered to contain a command injection vulnerability via the devicename parameter in /setting/setDeviceName...
Command injection
TOTOLink N600R V5.3c.7159B20190425 was discovered to contain a command injection vulnerability via the devicename parameter in /setting/setDeviceName...
Design/Logic Flaw
D-Link DAP-1330OSS-firmware1.00b21 was discovered to contain a heap overflow via the devicename parameter in /goform/setDeviceSettings...
CVE-2022-28910
Summary (CVE-2022-28910) : A command injection vulnerability exists in TOTOLink N600R router due to the devicename parameter in the API endpoint /setting/setDeviceName . The issue, observed in version V5.3c.7159_B20190425, could allow an unauthenticated or remote attacker to inject and execute ar...
CVE-2022-28910
TOTOLink N600R V5.3c.7159B20190425 was discovered to contain a command injection vulnerability via the devicename parameter in /setting/setDeviceName...
CVE-2022-29329
CVE-2022-29329 affects D-Link DAP-1330 OSS firmware 1.00b21. A heap overflow is triggered by the devicename parameter in /goform/setDeviceSettings. The issue is described across multiple sources (NVD/Red Hat/CVE listings) as a heap-based vulnerability in the device settings endpoint, with network...
TOTOLINK N600R 操作系统命令注入漏洞
TOTOLINK N600R is a wireless router from Taiwan-based TOTOLINK, which is vulnerable to a command injection attack via the devicename parameter in /etting/setDeviceName...
CVE-2022-26212
Totolink A830R V5.9c.4729B20191112, A3100R V4.1.2cu.5050B20200504, A950RG V4.1.2cu.5161B20200903, A800R V4.1.2cu.5137B20200730, A3000RU V5.9c.5185B20201128, and A810R V4.1.2cu.5182B20201026 were discovered to contain a command injection vulnerability in the function setDeviceName, via the deviceM...
CVE-2022-25550
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service DoS via the deviceName parameter...
Tenda AX1806 缓冲区错误漏洞
The Tenda AX1806 is a WiFi6 wireless router from Tenda, a Chinese company. A stack overflow vulnerability exists in the Tenda AX1806 saveParentControlInfo function, which can be exploited by an attacker to cause a Denial of Service DoS via the deviceName parameter...
CVE-2022-25550
The vulnerability CVE-2022-25550 affects the Tenda AX1806 (v1.0.0.1). A stack overflow in the saveParentControlInfo function can be triggered via the deviceName parameter, enabling a Denial of Service (DoS). The CVSS suggests HIGH impact with network access, low attack complexity, and no user int...
CVE-2022-25550
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service DoS via the deviceName parameter...
CVE-2021-38411
Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter deviceName of the API modbusWriter-Reader, which may allow an attacker to remotely execute code...
Tenda AC1900 Router AC15 Model Remote Code Execution Vulnerability
Tenda AC1900 Router AC15 Model contains an unspecified vulnerability that allows remote attackers to execute system commands via the deviceName POST parameter...
CVE-2020-36489
Dropouts Technologies LLP Air Share v1.2 was discovered to contain a cross-site scripting XSS vulnerability in the devicename parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the devicename information...
CVE-2020-36502
Swift File Transfer Mobile v1.1.2 was discovered to contain a cross-site scripting XSS vulnerability via the devicename parameter which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered as the device name itself...
Cross site scripting
Dropouts Technologies LLP Air Share v1.2 was discovered to contain a cross-site scripting XSS vulnerability in the devicename parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the devicename information...
Delta Electronics DiaLink 跨站脚本漏洞
DIALink is an equipment networking platform from Delta Electronics that effectively manages CNC machines and PLC-controlled machines, collects on-site equipment data and connects it to the upper management platform through a unified interface, and at the same time provides visual information...
VulnCheck KEV: CVE-2020-10987
Tenda AC1900 Router AC15 Model contains an unspecified vulnerability that allows remote attackers to execute system commands via the deviceName POST parameter...
Tenda AC15 AC1900 Remote Code Execution Vulnerability
Tenda AC15 AC1900 is a wireless router from Tenda, a Chinese company. A remote code execution vulnerability exists in the goform/setUsbUnload endpoint in the Tenda AC15 AC1900 version 15.03.05.19, which can be exploited to execute arbitrary system commands via the deviceName POST parameter...