CVE-2020-10987

The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter...

PT-2020-4297 · Tenda · Tenda Ac15 Ac1900

Name of the Vulnerable Software and Affected Versions: Tenda AC15 AC1900 version 15.03.05.19 Description: The issue is related to insufficient neutralization of special elements, allowing remote attackers to execute arbitrary system commands. This can be achieved via the "deviceName" POST paramet...

CVE-2020-12131

The AirDisk Pro app 5.5.3 for iOS allows XSS via the devicename parameter shown next to the UI logo...

CVE-2020-12131

The AirDisk Pro app 5.5.3 for iOS allows XSS via the devicename parameter shown next to the UI logo...

Advantech WebAccess/NMS MibBrowser SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the handleTargetsByDeviceName method of the...

PT-2018-17947

Name of the Vulnerable Software and Affected Versions Kentico versions 9 through 11 Description A Reflected Cross-Site Scripting issue allows remote attackers to execute malicious JavaScript via a malicious devicename parameter in a link entered through specific screens, including "Pages - Edit...