Lucene search
K

33 matches found

Cvelist
Cvelist
added yesterday14 views

CVE-2026-4769 Unauthenticated Access to Internal Diagnostic Interface

Certain devices in the WAGO System I/O Field series activate an internal diagnostic capability during the initial startup sequence. This functionality is not formally documented and becomes accessible without authentication for a brief period in the early boot phase. During this window, an...

9.8CVSS0.00447EPSS
Exploits0References1
CVE
CVE
added yesterday14 views

CVE-2026-4769

The affected product family is WAGO System I/O Field series devices. The CVE describes an undocumented internal diagnostic capability that activates during the initial startup sequence and remains accessible without authentication for a brief window in the early boot phase. During this window, an...

9.8CVSS6.1AI score0.00447EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/07 3:49 a.m.6 views

CVE-2026-27844

Uncaught Exception CWE-248 in the Controller 6000 and Controller 7000 diagnostic web interface allows an authenticated and authorized operator to trigger a Controller restart by sending specific requests, resulting in a temporary denial of service. Version of Command Centre affected: 9.50 prior t...

2.7CVSS6AI score0.00227EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/07/07 3:49 a.m.6 views

EUVD-2026-42002

Uncaught Exception CWE-248 in the Controller 6000 and Controller 7000 diagnostic web interface allows an authenticated and authorized operator to trigger a Controller restart by sending specific requests, resulting in a temporary denial of service. Version of Command Centre affected: 9.50 prior t...

2.7CVSS6AI score0.00227EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/19 3:58 p.m.42 views

CVE-2026-5511 Information Disclosure via Diagnostic Interface Due to Improper Input Validation on TP-Link's Archer AX72

In the web management interface of Archer AX72 SG v1, the network diagnostic feature improperly handles invalid user input, resulting in limited exposure of diagnostic command usage information. An authenticated attacker with administrative privileges could exploit this issue to confirm the...

4.6CVSS0.00216EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/19 3:58 p.m.10 views

CVE-2026-5511 Information Disclosure via Diagnostic Interface Due to Improper Input Validation on TP-Link's Archer AX72

In the web management interface of Archer AX72 SG v1, the network diagnostic feature improperly handles invalid user input, resulting in limited exposure of diagnostic command usage information. An authenticated attacker with administrative privileges could exploit this issue to confirm the...

4.6CVSS5.8AI score0.00216EPSS
Exploits0References2
CVE
CVE
added 2026/05/19 3:58 p.m.35 views

CVE-2026-5511

The CVE-2026-5511 entry affects TP-Link Archer AX72 (SG) in its web management interface. The network diagnostic feature improperly handles invalid input, allowing an authenticated administrator to confirm the diagnostic utility’s presence and view its valid command-line syntax and options. The i...

4.6CVSS5.8AI score0.00216EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/03/23 1:16 p.m.15 views

CVE-2026-31847

Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows remote enablement of a Telnet service. By sending a crafted POST request with parameters such as telnetManageEn=true and telnetPwd, an authenticated attacker can...

8.8CVSS0.00424EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/23 12:7 p.m.5 views

CVE-2026-31847 Hidden Functionality Enables Remote Telnet Activation via /goform/setSysTools in Nexxt Nebula 300+

Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows remote enablement of a Telnet service. By sending a crafted POST request with parameters such as telnetManageEn=true and telnetPwd, an authenticated attacker can...

8.5CVSS5.9AI score0.00424EPSS
Exploits0References2
CVE
CVE
added 2026/03/23 12:7 p.m.15 views

CVE-2026-31847

CVE-2026-31847 concerns Nexxt Solutions Nebula 300+ devices running firmware up to 12.01.01.37. A hidden functionality in the /goform/setSysTools endpoint can remotely enable Telnet, which then exposes a privileged diagnostic management interface over the network. This increases attack surface an...

8.8CVSS5.9AI score0.00424EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.4 views

PT-2026-27114

Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows remote enablement of a Telnet service. Once enabled, the service exposes a privileged diagnostic management interface over the network, increasing the attack surface...

8.5CVSS5.8AI score0.00424EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2025/12/16 10:21 a.m.251 views

Exploit for CVE-2025-67780

MARMALADE 2/CVE-2025-67780 Exploit PoC Exploit PoCs for MARM...

4.2CVSS7.6AI score0.00153EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2025/11/04 12:0 a.m.6 views

PT-2025-44921

Name of the Vulnerable Software and Affected Versions Core Services affected versions not specified Description An information disclosure issue exists when registering commands from clients using diag through diagHal. The issue involves a buffer over-read. Recommendations At the moment, there is ...

6.1CVSS6.5AI score0.00077EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2013-2994

Malware in sbrugna...

9.3CVSS6.4AI score0.03742EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-19399

Malicious code in bioql PyPI...

9.8CVSS6.4AI score0.01512EPSS
Exploits1References3
NVD
NVD
added 2025/08/01 9:15 p.m.5 views

CVE-2013-10059

An authenticated OS command injection vulnerability exists in various D-Link routers tested on DIR-615H1 running firmware version 8.04 via the toolsvct.htm endpoint. The web interface fails to sanitize input passed from the pingipaddr parameter to the toolsvct.htm diagnostic interface, allowing...

8.6CVSS0.1911EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/08/01 8:38 p.m.3 views

CVE-2013-10059 D-Link Routers tools_vct.htm OS Command Injection

An authenticated OS command injection vulnerability exists in various D-Link routers tested on DIR-615H1 running firmware version 8.04 via the toolsvct.htm endpoint. The web interface fails to sanitize input passed from the pingipaddr parameter to the toolsvct.htm diagnostic interface, allowing...

8.6CVSS7.6AI score0.1911EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/08/01 8:38 p.m.76 views

CVE-2013-10059 D-Link Routers tools_vct.htm OS Command Injection

An authenticated OS command injection vulnerability exists in various D-Link routers tested on DIR-615H1 running firmware version 8.04 via the toolsvct.htm endpoint. The web interface fails to sanitize input passed from the pingipaddr parameter to the toolsvct.htm diagnostic interface, allowing...

8.6CVSS0.1911EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/05/23 8:6 a.m.6 views

CVE-2024-22387

External Control of Critical State Data CWE-642 in the Controller 6000 and Controller 7000 diagnostic web interface allows an authenticated user to modify device I/O connections leading to unexpected behavior that in some circumstances could compromise site physical security controls. Gallagher...

6.8CVSS6.5AI score0.00306EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:31 a.m.9 views

CVE-2019-14021

Possible buffer overrun when processing EFS filename and payload sent over diag interface due to lack of check for filename length and payload size received in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in...

7.8CVSS7.4AI score0.00202EPSS
Exploits0References1
Rows per page
Query Builder