3858 matches found
CVE-2024-47131
If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in BACnetObjectInfo can be exploited, allowing the attacker to remotely execute arbitrary code...
CVE-2024-6003
A vulnerability was found in Guangdong Baolun Electronics IP Network Broadcasting Service Platform 2.0. It has been classified as critical. Affected is an unknown function of the file /api/v2/maps. The manipulation of the argument orderColumn leads to sql injection. It is possible to launch the...
CVE-2024-42417
Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script HandlerCFG.ashx. An authenticated attacker may be able to exploit this issue to cause delay in the targeted product...
CVE-2024-4548
An SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateHDMWYC' message, which is split into 4 fields using the '' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field...
CVE-2024-4549
A denial of service vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior. When processing an 'ICS Restart!' message, CEBC.exe restarts the system...
CVE-2024-4547
A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateScript' message, which is splitted into 4 fields using the '' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field...
CVE-2024-4192
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process...
CVE-2024-39605
If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in BACnetParameter can be exploited, allowing the attacker to remotely execute arbitrary code...
CVE-2024-39880
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the curren...
CVE-2024-39354
If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in CEtherIPTagItem can be exploited, allowing the attacker to remotely execute arbitrary code...
TOTOLINK X5000R switch parameter command injection vulnerability in the setScheduleCfg function
The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK X5000R version V9.1.0cu.2350B20230313, which stems from the failure of the "switch" parameter in setScheduleCfg to correctly filter for constructor command special...
TOTOLINK X5000R setVpnAccountCfg function pass parameter command injection vulnerability
The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK X5000R version V9.1.0cu.2350B20230313, which stems from the "pass" parameter in setVpnAccountCfg failing to correctly filter constructor special characters, commands,...
TOTOLINK X5000R sHour Parameter Command Injection Vulnerability in the setWiFiScheduleCfg Function
The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in TOTOLINK X5000R version V9.1.0cu.2350B20230313, which stems from the "sHour" parameter in setWiFiScheduleCfg failing to correctly filter constructed command special characters,...
TOTOLINK X5000R setScheduleCfg function week parameter command injection vulnerability
The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK X5000R version V9.1.0cu.2350B20230313, which stems from the failure of the "week" parameter in setScheduleCfg to correctly filter for constructed command special...
TOTOLINK X5000R setVpnAccountCfg function user parameter command injection vulnerability
The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. The TOTOLINK X5000R suffers from a command injection vulnerability that stems from the "user" parameter in setVpnAccountCfg failing to properly filter constructed command special characters, commands, etc. This vulnerability...
TOTOLINK X5000R setScheduleCfg function's hour parameter command injection vulnerability
The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK X5000R version V9.1.0cu.2350B20230313, which stems from the "hour" parameter in setScheduleCfg failing to correctly filter constructed command special characters,...
CISA Releases Twelve Industrial Control Systems Advisories
CISA released twelve Industrial Control Systems ICS advisories on January 16, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-016-01 Siemens Mendix LDAP ICSA-25-016-02 Siemens Industrial Edge Management...
Delta Electronics DRASimuCAD (Update A)
RISK EVALUATION Successful exploitation of these vulnerabilities could crash the device or potentially allow remote code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. CISA reminds organizations to...
SUSE CVE-2022-49035
In the Linux kernel, the following vulnerability has been resolved: media: s5pcec: limit msg.len to CECMAXMSGSIZE I expect that the hardware will have limited this to 16, but just in case it hasn't, check for this corner case...
CVE-2024-12836
Delta Electronics DRASimuCAD STP File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DRASimuCAD. User interaction is required to exploit this vulnerability in that the...