3858 matches found
DIAEnergie 1.10 SQL Injection
class MetasploitModule 'DIAEnergie SQL Injection CVE-2024-4548', 'Description' = %q SQL injection vulnerability in DIAEnergie MSFLICENSE, 'Author' = 'Michael Heinzl', MSF exploit 'Tenable' Discovery & PoC , 'References' = 'URL', 'https://www.tenable.com/security/research/tra-2024-13', 'CVE',...
DIAEnergie 1.10 SQL Injection Exploit
This Metasploit module exploit a remote SQL injection vulnerability in the CBEC service of DIAEnergie versions 1.10 and below from Delta Electronics. The commands will get executed in the context of NT AUTHORITY\SYSTEM. class MetasploitModule 'DIAEnergie SQL Injection CVE-2024-4548', 'Description...
DIAEnergie SQL Injection (CVE-2024-4548)
SQL injection vulnerability in DIAEnergie use exploit/windows/scada/diaenergiesqli msf exploitdiaenergiesqli show targets ...targets... msf exploitdiaenergiesqli set TARGET msf exploitdiaenergiesqli show options ...show and set options... msf exploitdiaenergiesqli exploit class MetasploitModule...
Command Execution Vulnerability in the Management Server of itC Center of Guangdong Paulan Electronics Company Limited (CNVD-2024-41253)
Guangzhou Paulun Electronic Co., Ltd. is a company mainly engaged in public broadcasting, campus broadcasting, conference system, paperless system, recording and broadcasting system, intelligent campus, stage lighting, LED big screen, landscape lighting and other projects. There is a command...
TOTOLINK X5000R setLedCfg Function OS Command Injection Vulnerability
The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. An operating system command injection vulnerability exists in TOTOLINK X5000R version v9.1.0cu.2350b20230313. The vulnerability stems from the setLedCfg function in the file /cgi-bin/cstecgi.cgi that fails to properly filter...
TOTOLINK X5000R addBlacklist Function OS Command Injection Vulnerability
The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. An operating system command injection vulnerability exists in TOTOLINK X5000R version v9.1.0cu.2350b20230313. The vulnerability stems from the addBlacklist function in the file /cgi-bin/cstecgi.cgi failing to properly filter...
TOTOLINK X5000R Operating System Command Injection Vulnerability
The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. An operating system command injection vulnerability exists in TOTOLINK X5000R version v9.1.0cu.2350b20230313. An attacker can exploit this vulnerability by sending malicious packets to execute arbitrary commands...
TOTOLINK X5000R OS Command Injection Vulnerability (CNVD-2024-36351)
The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. An operating system command injection vulnerability exists in TOTOLINK X5000R version v9.1.0cu.2350b20230313. An attacker can exploit this vulnerability by sending malicious packets to execute arbitrary commands...
TOTOLINK LR350 Access Control Error Vulnerability
TOTOLINK LR350 is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK LR350 suffers from an Access Control Error vulnerability that originates from an Access Control Error vulnerability contained in the /cgi-bin/ExportSettings.sh file. No details of the vulnerability are provid...
TOTOLINK X5000R setWiFiWpsCfg Method Command Injection Vulnerability
The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in TOTOLINK X5000R version v9.1.0cu.2350b20230313. The vulnerability stems from the setWiFiWpsCfg method of /cgi-bin/cstecgi.cgi failing to properly filter constructed command special...
TOTOLINK X5000R setWanIeCfg Method Command Injection Vulnerability
The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in TOTOLINK X5000R version v9.1.0cu.2350b20230313. The vulnerability stems from the setWanIeCfg method of /cgi-bin/cstecgi.cgi failing to properly filter constructed command special...
TOTOLINK X5000R setUrlFilterRules Method Command Injection Vulnerability
The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in TOTOLINK X5000R version v9.1.0cu.2350b20230313. The vulnerability stems from the setUrlFilterRules method of /cgi-bin/cstecgi.cgi failing to properly filter constructed command...
TOTOLINK X5000R setUPnPCfg Method Command Injection Vulnerability
The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in TOTOLINK X5000R version v9.1.0cu.2350b20230313. The vulnerability stems from the setUPnPCfg method of /cgi-bin/cstecgi.cgi failing to properly filter constructed command special...
TOTOLINK X5000R setSyslogCfg Method Command Injection Vulnerability
The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in TOTOLINK X5000R version v9.1.0cu.2350b20230313. The vulnerability stems from the setSyslogCfg method of /cgi-bin/cstecgi.cgi failing to properly filter construct command special...
TOTOLINK X5000R setL2tpServerCfg Method Command Injection Vulnerability
The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in TOTOLINK X5000R version v9.1.0cu.2350b20230313. The vulnerability stems from the setL2tpServerCfg method of /cgi-bin/cstecgi.cgi failing to properly filter constructed command speci...
TOTOLINK A3700R ssid parameter buffer overflow vulnerability
The TOTOLINK A3700R is a wireless router from China's Gion Electronics TOTOLINK. A buffer overflow vulnerability exists in the TOTOLINK A3700R v9.1.2u.5822B20200513, which stems from the ssid parameter of the setWizardCfg function failing to correctly validate the length and size of the input dat...
TOTOLINK A3002R Buffer Overflow Vulnerability (CNVD-2024-35649)
TOTOLINK A3002R is a wireless dual-band Gigabit router from China's Gion Electronics TOTOLINK. A buffer overflow vulnerability exists in TOTOLINK A3002R version v4.0.0-B20230531.1404, which originates from formParentControl failing to correctly validate the length and size of the input data in...
Delta Electronics DIAScreen Stack Buffer Vulnerability
Delta Electronics DIAScreen is an intelligent desktop builder from Delta Electronics in China. A stack buffer vulnerability exists in Delta Electronics DIAScreen, which can be exploited by an attacker to execute arbitrary code...
CVE-2024-6684
Authentication Bypass Using an Alternate Path or Channel vulnerability in GST Electronics inohom Nova Panel N7 allows Authentication Bypass. This issue affects inohom Nova Panel N7: through 1.9.9.6. NOTE: The vendor was contacted and it was learned that the product is not supported...
CVE-2024-6684 Authentication Bypass in GST Electronics' inohom Nova Panel N7
Authentication Bypass Using an Alternate Path or Channel vulnerability in GST Electronics inohom Nova Panel N7 allows Authentication Bypass. This issue affects inohom Nova Panel N7: through 1.9.9.6. NOTE: The vendor was contacted and it was learned that the product is not supported...