3858 matches found
TOTOLINK X5000R pid parameter command injection vulnerability
The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK X5000R pid parameter, which originates from the pid parameter of /cgi-bin/cstecgi.cgi failing to properly filter construct command special characters, commands, etc. An...
TOTOLINK X5000R password parameter command injection vulnerability
The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK X5000R password parameter, which originates from the password parameter of /cgi-bin/cstecgi.cgi failing to properly filter constructed command special characters,...
Delta Electronics CNCSoft-B DOPSoft Uncontrolled Search Path Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Delta Electronics InfraSuite Device Master ActiveMQ Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics InfraSuite Device Master. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Apache ActiveMQ broker, which listens on TCP port 61616 b...
Delta Electronics DIAEnergie SQL Injection Vulnerability (CNVD-2024-29663)
Delta Electronics DIAEnergie is an industrial energy management system from Delta Electronics, Taiwan, China, for monitoring and analyzing energy consumption in real time, calculating energy consumption and load characteristics, optimizing equipment performance, improving production processes and...
Delta Electronics DIAEnergie Denial of Service Vulnerability
Delta Electronics DIAEnergie is an industrial energy management system from Delta Electronics, Taiwan, China. A denial of service vulnerability exists in Delta Electronics DIAEnergie, which originates from CEBC.exe restarting the system when processing ICS Restart messages. An attacker could...
CISA Releases Four Industrial Control Systems Advisories
CISA released four Industrial Control Systems ICS advisories on May 09, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-130-01 Rockwell Automation FactoryTalk Historian SE ICSA-24-130-02 alpitronic Hypercharge...
Delta Electronics InfraSuite Device Master
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Delta Electronics Equipment : InfraSuite Device Master Vulnerability : Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow remote...
Delta Electronics CNCSoft-G2 Buffer Overflow Vulnerability
Delta Electronics CNCSoft is a CNC machine simulation system software from Delta Electronics Taiwan, China. A buffer overflow vulnerability exists in Delta Electronics CNCSoft-G2, which stems from a lack of proper validation of the length of user-supplied data before copying it into a stack-based...
TOTOLINK EX1800T 安全漏洞
TOTOLINK EX1800T is a Wi-Fi range extender from China Gion Electronics TOTOLINK. A security vulnerability exists in TOTOLINK EX1800T version V9.1.0cu.2112B20220316, which stems from a security issue in the apcliEncrypType parameter that allows unauthorized execution of arbitrary commands, which...
Delta Electronics DIAEnergie SQL Injection Vulnerability
Delta Electronics DIAEnergie is an industrial energy management system from Delta Electronics, Taiwan, China. A SQL injection vulnerability exists in Delta Electronics DIAEnergie. An attacker can use this vulnerability to view, add, modify, or delete information in the back-end database...
CVE-2024-4547
A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateScript' message, which is splitted into 4 fields using the '' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field...
CVE-2024-4549
A denial of service vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior. When processing an 'ICS Restart!' message, CEBC.exe restarts the system...
CVE-2024-4548
An SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateHDMWYC' message, which is split into 4 fields using the '' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field...
CVE-2024-4548
An SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateHDMWYC' message, which is split into 4 fields using the '' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field...
CVE-2024-4547
A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateScript' message, which is splitted into 4 fields using the '' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field...
CVE-2024-4549
A denial of service vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior. When processing an 'ICS Restart!' message, CEBC.exe restarts the system...
CVE-2024-4549 Delta Electronics DIAEnergie SQL Injection
A denial of service vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior. When processing an 'ICS Restart!' message, CEBC.exe restarts the system...
CVE-2024-4549
CVE-2024-4549 is a denial-of-service vulnerability in Delta Electronics DIAEnergie (v1.10.1.8610 and earlier). When processing an ICS Restart! message, CEBC.exe restarts the system, enabling an external attacker to cause a DoS. CVSSv3.1 base metrics: 7.5 (HIGH), AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:...
CVE-2024-4549 Delta Electronics DIAEnergie SQL Injection
A denial of service vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior. When processing an 'ICS Restart!' message, CEBC.exe restarts the system...