TOTOLINK N350RT Session Hijacking Vulnerability

The TOTOLINK N350RT is a small home router from China's Gion Electronics TOTOLINK. The TOTOLINK N350RT suffers from a session hijacking vulnerability, which is caused by insufficient session expiration in the /cgi-bin/cstecgi.cgi script. An attacker could use this vulnerability to access other...

Path traversal

Path Traversal: '/../filedir' vulnerability in Biges Safe Life Technologies Electronics Inc. VGuard allows Absolute Path Traversal.This issue affects VGuard: before V500.0003.R008.4011.C0012.B351.C...

CVE-2023-6919 Path Traversal in VGuard IP Camera Network Recorder

Path Traversal: '/../filedir' vulnerability in Biges Safe Life Technologies Electronics Inc. VGuard allows Absolute Path Traversal. This issue affects VGuard: before V500.0003.R008.4011.C0012.B351.C...

CVE-2023-6919

CVE-2023-6919 describes a Path Traversal vulnerability in Biges Safe Life Technologies Electronics Inc. VGuard prior to version V500.0003.R008.4011.C0012.B351.C. The flaw allows an absolute path traversal via the "/.. /filedir" payload, potentially enabling access to files outside the web root. A...

TOTOLINK EX1800T Command Execution Vulnerability (CNVD-2024-13795)

The TOTOLINK EX1800T is a Wi-Fi range extender from China's Gion Electronics TOTOLINK. The TOTOLINK EX1800T suffers from a command execution vulnerability that stems from the telnetenabled parameter of the setTelnetCfg interface failing to correctly filter constructed command special characters,...

TOTOLINK A3700R Command Injection Vulnerability

The TOTOLINK A3700R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A3700R is vulnerable to a command injection vulnerability that stems from the setOpModeCfg method failing to properly filter constructed command special characters, commands, and more. An attacker can...

SUSE CVE-2024-23848

In the Linux kernel through 6.7.1, there is a use-after-free in cecqueuemsgfh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c...

TOTOLINK X2000R Command Injection Vulnerability

TOTOLINK X2000R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in TOTOLINK X2000R version 1.0.0-B20221212.1452, which stems from the macstr parameter of the formMapDelDevice function of the /boafrm/formMapDelDevice file failing to correctly...

TOTOLINK X6000R Code Execution Vulnerability

TOTOLINK X6000R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK X6000R suffers from a code execution vulnerability that stems from the application failing to properly filter construct command special characters, commands, etc. An attacker can exploit this vulnerability t...

TOTOLINK X6000R sub_4117F8 function code execution vulnerability

TOTOLINK X6000R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK X6000R suffers from a code execution vulnerability that stems from the application's failure to properly filter construct command special characters, commands, etc. An attacker can exploit the vulnerability ...

TOTOLINK T8 Information Disclosure Vulnerability

TOTOLINK T8 is a wireless dual-band router from China's Gion Electronics TOTOLINK. TOTOLINK T8 suffers from an information disclosure vulnerability, which originates from the parameter ssid/key in the file /cgi-bin/cstecgi.cgi is not sufficiently protected for sensitive information, and can be...

DEBIAN-CVE-2024-23848

In the Linux kernel through 6.7.1, there is a use-after-free in cecqueuemsgfh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c...

AZL-33966 CVE-2024-23848 affecting package kernel 5.15.200.1-1

In the Linux kernel through 6.7.1, there is a use-after-free in cecqueuemsgfh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c...

CVE-2023-5131

A heap buffer-overflow exists in Delta Electronics ISPSoft. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DVP file to achieve code execution...

CVE-2023-5131

A heap buffer-overflow exists in Delta Electronics ISPSoft. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DVP file to achieve code execution...

CVE-2023-43823

A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wTTitleLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution...

CVE-2023-5130

A buffer overflow vulnerability exists in Delta Electronics WPLSoft. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DVP file to achieve code execution...

CVE-2023-43821

A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wLogTitlesActionLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code...

CVE-2023-43822

A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wLogTitlesTimeLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code...

CVE-2023-43824

A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wTitleTextLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code...