Stack overflow

Delta Electronics DOPSoft is vulnerable to a stack-based buffer overflow, which may allow for arbitrary code execution if an attacker can lead a legitimate user to execute a specially crafted file...

CVE-2023-5944 Delta Electronics DOPSoft Stack-based Buffer Overflow

Delta Electronics DOPSoft is vulnerable to a stack-based buffer overflow, which may allow for arbitrary code execution if an attacker can lead a legitimate user to execute a specially crafted file...

CVE-2023-5944

Delta Electronics DOPSoft is affected by a stack-based buffer overflow in DPA file parsing, enabling arbitrary code execution. The vulnerability can be triggered remotely with user interaction (e.g., visiting a malicious page or opening a crafted file); the issue affects DOPSoft across versions. ...

TOTOLINK X6000R user parameter command execution vulnerability

TOTOLINK X6000R is a wireless router from China's Gion Electronics TOTOLINK. A command execution vulnerability exists in the TOTOLINK X6000R version V9.4.0cu.852B20230719, which stems from the user parameter of the sub4119A0 function failing to correctly filter the construct command special...

TOTOLINK X6000R informEnable Parameter Command Execution Vulnerability

TOTOLINK X6000R is a wireless router from China's Gion Electronics TOTOLINK. A command execution vulnerability exists in the TOTOLINK X6000R version V9.4.0cu.852B20230719, which stems from the failure of the formEnable parameter of the sub4119A0 function to correctly filter the construct command...

TOTOLINK X6000R pass parameter command execution vulnerability

TOTOLINK X6000R is a wireless router from China Gion Electronics that supports WiFi 6 technology with high concurrent connections and dual-band transmission. TOTOLINK X6000R suffers from a command execution vulnerability that stems from the pass parameter of the sub4119A0 function failing to...

TOTOLINK X6000R url Parameter Command Execution Vulnerability

TOTOLINK X6000R is a wireless router from China Gion Electronics that supports WiFi 6 technology with high concurrent connections and dual-band transmission. TOTOLINK X6000R suffers from a command execution vulnerability that stems from the url parameter of the sub4119A0 function failing to...

TOTOLINK X6000R enable Parameter Command Execution Vulnerability

TOTOLINK X6000R is a wireless router from China's Gion Electronics TOTOLINK. A command execution vulnerability exists in the TOTOLINK X6000R version V9.4.0cu.852B20230719, which stems from the enable parameter of the sub4119A0 function failing to correctly filter construct command special...

PT-2023-32433 · Delta Electronics · Dopsoft

Name of the Vulnerable Software and Affected Versions: Delta Electronics DOPSoft affected versions not specified Description: The issue is a stack-based buffer overflow that may allow for arbitrary code execution if an attacker can lead a legitimate user to execute a specially crafted file...

Delta Electronics DOPSoft Buffer Error Vulnerability

Delta Electronics DOPSoft is a set of human machine interface HMI software from Delta Electronics Taiwan, China. A security vulnerability exists in Delta Electronics DOPSoft. An attacker can exploit the vulnerability to execute arbitrary code...

CVE-2023-46384

LOYTEC electronics GmbH LINX Configurator all versions is vulnerable to Insecure Permissions. Cleartext storage of credentials allows remote attackers to disclose admin password and bypass an authentication to login Loytec device...

CVE-2023-46386

LOYTEC electronics GmbH LINX-212 and LINX-151 devices all versions are vulnerable to Insecure Permissions via registry.xml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication...

CVE-2023-46383

LOYTEC electronics GmbH LINX Configurator all versions uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the password and gain full control of Loytec device configuration...

CVE-2023-47279

In Delta Electronics InfraSuite Device Master v.1.0.7, A vulnerability exists that allows an unauthenticated attacker to disclose user information through a single UDP packet, obtain plaintext credentials, or perform NTLM relaying...

Design/Logic Flaw

In Delta Electronics InfraSuite Device Master v.1.0.7, A vulnerability exists that allows an unauthenticated attacker to disclose user information through a single UDP packet, obtain plaintext credentials, or perform NTLM relaying...

Design/Logic Flaw

LOYTEC electronics GmbH LINX Configurator 7.4.10 is vulnerable to Insecure Permissions. An admin credential is passed as a value of URL parameters without encryption, so it allows remote attackers to steal the password and gain full control of Loytec device configuration...

Design/Logic Flaw

LOYTEC electronics GmbH LINX-212 6.2.4 and LINX-151 7.2.4 are vulnerable to Insecure Permissions via dpalconfig.zml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication...

CVE-2023-47207

In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthenticated attacker to execute code with local administrator privileges...

CVE-2023-46690

In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an attacker to write to any file to any location of the filesystem, which could lead to remote code execution...

CVE-2023-39226

In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthenticated attacker to execute arbitrary code through a single UDP packet...