15 matches found
Malicious code in delta-enr-project (npm)
The package delta-enr-project was found to contain malicious code...
MAL-2025-18218 Malicious code in delta-enr-project (npm)
The package delta-enr-project was found to contain malicious code...
CVE-2024-57230
NETGEAR RAX5 AX1600 WiFi Router V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apclidoenrpinwps function...
NETGEAR RAX5 安全漏洞
The NETGEAR RAX5 is a wireless router from NETGEAR. A command injection vulnerability exists in the NETGEAR RAX50. The vulnerability stems from improper handling of the ifname parameter in the apclidoenrpinwps function, which can be exploited by an attacker to launch an attack and cause the syste...
CVE-2024-57224
Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apclidoenrpinwps function...
Linksys E7350 安全漏洞
The Linksys E7350 is a dual-band WiFi 6 router with AX1800 speeds from Linksys USA. A security vulnerability exists in Linksys E7350 version 1.1.00.032, which stems from a command injection vulnerability via the ifname parameter in the apclidoenrpbcwps function...
PT-2025-3418 · Linksys · Linksys E7350
Name of the Vulnerable Software and Affected Versions: Linksys E7350 version 1.1.00.032 Description: A command injection issue was discovered via the ifname parameter in the apcli do enr pbc wps function. This allows for potential exploitation. Recommendations: For Linksys E7350 version 1.1.00.03...
PT-2025-3415 · Linksys · Linksys E7350
Name of the Vulnerable Software and Affected Versions: Linksys E7350 version 1.1.00.032 Description: A command injection issue was discovered via the ifname parameter in the apcli do enr pin wps function. This allows for potential exploitation. Recommendations: For Linksys E7350 version 1.1.00.03...
The vulnerability of the apcli_do_enr_pin_wps function in the microprogramming software of the TOTOLINK A6000R router allows a hacker to execute arbitrary commands.
The vulnerability of the apclidoenrpinwps function in the TOTOLINK A6000R router’s microprogramming software is related to the failure to take measures to neutralize special elements used in the command when processing the ifname parameter. Exploiting this vulnerability can allow a remote attacke...
CVE-2024-41317
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apclidoenrpbcwps function...
PT-2024-7950 · Totolink · Totolink X6000R
Name of the Vulnerable Software and Affected Versions: TOTOLINK A6000R version 1.0.1-B20201211.2000 Description: The issue is related to a command injection vulnerability in the apcli do enr pin wps function, specifically via the ifname parameter. This vulnerability can be exploited by a remote...
TOTOLINK A6000R 安全漏洞
TOTOLINK A6000R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A6000R suffers from a command injection vulnerability that stems from the ifname parameter in the apclidoenrpbcwps function failing to correctly filter constructed command special characters, commands, and s...
GHSA-W3HJ-WR2Q-X83G Discovery uses the same AES/GCM Nonce throughout the session
Discovery uses the same AES/GCM Nonce throughout the session though it should be generated on per message basis which can lead to the leaking of the session key. As the actual ENR record is signed with a different key it is not possible for an attacker to alter the ENR record. Note that the node...
Discovery uses the same AES/GCM Nonce throughout the session
Discovery uses the same AES/GCM Nonce throughout the session though it should be generated on per message basis which can lead to the leaking of the session key. As the actual ENR record is signed with a different key it is not possible for an attacker to alter the ENR record. Note that the node...
nwtdiscoveryportal.enr.gov.nt.ca XSS vulnerability
Vulnerable URL: http://nwtdiscoveryportal.enr.gov.nt.ca/geoportal/catalog/search/resource/review.page?uuid=%22-alert/OPENBUGBOUNTY/-%22 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Ran...