Lucene search
K

15 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.3 views

Malicious code in delta-enr-project (npm)

The package delta-enr-project was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.2 views

MAL-2025-18218 Malicious code in delta-enr-project (npm)

The package delta-enr-project was found to contain malicious code...

7.2AI score
Exploits0
OSV
OSV
added 2025/05/05 5:18 p.m.7 views

CVE-2024-57230

NETGEAR RAX5 AX1600 WiFi Router V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apclidoenrpinwps function...

9.8CVSS5.8AI score0.01198EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/05/05 12:0 a.m.3 views

NETGEAR RAX5 安全漏洞

The NETGEAR RAX5 is a wireless router from NETGEAR. A command injection vulnerability exists in the NETGEAR RAX50. The vulnerability stems from improper handling of the ifname parameter in the apclidoenrpinwps function, which can be exploited by an attacker to launch an attack and cause the syste...

9.8CVSS7.4AI score0.01198EPSS
Exploits1References1
OSV
OSV
added 2025/01/10 6:15 p.m.3 views

CVE-2024-57224

Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apclidoenrpinwps function...

9.8CVSS5.8AI score0.01645EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/01/10 12:0 a.m.4 views

Linksys E7350 安全漏洞

The Linksys E7350 is a dual-band WiFi 6 router with AX1800 speeds from Linksys USA. A security vulnerability exists in Linksys E7350 version 1.1.00.032, which stems from a command injection vulnerability via the ifname parameter in the apclidoenrpbcwps function...

8CVSS7.4AI score0.01174EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/01/10 12:0 a.m.5 views

PT-2025-3418 · Linksys · Linksys E7350

Name of the Vulnerable Software and Affected Versions: Linksys E7350 version 1.1.00.032 Description: A command injection issue was discovered via the ifname parameter in the apcli do enr pbc wps function. This allows for potential exploitation. Recommendations: For Linksys E7350 version 1.1.00.03...

8CVSS7.5AI score0.01174EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/01/10 12:0 a.m.4 views

PT-2025-3415 · Linksys · Linksys E7350

Name of the Vulnerable Software and Affected Versions: Linksys E7350 version 1.1.00.032 Description: A command injection issue was discovered via the ifname parameter in the apcli do enr pin wps function. This allows for potential exploitation. Recommendations: For Linksys E7350 version 1.1.00.03...

9.8CVSS7.5AI score0.01645EPSS
Exploits1References5
BDU FSTEC
BDU FSTEC
added 2024/11/14 12:0 a.m.5 views

The vulnerability of the apcli_do_enr_pin_wps function in the microprogramming software of the TOTOLINK A6000R router allows a hacker to execute arbitrary commands.

The vulnerability of the apclidoenrpinwps function in the TOTOLINK A6000R router’s microprogramming software is related to the failure to take measures to neutralize special elements used in the command when processing the ifname parameter. Exploiting this vulnerability can allow a remote attacke...

7.7CVSS5.9AI score0.02118EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2024/07/22 2:15 p.m.4 views

CVE-2024-41317

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apclidoenrpbcwps function...

8CVSS5.8AI score0.02293EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/07/22 12:0 a.m.11 views

PT-2024-7950 · Totolink · Totolink X6000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A6000R version 1.0.1-B20201211.2000 Description: The issue is related to a command injection vulnerability in the apcli do enr pin wps function, specifically via the ifname parameter. This vulnerability can be exploited by a remote...

7.7CVSS8.2AI score0.02118EPSS
Exploits1References8
CNNVD
CNNVD
added 2024/07/22 12:0 a.m.4 views

TOTOLINK A6000R 安全漏洞

TOTOLINK A6000R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A6000R suffers from a command injection vulnerability that stems from the ifname parameter in the apclidoenrpbcwps function failing to correctly filter constructed command special characters, commands, and s...

8CVSS7.8AI score0.02293EPSS
Exploits1References2
OSV
OSV
added 2021/04/06 5:22 p.m.16 views

GHSA-W3HJ-WR2Q-X83G Discovery uses the same AES/GCM Nonce throughout the session

Discovery uses the same AES/GCM Nonce throughout the session though it should be generated on per message basis which can lead to the leaking of the session key. As the actual ENR record is signed with a different key it is not possible for an attacker to alter the ENR record. Note that the node...

5.3CVSS5.2AI score0.00489EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2021/04/06 5:22 p.m.43 views

Discovery uses the same AES/GCM Nonce throughout the session

Discovery uses the same AES/GCM Nonce throughout the session though it should be generated on per message basis which can lead to the leaking of the session key. As the actual ENR record is signed with a different key it is not possible for an attacker to alter the ENR record. Note that the node...

5.3CVSS1.4AI score0.00489EPSS
Exploits0References4Affected Software1
Openbugbounty
Openbugbounty
added 2016/12/05 11:29 a.m.7 views

nwtdiscoveryportal.enr.gov.nt.ca XSS vulnerability

Vulnerable URL: http://nwtdiscoveryportal.enr.gov.nt.ca/geoportal/catalog/search/resource/review.page?uuid=%22-alert/OPENBUGBOUNTY/-%22 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Ran...

6.3AI score
Exploits0
Rows per page
Query Builder