Lucene search
+L

308 matches found

OSV
OSV
added 2024/02/20 1:15 p.m.4 views

CVE-2024-1661

A vulnerability classified as problematic was found in Totolink X6000R 9.4.0cu.852B20230719. Affected by this vulnerability is an unknown functionality of the file /etc/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity ...

5.5CVSS4.4AI score0.00316EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/02/20 12:0 a.m.5 views

TOTOLINK X6000R 信任管理问题漏洞

TOTOLINK X6000R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK X6000R suffers from a trust management issue vulnerability that stems from the presence of hard-coded credentials in the file /etc/shadow. No detailed vulnerability details are available at this time...

5.5CVSS6.8AI score0.00316EPSS
Exploits1References4
NVD
NVD
added 2024/01/30 3:15 p.m.21 views

CVE-2024-24324

TOTOLINK A8000RU v7.1cu.643B20200521 was discovered to contain a hardcoded password for root stored in /etc/shadow...

9.8CVSS9.6AI score0.00659EPSS
Exploits1References1
Prion
Prion
added 2024/01/30 3:15 p.m.16 views

Hardcoded credentials

TOTOLINK A8000RU v7.1cu.643B20200521 was discovered to contain a hardcoded password for root stored in /etc/shadow...

7.5CVSS7.6AI score0.00659EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/01/30 12:0 a.m.50 views

CVE-2024-24324

CVE-2024-24324 affects TOTOLINK A8000RU, firmware version 7.1cu.643_B20200521, which is reported to store a hardcoded root password in /etc/shadow. The CVE has a high impact (CVSSv3.1: 9.8, CRITICAL) with network access, no user interaction, and no privileges required, per existing metrics. Conne...

9.8CVSS9.5AI score0.00659EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2024/01/30 12:0 a.m.27 views

CVE-2024-24324

TOTOLINK A8000RU v7.1cu.643B20200521 was discovered to contain a hardcoded password for root stored in /etc/shadow...

9.8AI score0.00659EPSS
Exploits1References1
Metasploit
Metasploit
added 2024/01/17 7:50 p.m.146 views

Ansible Playbook Error Message File Reader

This module will read the first line of a file based on an error message from ansible-playbook with sudo privileges. ansible-playbook takes a yaml file as input, and if there is an error, such as a non-yaml file, it outputs the line where the error occurs. This can be exploited to read the first...

6.8AI score
Exploits0
OSV
OSV
added 2023/04/28 11:54 a.m.5 views

SUSE-SU-2023:2066-1 Security update for shadow

This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn bsc1210507...

3.3CVSS4AI score0.00428EPSS
Exploits1References3
NVD
NVD
added 2023/03/31 10:15 p.m.15 views

CVE-2022-47188

There is an arbitrary file reading vulnerability in Generex UPS CS141 below 2.06 version. An attacker, making use of the default credentials, could upload a backup file containing a symlink to /etc/shadow, allowing him to obtain the content of this path...

7.5CVSS7.5AI score0.00914EPSS
Exploits0References3
NVD
NVD
added 2023/02/03 6:15 p.m.27 views

CVE-2021-37316

SQL injection vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to view sensitive information via /etc/shadow...

7.5CVSS7.7AI score0.01EPSS
Exploits1References1
NVD
NVD
added 2023/02/03 4:15 p.m.17 views

CVE-2023-24149

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for root which is stored in the component /etc/shadow...

9.8CVSS9.7AI score0.00819EPSS
Exploits1References1
Prion
Prion
added 2023/02/03 4:15 p.m.18 views

Design/Logic Flaw

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for root which is stored in the component /etc/shadow...

7.5CVSS9.6AI score0.00819EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2023/02/03 12:0 a.m.68 views

CVE-2023-24149

CVE-2023-24149 affects TOTOLINK CA300-PoE, firmware version V6.2c.884, where a hard-coded root password is stored in /etc/shadow. The exposed credential leads to total impact on confidentiality, integrity, and availability (CVSS v3.1: 9.8, NETWORK attack vector, no user interaction; privileges re...

9.8CVSS9.6AI score0.00819EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/02/03 12:0 a.m.22 views

CVE-2023-24149

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for root which is stored in the component /etc/shadow...

9.8AI score0.00819EPSS
Exploits1References1
Cvelist
Cvelist
added 2022/09/06 4:39 p.m.31 views

CVE-2022-37841

In TOTOLINK A860R V4.1.2cu.5182B20201027 there is a hard coded password for root in /etc/shadow.sample...

7.9AI score0.00594EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/08/29 12:15 a.m.3 views

CVE-2022-36611

TOTOLINK A800R V4.1.2cu.5137B20200730 was discovered to contain a hardcoded password for root at /etc/shadow.sample...

7.8CVSS7.1AI score0.00283EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/08/28 11:58 p.m.28 views

CVE-2022-36612

TOTOLINK A950RG V4.1.2cu.5204B20210112 was discovered to contain a hardcoded password for root at /etc/shadow.sample...

8AI score0.00283EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2022/05/11 12:1 a.m.31 views

Race Condition in Grunt

file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privilege...

7.8CVSS2.2AI score0.00299EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2022/05/10 2:15 p.m.21 views

CVE-2022-1537

file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privilege...

7.8CVSS0.00299EPSS
Exploits1References3
Prion
Prion
added 2022/05/10 2:15 p.m.14 views

Race condition

file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privilege...

6.9CVSS7AI score0.00299EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder