CVE-2024-43660

The CGI script .sh can be used to download any file on the filesystem. This issue affects Iocharger firmware for AC model chargers beforeversion 24120701. Likelihood: High, but credentials required. Impact: Critical – The script can be used to download any file on the filesystem, including...

CVE-2024-43662 Authenticated arbitrary file upload to /tmp/ and /tmp/upload/

The .exe or .exe CGI binary can be used to upload arbitrary files to /tmp/upload/ or /tmp/ respectively as any user, although the user interface for uploading files is only shown to the iocadmin user. This issue affects Iocharger firmware for AC models before version 24120701. Likelihood: Moderat...

CVE-2019-6275

Command injection vulnerability in firmwarecgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code...

NDSA20070412.txt

Nth Dimension Security Advisory NDSA20070412 Date: 12th April 2007 Author: Tim Brown URL: / Product: DSL-G624T router V3.00B01T02.UK-A.20060208 Vendor: D-Link Risk: Medium Summary Following the Securiteam posting "D-Link DSL-G604T Wireless Router Directory Traversal" which described a directory...