CVE-2026-36539

Netis AC1200 Router NC21 V4.0.1.4296 exposes a CGI endpoint /cgi-bin/skkget.cgi that returns the entire router configuration as a JSON response with no authentication required. Any attacker on the LAN can send a single HTTP GET request and instantly retrieve administrator credentials, WiFi...

CVE-2026-36539

Netis AC1200 Router NC21 V4.0.1.4296 exposes a CGI endpoint /cgi-bin/skkget.cgi that returns the entire router configuration as a JSON response with no authentication required. Any attacker on the LAN can send a single HTTP GET request and instantly retrieve administrator credentials, WiFi...

Insertion of Sensitive Information Into Sent Data

Overview Glances is an A cross-platform curses-based monitoring tool Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in the self.config.asdict function, which returns the entire configuration including sensitive values without filtering for th...

CVE-2021-35486

CVE-2021-35486 affects Nokia IMPACT up to version 19.11.2.10-20210118042150283. The issue is a CSRF vulnerability in the /ui/rest-proxy/entity/import endpoint where neither the X-CSRF-NONCE header nor the CSRF-NONCE cookie is validated, allowing a remote attacker to import and overwrite the entir...

CVE-2021-35486

A Cross-Site Request Forgery CSRF vulnerability in Nokia IMPACT through 19.11.2.10-20210118042150283 allows a remote attacker to import and overwrite the entire application configuration. Specifically, in /ui/rest-proxy/entity/import, neither the X-CSRF-NONCE HTTP header nor the CSRF-NONCE cookie...

CVE-2025-68719

KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 mishandle configuration management. Once any user is logged in and maintains an active session, an attacker can directly query the backup endpoint and download a full configuration archive. This archive contains sensitive files such as /etc/shadow,...

KAYSUS KS-WR3600 安全漏洞

The KAYSUS KS-WR3600 is a wireless router from the Chinese company KAYSUS. A security vulnerability exists in the KAYSUS KS-WR3600 version 1.0.5.9.1, which stems from improper configuration management and could allow an attacker to download a full configuration archive containing sensitive files...

PT-2023-7870 · Fortinet · Fortiadc

Name of the Vulnerable Software and Affected Versions: FortiADC versions 7.2.2 through 7.4.0 Description: The issue is related to an improper authorization procedure in the application delivery controller. This can be exploited by a remote attacker to gain unauthorized access to configuration fil...

CVE-2021-46423

Telesquare TLR-2005KSH 1.0.0 is affected by an unauthenticated file download vulnerability that allows a remote attacker to download a full configuration file...

Telesquare TLR-2005Ksh 安全漏洞

Telesquare Tlr-2005Ksh is a Sk Telecom Lte router from Telesquare Korea. Telesquare TLR-2005Ksh version 1.0.0 is vulnerable to a file download vulnerability that stems from a lack of authentication strength. A remote attacker can exploit this vulnerability to be able to download the complete...

Vulnerabilities fixed in Cisco products

Vulnerabilities have been fixed in Cisco products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Bypassing authentication Bypassing security measure The vulnerability with attribute...

CVE-2018-7520

An improper access control vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which could allow a full configuration download, including passwords...

Geutebruck IP Cameras Incorrect Access Control Vulnerability

The G-Cam/EFD-2250 and Topline TopFD-2125 are both HD cameras from Geutebruck. An incorrect access control vulnerability exists in Geutebruck IP Cameras, which can be exploited by an attacker to perform a full configuration download, including passwords...

CVE-2016-7572

The system.temporary route in Drupal 8.x before 8.1.10 does not properly check for "Export configuration" permission, which allows remote authenticated users to bypass intended access restrictions and read a full config export via unspecified vectors...

Havalite v1.1.7 Mutiple Vulnerabilities

Its Multiple Vulnerabilities found in Havalite 1.1.0 by me old version & oday , and its work/able in the last havalite version v1.1.7 . 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //...