Cisco RV340 and RV345 Dual WAN Gigabit VPN Routers Authenticated RCE (cisco-sa-sb-rv34x-rce-7pqFU2e)

According to its self-reported version, Cisco RV340 and RV345 Dual WAN Gigabit VPN Routers Authenticated Remote Code Execution is affected by a vulnerability. - A vulnerability in the upload module of Cisco RV340 and RV345 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker...

CVE-2024-20470 Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Remote Code Execution Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. In order to exploit this vulnerability, the attacker must have...

CVE-2024-20470 Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Remote Code Execution Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. In order to exploit this vulnerability, the attacker must have...

CVE-2024-20393 Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Privilege Escalation Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability exists because the web-based management interfa...

CVE-2024-20393 Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Privilege Escalation Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability exists because the web-based management interfa...

CVE-2023-49907

Talos-1888 details a stack-based buffer overflow in TP-Link AC1350 (EAP225 V3) firmware v5.1.0 Build 20220926, caused by the handling of newline-delimited POST parameters (ssid, band, profile, action) in /data/scheduler.association.json. Specifically, the vulnerability arises from unsafe copying ...

CVE-2023-36498

Summary: CVE-2023-36498 affects the Tp-Link ER7206 Omada Gigabit VPN Router (1.3.0 build 20230322 Rel.70591). Talos’ report details a post-authentication command injection vulnerability in the PPTP client exposed via the web interface (PPTP Client page). A specially crafted authenticated HTTP req...

CVE-2023-43482

TP-Link ER7206 Omada Gigabit VPN Router (1.3.0 build 20230322 Rel.70591) is vulnerable to a command injection in the uhttpd guest-resource flow (CVE-2023-43482). A specially crafted, authenticated HTTP POST to the guest resource endpoint can trigger arbitrary command execution, potentially gainin...

CVE-2023-43482

A command execution vulnerability exists in the guest resource functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this...

CVE-2023-47617

Cisco Talos reports a post-authentication command injection in TP-Link ER7206 Omada Router (1.3.0, build 20230322 Rel.70591) via the uhttpd web interface when adding a web group member. The vulnerability stems from unsanitized input used as an argument to a shell command in the websort/web group ...

CVE-2023-47618

CVE-2023-47618 affects the Tp-Link ER7206 Omada Gigabit VPN Router (1.3.0 build 20230322 Rel.70591). Talos documents a post-authentication command execution vulnerability in the web filtering web UI (webfilter) triggered by adding a web filtering policy, via an HTTP POST to /cgi-bin/luci/;stok=…/...

TP-Link ER7206 Omada Gigabit VPN Router uhttpd Wireguard VPN command injection vulnerability

Talos Vulnerability Report TALOS-2023-1857 TP-Link ER7206 Omada Gigabit VPN Router uhttpd Wireguard VPN command injection vulnerability February 6, 2024 CVE Number CVE-2023-46683 SUMMARY A post authentication command injection vulnerability exists when configuring the wireguard VPN functionality ...

Tenda AX1803 Buffer Overflow Vulnerability (CNVD-2024-02211)

Tenda AX1803 is a dual-band Gigabit WIFI6 router from Tenda China. A buffer overflow vulnerability exists in Tenda AX1803 v1.0.0.1, which originates from the iptv.stb.mode parameter of the formGetIptv method failing to correctly validate the length and size of the input data, and can be exploited...

CVE-2023-43284

CVE-2023-43284 affects the D-Link DIR-846 wireless router (firmware variant 100A53DBR-Retail). The vulnerability is a code execution flaw caused by insufficient protection when handling the QoS POST parameter, allowing an authenticated remote attacker to execute arbitrary code. Multiple sources (...

K000134670: Linux kernel vulnerability CVE-2022-2964

Security Advisory Description A flaw was found in the Linux kernel's driver for the ASIX AX88179178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes. CVE-2022-2964 Impact There is no impact; F5 products are not...

SAP Business Planning and Consolidation Cross-Site Scripting Vulnerability (CNVD-2023-40159)

The H3C GR-1200W is a Gigabit enterprise wireless router from China's Xinhua San H3C. A buffer overflow vulnerability exists in the H3C GR-1200W MiniGRW1A0V100R006 version, which stems from the discovery of a contained stack overflow vulnerability via the function settftpupgrad. A remote attacker...

Tenda AC23 Command Injection Vulnerability

Tenda AC23 is a dual-band Gigabit wireless router from Tenda China. Tenda AC23 suffers from a command injection vulnerability, which stems from the parameter v2 of the file /bin/ate failing to correctly filter construct command special characters, commands, etc. An attacker can exploit this...

Input validation

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. These vulnerabilitie...

CVE-2023-20073 Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Arbitrary File Upload Vulnerability

A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement...

Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Arbitrary File Upload (cisco-sa-sb-rv-afu-EXxwA65V)

According to its self-reported version, Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers are affected by an arbitrary file upload vulnerability due to insufficient authorization enforcement mechanisms. An unauthenticated, remote attacker can exploit this to upload arbitrary...