Lucene search
K

310 matches found

BDU FSTEC
BDU FSTEC
added 2025/05/23 12:0 a.m.7 views

The vulnerability of the check_dws_cookie function in the /storage directory of the Tenda DAP-1520 router microprogramming software allows a hacker to execute arbitrary code.

The vulnerability of the checkdwscookie function in the /storage directory of the Tenda DAP-1520 router microprogramming system is related to writing beyond buffer boundaries in memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code by using the host paramet...

10CVSS8.4AI score0.00992EPSS
Exploits1References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/05/23 12:0 a.m.5 views

The vulnerability of the formSysCmd function in the microprogramming software of the D-Link DIR-600L router allows a hacker to execute arbitrary commands.

The vulnerability of the formSysCmd function in the microprogramming system of the D-Link DIR-600L router is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using the host parameter...

10CVSS8AI score0.03269EPSS
Exploits0References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/05/23 12:0 a.m.9 views

The vulnerability of the set_ws_action function in the /dws/api/ section of the Tenda DAP-1520 router’s software allows a hacker to execute arbitrary code.

The vulnerability of the setwsaction function in the /dws/api/ endpoint of the Tenda DAP-1520 router’s software is related to buffer overflow in dynamic memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code by using the host parameter...

10CVSS8.5AI score0.00992EPSS
Exploits1References6Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 9:54 p.m.6 views

CVE-2022-34607

H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the HOST parameter at /doping.asp...

9.8CVSS7.9AI score0.12275EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:36 p.m.8 views

CVE-2021-35489

Thruk 2.40-2 allows /thruk/cgi-bin/extinfo.cgi?type=2=HOSTNAME=SERVICENAME=BACKEND Reflected XSS via the host or service parameter. An attacker could inject arbitrary JavaScript into extinfo.cgi. The malicious payload would be triggered every time an authenticated user browses the page containing...

6.1CVSS6.4AI score0.00833EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2025/05/14 12:0 a.m.8 views

The vulnerability of the formLogin function in the D-Link DIR-600L router’s software allows a hacker to execute arbitrary code.

The vulnerability of the formLogin function in the D-Link DIR-600L router microprogramming system is related to the copying of buffers without checking the size of the input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by using the host parameter...

9CVSS8.1AI score0.01031EPSS
Exploits0References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/05/14 12:0 a.m.5 views

The vulnerability of the formWlSiteSurvey function in D-Link DIR-600L router microprogramming software allows a intruder to execute arbitrary code.

The vulnerability of the formWlSiteSurvey function in D-Link DIR-600L router microprogramming software is related to the copying of buffers without checking the size of the input data. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary code by using the ho...

10CVSS8.1AI score0.01554EPSS
Exploits0References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/05/14 12:0 a.m.8 views

The vulnerability of the formSetWanL2TP function in the microprogramming software for D-Link DIR-600L router allows a hacker to execute arbitrary code.

The vulnerability of the formSetWanL2TP function in the microprogramming software for D-Link DIR-600L router involves copying buffers without checking the size of the input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by using the host parameter...

10CVSS8.1AI score0.01609EPSS
Exploits0References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/05/14 12:0 a.m.9 views

The vulnerability of the formEasySetupWizard function in the D-Link DIR-600L router’s microprogramming software allows a hacker to execute arbitrary code.

The vulnerability of the formEasySetupWizard function in the D-Link DIR-600L router’s microprogramming software is related to the copying of buffers without checking the size of the input data. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code by using the host...

10CVSS8.1AI score0.01022EPSS
Exploits0References6Affected Software1
CNNVD
CNNVD
added 2025/05/06 12:0 a.m.3 views

D-Link DIR-600L 安全漏洞

The D-Link DIR-600L is an entry-level wireless router from China's AUO D-Link that supports 150Mbps wireless transmission and four 100 megabit wired ports. The D-Link DIR-600L suffers from a buffer overflow vulnerability that stems from the parameter host of function formEasySetupWizard3 failing ...

9.8CVSS8.1AI score0.01022EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/05/06 12:0 a.m.3 views

D-Link DIR-600L 安全漏洞

The D-Link DIR-600L is an entry-level wireless router from China's AUO D-Link that supports 150Mbps wireless transmission and four 100 megabit wired ports. The D-Link DIR-600L suffers from a buffer overflow vulnerability that originates from the parameter host of the formSetWANWizard534 function...

9.8CVSS8.1AI score0.01031EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/05/06 12:0 a.m.5 views

D-Link DIR-600L 安全漏洞

The D-Link DIR-600L is an entry-level wireless router from China's AUO D-Link that supports 150Mbps wireless transmission and four 100 megabit wired ports. The D-Link DIR-600L suffers from a buffer overflow vulnerability that stems from the formWlSiteSurvey function parameter host failing to...

9.8CVSS8.1AI score0.01554EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/05/06 12:0 a.m.6 views

D-Link DIR-600L 安全漏洞

The D-Link DIR-600L is a wireless router from China-based AUO D-Link. The D-Link DIR-600L suffers from a buffer overflow vulnerability that originates from the parameter host of the function formEasySetupWizard that fails to correctly validate the length and size of the input data, which can be...

9.8CVSS8.1AI score0.01022EPSS
Exploits0References6
OSV
OSV
added 2025/04/30 6:15 p.m.7 views

CVE-2025-4135

A vulnerability was found in Netgear WG302v2 up to 5.2.9 and classified as critical. Affected by this issue is the function uigetinputvalue. The manipulation of the argument host leads to command injection. The attack may be launched remotely. The vendor was contacted early about this disclosure...

5.3CVSS5.6AI score0.02283EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/04/30 12:0 a.m.5 views

NETGEAR WG302v2 注入漏洞

The NETGEAR WG302v2 is a wireless access point from NETGEAR. The NETGEAR WG302v2 suffers from a command injection vulnerability that stems from the uigetinputvalue function parameter host failing to properly filter constructor command special characters, commands, and so on. No details of the...

6.5CVSS7.5AI score0.02283EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/04/30 12:0 a.m.4 views

NETGEAR JWNR2000 安全漏洞

The NETGEAR JWNR2000v2 is a wireless router from NETGEAR. The NETGEAR JWNR2000v2 suffers from a buffer overflow vulnerability that originates from the defaultversionisnew function parameter host failing to correctly validate the length of the input data, which can be exploited by an attacker to...

9.8CVSS8AI score0.00808EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/04/30 12:0 a.m.4 views

NETGEAR JWNR2000 注入漏洞

The NETGEAR JWNR2000v2 is a wireless router from NETGEAR. The NETGEAR JWNR2000v2 suffers from a command injection vulnerability that stems from the cmdwireless function parameter host failing to properly filter constructor command special characters, commands, and so on. No details of the...

9.8CVSS7.5AI score0.03318EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/04/30 12:0 a.m.5 views

NETGEAR JWNR2000 安全漏洞

The NETGEAR JWNR2000v2 is a wireless router from NETGEAR. The NETGEAR JWNR2000v2 suffers from a buffer overflow vulnerability that originates from the getcurlangver function parameter host failing to correctly validate the length of the input data, which can be exploited by an attacker to execute...

9.8CVSS8AI score0.00808EPSS
Exploits0References5
Veracode
Veracode
added 2025/02/27 7:50 a.m.5 views

Authorization Bypass

leantime/leantime is vulnerable to an Authorization Bypass. The vulnerability is due to missing authorization checks on the "Host" parameter, allowing an attacker to access another user's profile information by modifying the parameter...

6.7AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2025/02/25 12:0 a.m.8 views

The vulnerability of the getSaveConfig() function in TOTOLINK CP450 router microprogramming software allows a hacker to induce a service failure.

The vulnerability of the getSaveConfig function in TOTOLINK CP450 router microprogramming software is related to the issue of the operation going beyond the buffer in memory when processing the httphost parameter. Exploiting this vulnerability could allow a remote attacker to cause service...

7.5CVSS5.7AI score0.00554EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder