CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5781 matches found

Vulnrichment•added 2024/09/16 12:0 a.m.•17 views

CVE-2024-45416

The HTTPD binary in multiple ZTE routers has a local file inclusion vulnerability in sessioninit function. The session -LUA- files are stored in the directory /var/luasession, the function iterates on all files in this directory and executes them using the function dofile without any validation i...

6.6AI score0.00561EPSS

Exploits0References1

Cvelist•added 2024/09/16 12:0 a.m.•21 views

CVE-2024-45413

The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in rsadecrypt function. This function is an API wrapper for LUA to decrypt RSA encrypted ciphertext, the decrypted data is stored on the stack without checking its length. An authenticated attacker can get RC...

0.0038EPSS

Exploits0References1

CVE•added 2024/09/16 12:0 a.m.•30 views

CVE-2024-45416

CVE-2024-45416 affects the HTTPD binary in multiple ZTE routers. A local file inclusion flaw exists in session_init: session files stored in /var/lua_session are enumerated and executed via dofile without validating whether each file is a valid session file. An attacker able to place a malicious ...

8.1CVSS6.8AI score0.00561EPSS

Exploits0References1

CVE•added 2024/09/16 12:0 a.m.•34 views

CVE-2024-45415

The CVE-2024-45415 issue affects multiple ZTE routers running HTTPD. A stack-based buffer overflow in check_data_integrity, which validates the checksum of POST data, allows an unauthenticated attacker to achieve root RCE by triggering improper handling of the decrypted, unchecked checksum on the...

9.8CVSS7.2AI score0.00483EPSS

Exploits0References1

CVE•added 2024/09/16 12:0 a.m.•57 views

CVE-2024-45414

The CVE-2024-45414 issue affects the HTTPD binary in multiple ZTE routers, with a stack-based buffer overflow in the webPrivateDecrypt function that handles RSA-encrypted data provided base64-encoded. The decoded ciphertext is stored on the stack without length checks, enabling unauthenticated re...

9.8CVSS7.5AI score0.00483EPSS

Exploits0References1

CVE•added 2024/09/16 12:0 a.m.•44 views

CVE-2024-45413

The CVE-2024-45413 issue affects the HTTPD binary in multiple ZTE routers. A stack-based buffer overflow in rsa_decrypt, an API wrapper for LUA used to decrypt RSA ciphertext, stores decrypted data on the stack without length checks. This allows an authenticated attacker to achieve remote code ex...

8.1CVSS6.7AI score0.0038EPSS

Exploits0References1

Vulnrichment•added 2024/09/16 12:0 a.m.•9 views

CVE-2024-45414

The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in webPrivateDecrypt function. This function is responsible for decrypting RSA encrypted ciphertext, the encrypted data is supplied base64 encoded. The decoded ciphertext is stored on the stack without checki...

7.3AI score0.00483EPSS

Exploits0References1

Cvelist•added 2024/09/16 12:0 a.m.•12 views

CVE-2024-45415

The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in checkdataintegrity function. This function is responsible for validating the checksum of data in post request. The checksum is sent encrypted in the request, the function decrypts it and stores the checksu...

0.00483EPSS

Exploits0References1

Cvelist•added 2024/09/16 12:0 a.m.•12 views

CVE-2024-45414

0.00483EPSS

Exploits0References1

Vulnrichment•added 2024/09/16 12:0 a.m.•11 views

CVE-2024-45413

7AI score0.0038EPSS

Exploits0References1

Cvelist•added 2024/09/16 12:0 a.m.•15 views

CVE-2024-45416