56 matches found
CVE-2023-41028 Juplink RX4-1500 Stack-based Buffer Overflow Vulnerability
A stack-based buffer overflow exists in Juplink RX4-1500, a WiFi router, in versions 1.0.2 through 1.0.5. An authenticated attacker can exploit this vulnerability to achieve code execution as root...
CVE-2023-41028 Juplink RX4-1500 Stack-based Buffer Overflow Vulnerability
A stack-based buffer overflow exists in Juplink RX4-1500, a WiFi router, in versions 1.0.2 through 1.0.5. An authenticated attacker can exploit this vulnerability to achieve code execution as root...
CVE-2023-41028
CVE-2023-41028 affects Juplink RX4-1500 WiFi routers (versions 1.0.2–1.0.5). A stack-based buffer overflow allows an authenticated attacker to achieve code execution as root. Rooted in the vulnerable handling of input data, the issue enables unrestricted code execution with high impact. Mitigatio...
PT-2023-27748 · Unknown · Juplink Rx4-1500
Name of the Vulnerable Software and Affected Versions: Juplink RX4-1500 versions 1.0.2 through 1.0.5 Description: A stack-based buffer overflow exists in the Juplink RX4-1500 WiFi router. An authenticated attacker can exploit this issue to achieve code execution as root. Recommendations: For...
PT-2023-5281 · Unknown · Juplink Rx4-1500
Name of the Vulnerable Software and Affected Versions: Juplink RX4-1500 versions V1.0.2 through V1.0.5 Description: The issue is related to the use of hard-coded credentials in the Juplink RX4-1500 WI-FI router's software. This allows unauthenticated attackers to log in to the web interface or...
Juplink Intelligent Technologies RX4-1500 Injection Vulnerability
The Juplink Intelligent Technologies RX4-1500 is a wireless router from Juplink Intelligent Technologies. A security vulnerability exists in the Juplink Intelligent Technologies RX4-1500 v1.0.3, which originates from the program failing to clean user input before executing it. A remote attacker...
Juplink Intelligent Technologies RX4-1500 Unauthorized Operation Vulnerability
The Juplink Intelligent Technologies RX4-1500 is a wireless router from Juplink Intelligent Technologies. A security vulnerability exists in httpd in the Juplink Intelligent Technologies RX4-1500 versions v1.0.3 through v1.0.5. A remote attacker could use this vulnerability to modify or access...
Design/Logic Flaw
httpd in Juplink RX4-1500 v1.0.3-v1.0.5 allows remote attackers to change or access router settings by connecting to the unauthenticated setup3.htm endpoint from the local network...
CVE-2020-8798
httpd in Juplink RX4-1500 v1.0.3-v1.0.5 allows remote attackers to change or access router settings by connecting to the unauthenticated setup3.htm endpoint from the local network...
CVE-2020-8797
Juplink RX4-1500 v1.0.3 allows remote attackers to gain root access to the Linux subsystem via an unsanitized exec call aka Command Line Injection, if the undocumented telnetd service is enabled and the attacker can authenticate as admin from the local network...
CVE-2020-8797
Juplink RX4-1500 v1.0.3 allows remote attackers to gain root access to the Linux subsystem via an unsanitized exec call aka Command Line Injection, if the undocumented telnetd service is enabled and the attacker can authenticate as admin from the local network...
CVE-2020-8797
Juplink RX4-1500 v1.0.3 allows remote attackers to gain root access to the Linux subsystem via an unsanitized exec call aka Command Line Injection, if the undocumented telnetd service is enabled and the attacker can authenticate as admin from the local network...
CVE-2020-8798
The vulnerability CVE-2020-8798 affects Juplink RX4-1500 routers (firmware versions v1.0.3–v1.0.5). The httpd service exposes an unauthenticated setup3.htm endpoint on the local network, which allows remote attackers to change or access router settings. The exposed detail in connected CNVD/NVD en...
CVE-2020-8798
httpd in Juplink RX4-1500 v1.0.3-v1.0.5 allows remote attackers to change or access router settings by connecting to the unauthenticated setup3.htm endpoint from the local network...
CVE-2020-8797
Juplink RX4-1500 v1.0.3 is affected by CVE-2020-8797 due to a command injection from an unsanitized exec call when the telnetd service is enabled and an admin can authenticate from the local network. This allows a local attacker to gain root access to the Linux subsystem. The connected sources pr...
CVE-2020-8797
Juplink RX4-1500 v1.0.3 allows remote attackers to gain root access to the Linux subsystem via an unsanitized exec call aka Command Line Injection, if the undocumented telnetd service is enabled and the attacker can authenticate as admin from the local network...