CVE-2019-20030

An attacker with knowledge of the modem access number on a NEC UM8000 voicemail system may use SSH tunneling or standard Linux utilities to gain access to the system's LAN port. All versions are affected...

OS Command Injection

github.com/neuvector/neuvector is vulnerable to OS Command Injection. The vulnerability is due to unsanitized use of the environment variables CLUSTERRPCPORT and CLUSTERLANPORT in shell commands executed via popen, which allows an attacker to inject and execute arbitrary commands within the...

CVE-2025-54469 NeuVector Enforcer is vulnerable to Command Injection and Buffer overflow

A vulnerability was identified in NeuVector, where the enforcer used environment variables CLUSTERRPCPORT and CLUSTERLANPORT to generate a command to be executed via popen, without first sanitising their values. The entry process of the enforcer container is the monitor process. When the enforcer...

PT-2025-43268

Name of the Vulnerable Software and Affected Versions NeuVector versions prior to 5.4.7 Description A critical issue exists in NeuVector where the enforcer component improperly handles environment variables CLUSTER RPC PORT and CLUSTER LAN PORT. These variables are used to construct shell command...

EUVD-2019-10586

Malware in sbrugna...

CVE-2024-38471

Multiple TP-LINK products allow a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by restoring a crafted backup file. The affected device, with the initial configuration, allows login only from the LAN port or Wi-Fi...

CVE-2024-38471

Multiple TP-LINK products allow a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by restoring a crafted backup file. The affected device, with the initial configuration, allows login only from the LAN port or Wi-Fi...

CVE-2024-38471

Multiple TP-LINK products allow a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by restoring a crafted backup file. The affected device, with the initial configuration, allows login only from the LAN port or Wi-Fi...

CVE-2024-38471

CVE-2024-38471 concerns multiple TP-LINK routers (e.g., Archer AX3000, AXE75, AX5400, Air R5, AXE5400) with an OS command injection vulnerability. The issue allows a network-adjacent attacker who has administrative privileges to execute arbitrary OS commands by restoring a crafted backup file. Th...

CVE-2021-42794

An issue was discovered in AVEVA Edge formerly InduSoft Web Studio versions R2020 and prior. The application allows a client to provide a malicious connection string that could allow an adversary to port scan the LAN, depending on the hosts' responses...

CVE-2021-42794

An issue was discovered in AVEVA Edge formerly InduSoft Web Studio versions R2020 and prior. The application allows a client to provide a malicious connection string that could allow an adversary to port scan the LAN, depending on the hosts' responses...

CVE-2021-42794

AVEVA Edge (formerly InduSoft Web Studio)

ASUS RT-AC86U Command Injection Vulnerability (CNVD-2023-70091)

RT-AC86U is an ASUS router with 2900M wireless rate, external antenna, and Gigabit LAN port for WAN access.RT-AC86U integrates ASUS AiProtection, which is equipped with Trend Micro's enterprise-grade network security for smart home networks, even if the connected device does not have anti-virus...

PT-2022-27628 · Ip Com · Ip-Com M50

Name of the Vulnerable Software and Affected Versions: IP-COM M50 version 15.11.0.3310768 Description: The issue is related to multiple buffer overflows that can occur via the pLanPortRange and pWanPortRange parameters in the formSetPortMapping function. Recommendations: For IP-COM M50 version...

CVE-2019-20030

An attacker with knowledge of the modem access number on a NEC UM8000 voicemail system may use SSH tunneling or standard Linux utilities to gain access to the system's LAN port. All versions are affected...

Unauthorized Access Vulnerability in Netcentric Cloud Devices of Shenzhen Netcentric Technology Co.

Shenzhen Netcenter Technology Co., Ltd, dedicated to the global shared computing and blockchain field, amplifies everyone's power through technological innovation. Shenzhen Netcentric Technology Co., Ltd Netcentric cloud devices have unauthorized access vulnerability, attackers can use the...

New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+

Hello 3APA3A! I want to warn you about security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. Which I've found in your modem. In April I've already drew attention of Ukrtelecom's representativ...