Buffalo WSR-2533DHPL2 - Path Traversal

Buffalo WSR-2533DHPL2 firmware version = 1.02 and WSR-2533DHP3 firmware version = 1.24 are susceptible to a path traversal vulnerability that could allow unauthenticated remote attackers to bypass authentication in their web interfaces. id: CVE-2021-20090 info: name: Buffalo WSR-2533DHPL2 - Path...

PT-2024-10909 · Sercomm · Sercomm

Name of the Vulnerable Software and Affected Versions: Sercomm Model Etisalat Model S3- AC2100 affected versions not specified Description: The issue is related to Cross Site Scripting XSS via the firmware update page. This high-severity vulnerability impacts specific versions of Sercomm products...

Exploit for Improper Input Validation in Lexmark Cxtpc_Firmware

CVE-2023-34362 POCs for credential dumping, reverse shells, an...

Vulnerabilities in SICK ICR890-4

SICK has found several security vulnerabilities in the SICK ICR890-4. If exploited, these could allow an unauthenticated remote attacker to compromise the availability or confidentiality of the SICK ICR890-4. Currently, SICK is not aware of any public exploits that specifically target any of the...

Critical Firmware Vulnerability in Gigabyte Systems Exposes ~7 Million Devices

Cybersecurity researchers have found "backdoor-like behavior" within Gigabyte systems, which they say enables the UEFI firmware of the devices to drop a Windows executable and retrieve updates in an unsecure format. Firmware security firm Eclypsium said it first detected the anomaly in April 2023...

TP-Link SG105PE vulnerable to authentication bypass

Overview TP-Link SG105PE contains an authentication bypass vulnerability CWE-287. Baba Takao of BPS Co., Ltd reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact Under certain conditions, an attacker may...

CVE-2022-37062

All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are affected by an insecure design vulnerability due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this by sending a URI that contains the path of the SQLite users database and...

CVE-2022-37060

FLIR AX8 thermal sensor cameras version up to and including 1.46.16 is vulnerable to Directory Traversal due to an improper access restriction. An unauthenticated, remote attacker can exploit this by sending a URI that contains directory traversal characters to disclose the contents of files...

CVE-2019-7193

This improper input validation vulnerability allows remote attackers to inject arbitrary code to the system. To fix the vulnerability, QNAP recommend updating QTS to their latest versions...

CVE-2019-10959

BD Alaris Gateway Workstation Versions, 1.1.3 Build 10, 1.1.3 MR Build 11, 1.2 Build 15, 1.3.0 Build 14, 1.3.1 Build 13, This does not impact the latest firmware Versions 1.3.2 and 1.6.1, Additionally, the following products using software Version 2.3.6 and below, Alaris GS, Alaris GH, Alaris CC,...

WBR3404TX Broadband Router XSS

I.Overview Current firmware version is R1.94p0vTIG the latest. WBR3404TX Broadband Router Web Management II.Description http://routeraddress/cgi-bin/ddns?RC=40&DG0=x&DP=D&DD=223E3Cscript3Ealert'xss20detected!';3C/script3E3Ctext20id=22&DU=&DW=...

dlink_udp_dos.txt

At the time of discovery the issue affected the latest D-Link firmwares. As D-Link has since released a new firmware, this is no longer the case, so... cheers... --- Aaron Portnoy ------------------------------------------------------------------------------------ D-Link Fragmented UDP Denial of...