1401 matches found
Telesquare TLR-2855KS6 - Arbitrary File Creation
An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 via PUT method can allow creation of CGI scripts. id: CVE-2021-46418 info: name: Telesquare TLR-2855KS6 - Arbitrary File Creation author: DhiyaneshDK severity: high description: | An unauthorized file creation vulnerability in...
Lighttpd 1.4.34 SQL Injection and Path Traversal
A SQL injection vulnerability in modmysqlvhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name related to requestcheckhostname. id: CVE-2014-2323 info: name: Lighttpd 1.4.34 SQL Injection and Path Traversal author: geeknik severity: critical...
Unity Linux 20.1060e / 20.1070e Security Update: lighttpd (UTSA-2026-016637)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016637 advisory. In lighttpd 1.4.46 through 1.4.63, the modextforwardForwarded function of the modextforward plugin has a stack-based buffer overflow 4 bytes representing -1, as...
CVE-2026-7546
A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279B20210910. The impacted element is the function findhostip of the component lighttpd. Such manipulation of the argument Host leads to stack-based buffer overflow. The attack can be executed remotely. The exploit has been...
CVE-2026-7546
A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279B20210910. The impacted element is the function findhostip of the component lighttpd. Such manipulation of the argument Host leads to stack-based buffer overflow. The attack can be executed remotely. The exploit has been...
CVE-2026-7546 Totolink NR1800X lighttpd find_host_ip stack-based overflow
A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279B20210910. The impacted element is the function findhostip of the component lighttpd. Such manipulation of the argument Host leads to stack-based buffer overflow. The attack can be executed remotely. The exploit has been...
CVE-2026-7546
A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279B20210910. The impacted element is the function findhostip of the component lighttpd. Such manipulation of the argument Host leads to stack-based buffer overflow. The attack can be executed remotely. The exploit has been...
CVE-2026-7546
Totolink NR1800X firmware 9.1.0u.6279_B20210910 contains a stack-based overflow in lighttpd’s find_host_ip when Host is manipulated. This remote vulnerability has a publicly disclosed exploit. No remediation details are provided in the supplied documents.
EUVD-2026-26473
A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279B20210910. The impacted element is the function findhostip of the component lighttpd. Such manipulation of the argument Host leads to stack-based buffer overflow. The attack can be executed remotely. The exploit has been...
CVE-2026-7546 Totolink NR1800X lighttpd find_host_ip stack-based overflow
A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279B20210910. The impacted element is the function findhostip of the component lighttpd. Such manipulation of the argument Host leads to stack-based buffer overflow. The attack can be executed remotely. The exploit has been...
TOTOLINK NR1800X 缓冲区错误漏洞
TOTOLINK NR1800X is an outstanding 5G NR indoor Wi-Fi and SIP CPE device from TOTOLINK Corporation. It aims to provide fast and convenient NR fixed data service deployment for homes and offices. The TOTOLINK NR1800X version 9.1.0u.6279B20210910 contains a buffer error vulnerability. This...
PT-2026-36293
Name of the Vulnerable Software and Affected Versions Totolink NR1800X version 9.1.0u.6279 B20210910 Description A stack-based buffer overflow exists in the lighttpd component. This issue occurs when the find host ip function improperly handles the Host argument, allowing a remote attacker to...
CVE-2025-67445
TOTOLINK X5000R V9.1.0cu.2415B20250515 contains a denial-of-service vulnerability in /cgi-bin/cstecgi.cgi. The CGI reads the CONTENTLENGTH environment variable and allocates memory using malloc CONTENTLENGTH + 1 without sufficient bounds checking. When lighttpd s request size limit is not enforce...
CVE-2025-70329
TOTOLink X5000R v9.1.0cu2415B20250515 contains an OS command injection vulnerability in the setIptvCfg handler of the /usr/sbin/lighttpd executable. The vlanVidLan1 and other vlanVidLanX parameters are retrieved via UciGetStr and passed to the CsteSystem function without adequate validation or...
Tattile Cameras 1.181.5 Insufficient Token (X-User-Token) Expiration
Summary Tattile is an Italian manufacturer specializing in advanced ANPR/ALPR, traffic‑enforcement, and machine‑vision camera systems used across intelligent transportation networks, tolling infrastructures, access‑control environments, and industrial automation. Their portfolio includes...
📄 Tattile Cameras 1.181.5 Default Credentials
Tattile Cameras version 1.181.5 ship with default credentials that remain active after installation and commissioning without enforcing a mandatory password change. Tattile Cameras 1.181.5 Use of Default Credentials Vendor: Tattile s.r.l. Product web page: https://www.tattile.com Affected version...
CVE-2025-70327
TOTOLINK X5000R v9.1.0cu2415B20250515 contains an argument injection vulnerability in the setDiagnosisCfg handler of the /usr/sbin/lighttpd executable. The ip parameter is retrieved via websGetVar and passed to a ping command through CsteSystem without validating if the input starts with a hyphen...
CVE-2025-70329
TOTOLink X5000R v9.1.0cu2415B20250515 contains an OS command injection vulnerability in the setIptvCfg handler of the /usr/sbin/lighttpd executable. The vlanVidLan1 and other vlanVidLanX parameters are retrieved via UciGetStr and passed to the CsteSystem function without adequate validation or...
CVE-2025-70329
TOTOLink X5000R v9.1.0cu2415B20250515 contains an OS command injection vulnerability in the setIptvCfg handler of the /usr/sbin/lighttpd executable. The vlanVidLan1 and other vlanVidLanX parameters are retrieved via UciGetStr and passed to the CsteSystem function without adequate validation or...
PT-2026-21543
Name of the Vulnerable Software and Affected Versions TOTOLink X5000R version 9.1.0cu 2415 B20250515 Description The TOTOLink X5000R router firmware contains an OS command injection issue in the setIptvCfg handler of the /usr/sbin/lighttpd executable. The vlanVidLan1 and other vlanVidLanX...