Lucene search
K

123 matches found

NVD
NVD
added 2024/10/20 8:15 a.m.31 views

CVE-2024-10194

A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been classified as critical. Affected is the function Gotochidx of the file login.cgi of the component Front-End Authentication Page. The manipulation of the argument wlanUrl leads to stack-based buffer...

8.8CVSS0.01124EPSS
Exploits1References4
OSV
OSV
added 2024/10/20 8:15 a.m.5 views

CVE-2024-10194

A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been classified as critical. Affected is the function Gotochidx of the file login.cgi of the component Front-End Authentication Page. The manipulation of the argument wlanUrl leads to stack-based buffer...

8.8CVSS6.1AI score0.01124EPSS
Exploits1References4
CVE
CVE
added 2024/10/20 8:0 a.m.54 views

CVE-2024-10194

CVE-2024-10194 affects WAVLINK WN530H4, WN530HG4 and WN572HG3 (up to 20221028). The issue is in the Front-End Authentication Page, specifically the function Goto_chidx in the file login.cgi . Manipulating the argument wlanUrl causes a stack-based buffer overflow. Exploitation is possible only wit...

8.8CVSS8.8AI score0.01124EPSS
Exploits1References4Affected Software1
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.412 views

Supermicro Onboard IPMI CGI Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'uri' class MetasploitModule 'Supermicro Onboard IPMI CGI Vulnerability Scanner', 'Description' = %q This module checks for known vulnerabilities in the CGI...

10CVSS7AI score0.71929EPSS
Exploits10
Positive Technologies
Positive Technologies
added 2024/06/28 12:0 a.m.7 views

PT-2024-10139 · Wavlink · Wavlink Ac3000

Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 versions M33A8.V5030.210505 Description: Multiple OS command injection vulnerabilities exist in the login.cgi set sys init functionality. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can ma...

10CVSS8.4AI score0.08168EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2024/06/28 12:0 a.m.5 views

PT-2024-10141 · Wavlink · Wavlink Ac3000

Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 M33A8.V5030.210505 Description: Multiple OS command injection vulnerabilities exist in the login.cgi set sys init functionality. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an...

10CVSS9.8AI score0.17378EPSS
Exploits1References8
CISA KEV Catalog
CISA KEV Catalog
added 2024/01/08 12:0 a.m.33 views

D-Link DSL-2750B Devices Command Injection Vulnerability

D-Link DSL-2750B devices contain a command injection vulnerability that allows remote, unauthenticated command injection via the login.cgi cli parameter...

9.8CVSS8AI score0.6043EPSS
In wildExploits1
OSV
OSV
added 2023/10/10 3:15 p.m.4 views

CVE-2023-30806

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /cgi-bin/login.cgi endpoint. This is due to...

9.8CVSS6.1AI score0.65799EPSS
Exploits1References3
OSV
OSV
added 2023/09/20 2:15 p.m.5 views

CVE-2023-43199

D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the prev parameter in the H5/login.cgi function...

9.8CVSS5.8AI score0.00766EPSS
Exploits1References1
NVD
NVD
added 2023/09/20 2:15 p.m.10 views

CVE-2023-43199

D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the prev parameter in the H5/login.cgi function...

9.8CVSS9.7AI score0.00766EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/09/20 12:0 a.m.10 views

CVE-2023-43199

D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the prev parameter in the H5/login.cgi function...

7.8AI score0.00766EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/09/20 12:0 a.m.22 views

CVE-2023-43199

D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the prev parameter in the H5/login.cgi function...

9.8AI score0.00766EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/09/20 12:0 a.m.4 views

D-Link Di-7200G Buffer Error Vulnerability

The D-Link Di-7200G is a Gigabit enterprise router from China-based AUO D-Link. A security vulnerability exists in the D-Link DI-7000G, which originates from a stack overflow that can be caused by manipulating the prev parameter in the H5/login.cgi function...

9.8CVSS7.2AI score0.00766EPSS
Exploits1References2
CVE
CVE
added 2023/09/20 12:0 a.m.36 views

CVE-2023-43199

D-Link DI-7200GV2.E1 (v21.04.09E1) is affected by a stack overflow in the H5/login.cgi function triggered via the prev parameter. This issue can lead to a denial of service. Public details across sources consistently describe the vulnerability as a stack overflow in the login.cgi path. A practica...

9.8CVSS9.6AI score0.00766EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/08/21 12:0 a.m.7 views

PT-2023-9807 · Draytek · Draytek Vigor 2925 +1

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor2620 versions prior to 3.9.8.4 DrayTek Vigor2925 versions prior to 3.9.8.4 Description: The issue is related to the user login.cgi script in the web interface of DrayTek Vigor router firmware, which is associated with incorrect...

9.8CVSS7.8AI score0.0086EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2023/07/10 12:0 a.m.6 views

PT-2023-5326 · D Link · Di-7200Gv2.E1

Name of the Vulnerable Software and Affected Versions: D-Link device DI-7200GV2.E1 version 21.04.09E1 Description: The issue is related to a stack overflow in the H5/login.cgi function, specifically via the prev parameter. This can be exploited by a remote attacker to cause a denial of service...

9.8CVSS9.2AI score0.00766EPSS
Exploits1References6
BDU FSTEC
BDU FSTEC
added 2022/11/02 12:0 a.m.7 views

The vulnerability of the D-Link DSL-2750B router’s microprogramming software lies in the lack of measures taken to clean data at the control level, allowing attackers to execute arbitrary commands.

The vulnerability of the D-Link DSL-2750B router’s microprogramming software is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands through the login.cgi parameter...

10CVSS8.3AI score0.6043EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2022/10/19 5:15 a.m.2 views

CVE-2016-20017

D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as exploited in the wild in 2016 through 2022...

9.8CVSS5.8AI score0.6043EPSS
Exploits1References4
Prion
Prion
added 2022/10/19 5:15 a.m.27 views

Command injection

D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as exploited in the wild in 2016 through 2022...

7.5CVSS8AI score0.6043EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2022/10/19 12:0 a.m.35 views

CVE-2016-20017

D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as exploited in the wild in 2016 through 2022...

10AI score0.6043EPSS
Exploits1References3
Rows per page
Query Builder