123 matches found
CVE-2024-10194
A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been classified as critical. Affected is the function Gotochidx of the file login.cgi of the component Front-End Authentication Page. The manipulation of the argument wlanUrl leads to stack-based buffer...
CVE-2024-10194
A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been classified as critical. Affected is the function Gotochidx of the file login.cgi of the component Front-End Authentication Page. The manipulation of the argument wlanUrl leads to stack-based buffer...
CVE-2024-10194
CVE-2024-10194 affects WAVLINK WN530H4, WN530HG4 and WN572HG3 (up to 20221028). The issue is in the Front-End Authentication Page, specifically the function Goto_chidx in the file login.cgi . Manipulating the argument wlanUrl causes a stack-based buffer overflow. Exploitation is possible only wit...
Supermicro Onboard IPMI CGI Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'uri' class MetasploitModule 'Supermicro Onboard IPMI CGI Vulnerability Scanner', 'Description' = %q This module checks for known vulnerabilities in the CGI...
PT-2024-10139 · Wavlink · Wavlink Ac3000
Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 versions M33A8.V5030.210505 Description: Multiple OS command injection vulnerabilities exist in the login.cgi set sys init functionality. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can ma...
PT-2024-10141 · Wavlink · Wavlink Ac3000
Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 M33A8.V5030.210505 Description: Multiple OS command injection vulnerabilities exist in the login.cgi set sys init functionality. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an...
D-Link DSL-2750B Devices Command Injection Vulnerability
D-Link DSL-2750B devices contain a command injection vulnerability that allows remote, unauthenticated command injection via the login.cgi cli parameter...
CVE-2023-30806
The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /cgi-bin/login.cgi endpoint. This is due to...
CVE-2023-43199
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the prev parameter in the H5/login.cgi function...
CVE-2023-43199
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the prev parameter in the H5/login.cgi function...
CVE-2023-43199
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the prev parameter in the H5/login.cgi function...
CVE-2023-43199
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the prev parameter in the H5/login.cgi function...
D-Link Di-7200G Buffer Error Vulnerability
The D-Link Di-7200G is a Gigabit enterprise router from China-based AUO D-Link. A security vulnerability exists in the D-Link DI-7000G, which originates from a stack overflow that can be caused by manipulating the prev parameter in the H5/login.cgi function...
CVE-2023-43199
D-Link DI-7200GV2.E1 (v21.04.09E1) is affected by a stack overflow in the H5/login.cgi function triggered via the prev parameter. This issue can lead to a denial of service. Public details across sources consistently describe the vulnerability as a stack overflow in the login.cgi path. A practica...
PT-2023-9807 · Draytek · Draytek Vigor 2925 +1
Name of the Vulnerable Software and Affected Versions: DrayTek Vigor2620 versions prior to 3.9.8.4 DrayTek Vigor2925 versions prior to 3.9.8.4 Description: The issue is related to the user login.cgi script in the web interface of DrayTek Vigor router firmware, which is associated with incorrect...
PT-2023-5326 · D Link · Di-7200Gv2.E1
Name of the Vulnerable Software and Affected Versions: D-Link device DI-7200GV2.E1 version 21.04.09E1 Description: The issue is related to a stack overflow in the H5/login.cgi function, specifically via the prev parameter. This can be exploited by a remote attacker to cause a denial of service...
The vulnerability of the D-Link DSL-2750B router’s microprogramming software lies in the lack of measures taken to clean data at the control level, allowing attackers to execute arbitrary commands.
The vulnerability of the D-Link DSL-2750B router’s microprogramming software is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands through the login.cgi parameter...
CVE-2016-20017
D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as exploited in the wild in 2016 through 2022...
Command injection
D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as exploited in the wild in 2016 through 2022...
CVE-2016-20017
D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as exploited in the wild in 2016 through 2022...