104 matches found
CVE-2025-12387
A vulnerability in the Pix-Link LV-WR21Q router's language module allows remote attackers to trigger a denial of service DoS by sending a specially crafted HTTP POST request containing non-existing language parameter. This renders the server unable to serve correct lang.js file, which causes...
CVE-2025-12386
Pix-Link LV-WR21Q does not enforce any form of authentication for endpoint /goform/getHomePageInfo. Remote unauthenticated attacker is able to use this endpoint to e.g: retrieve cleartext password to the access point. The vendor was notified early about this vulnerability, but didn't respond with...
CVE-2025-12386
Pix-Link LV-WR21Q does not enforce any form of authentication for endpoint /goform/getHomePageInfo. Remote unauthenticated attacker is able to use this endpoint to e.g: retrieve cleartext password to the access point. The vendor was notified early about this vulnerability, but didn't respond with...
CVE-2025-12387 Denial of Service in Pix-Link LV-WR21Q
A vulnerability in the Pix-Link LV-WR21Q router's language module allows remote attackers to trigger a denial of service DoS by sending a specially crafted HTTP POST request containing non-existing language parameter. This renders the server unable to serve correct lang.js file, which causes...
EUVD-2025-206410
Pix-Link LV-WR21Q does not enforce any form of authentication for endpoint /goform/getHomePageInfo. Remote unauthenticated attacker is able to use this endpoint to e.g: retrieve cleartext password to the access point. The vendor was notified early about this vulnerability, but didn't respond with...
CVE-2025-12386 Missing Authentication for Critical Endpoint in Pix-Link LV-WR21Q
Pix-Link LV-WR21Q does not enforce any form of authentication for endpoint /goform/getHomePageInfo. Remote unauthenticated attacker is able to use this endpoint to e.g: retrieve cleartext password to the access point. The vendor was notified early about this vulnerability, but didn't respond with...
CVE-2025-12386 Missing Authentication for Critical Endpoint in Pix-Link LV-WR21Q
Pix-Link LV-WR21Q does not enforce any form of authentication for endpoint /goform/getHomePageInfo. Remote unauthenticated attacker is able to use this endpoint to e.g: retrieve cleartext password to the access point. The vendor was notified early about this vulnerability, but didn't respond with...
CVE-2025-12386
Pix-Link LV-WR21Q is vulnerable to an unauthenticated access issue at endpoint /goform/getHomePageInfo. The vulnerability allows remote attackers with network access to retrieve sensitive data (cleartext passwords) due to lack of authentication. Only version V108_108 has been tested and confirmed...
PT-2026-4912
Pix-Link LV-WR21Q does not enforce any form of authentication for endpoint /goform/getHomePageInfo. Remote unauthenticated attacker is able to use this endpoint to e.g: retrieve cleartext password to the access point. The vendor was notified early about this vulnerability, but didn't respond with...
Pix-Link LV-WR21Q code issue and vulnerability
The Pix-Link LV-WR21Q is a wireless router produced by the Chinese company Pix-Link. The Pix-Link LV-WR21Q has a code vulnerability, which stems from improper handling of the language module. This vulnerability could allow remote attackers to trigger a denial-of-service attack through a specially...
@dativa-lv/lx-ui (>=2.0.0 <=2.1.7), @wntr/lx-ui (>=1.5.0 <=1.11.1) +3 more potentially affected by unknown CVE via avvvatars-vue (>=1.1.0 <=1.1.1)
avvvatars-vue NPM version =1.1.0, =2.0.0, =1.5.0, =0.10.0, =0.10.0, =0.10.0, =0.13.0 Source cves: unknown CVE Source advisory: OSV:MAL-2025-191067...
EUVD-2003-0184
Malware in sbrugna...
Malicious code in @zalastax/nolb-lion-lv (npm)
The package @zalastax/nolb-lion-lv was found to contain malicious code...
MAL-2025-12237 Malicious code in @zalastax/nolb-lion-lv (npm)
The package @zalastax/nolb-lion-lv was found to contain malicious code...
CVE-2020-24104
XSS on the PIX-Link Repeater/Router LV-WR07 with firmware v28K.Router.20170904 allows attackers to steal credentials without being connected to the network. The attack vector is a crafted ESSID, as demonstrated by the wireless.htm SET2 parameter...
CVE-2024-46280
PIX-LINK LV-WR22 RE3002-P1-01V117.0 is vulnerable to Improper Access Control. The TELNET service is enabled with weak credentials for a root-level account, without the possibility of changing them...
CVE-2024-46280
PIX-LINK LV-WR22 RE3002-P1-01_V117.0 is affected by Improper Access Control due to TELNET being enabled with root-level credentials that cannot be changed. The issue is documented across multiple sources (NVD/Red Hat/CVE listings) with a CVSS v3.1 base score of 8.8 (High) and adjacent attack vect...
PIX-LINK LV-WR22 安全漏洞
The PIX-LINK LV-WR22 is a wireless repeater from PIX-LINK. A security vulnerability exists in the PIX-LINK LV-WR22 RE3002-P1-01V117.0 version, which stems from vulnerability to improper access control attacks...
CVE-2024-46280
PIX-LINK LV-WR22 RE3002-P1-01V117.0 is vulnerable to Improper Access Control. The TELNET service is enabled with weak credentials for a root-level account, without the possibility of changing them...
CVE-2024-46280
PIX-LINK LV-WR22 RE3002-P1-01V117.0 is vulnerable to Improper Access Control. The TELNET service is enabled with weak credentials for a root-level account, without the possibility of changing them...