CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

123 matches found

Cvelist•added 2023/05/12 12:31 p.m.•20 views

CVE-2023-2682 Caton Live Mini_HTTPD ping.cgi command injection

A vulnerability was found in Caton Live up to 2023-04-26 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/ping.cgi of the component MiniHTTPD. The manipulation of the argument address with the input ;id;uname$IFS-a leads to command injection. The attack...

6.5CVSS10AI score0.01948EPSS

Exploits0References2

SUSE CVE•added 2023/02/15 4:36 a.m.•2 views

SUSE CVE-2017-17663

The htpasswd implementation of minihttpd before v1.28 and of thttpd before v2.28 is affected by a buffer overflow that can be exploited remotely to perform code execution...

9.8CVSS8AI score0.02453EPSS

Exploits0References2

NVD•added 2022/01/25 4:15 p.m.•18 views

CVE-2021-34865

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the minihttpd service, which listens on TCP port 80 by default. The...

8.8CVSS0.03075EPSS

Exploits0References2

Prion•added 2022/01/25 4:15 p.m.•19 views

Authentication flaw

8.3CVSS9.2AI score0.03075EPSS

Exploits0References2Affected Software17

CVE•added 2022/01/25 3:30 p.m.•64 views

CVE-2021-34865

CVE-2021-34865 affects NETGEAR routers running the mini_httpd service on port 80. The root cause is incorrect string matching logic when accessing protected pages, allowing network-adjacent attackers to bypass authentication and escalate to root-level arbitrary code execution. Affected software i...

8.8CVSS9.2AI score0.03075EPSS

Exploits0References2Affected Software1

Zero Day Initiative•added 2021/08/30 12:0 a.m.•63 views

NETGEAR Multiple Routers mini_httpd Authentication Bypass Vulnerability

8.8CVSS2.8AI score0.03075EPSS

Exploits0References1

CNNVD•added 2021/08/30 12:0 a.m.•5 views

NETGEAR 授权问题漏洞

Netgear NETGEAR is a router from the American company Netgear. A hardware device that connects two or more networks and acts as a gateway between networks. An authorization issue vulnerability exists in multiple NETGEAR router devices, which stems from the minihttpd service in the product not...

8.8CVSS8.1AI score0.03075EPSS

Exploits0References4

seebug.org•added 2021/07/12 12:0 a.m.•219 views

NETGEAR WAC104身份验证绕过漏洞(CVE-2021-35973)

Summary: Affected Model: NETGEAR WAC104 Dual Band 802.11ac Wireless Access Point Firmware Version: V1.0.4.13 from 2020-09-14 NETGEAR WAC104 Access Point has multiple vulnerabilities which - chained together - allow an attacker in LAN to both change device admin's password, and gain root shell on...

10CVSS10AI score0.03064EPSS

Exploits2

Prion•added 2021/06/30 3:15 p.m.•22 views

Authentication flaw

NETGEAR WAC104 devices before 1.0.4.15 are affected by an authentication bypass vulnerability in /usr/sbin/minihttpd, allowing an unauthenticated attacker to invoke any action by adding the &currentsetting.htm substring to the HTTP query, a related issue to CVE-2020-27866. This directly allows th...

10CVSS9.2AI score0.08656EPSS

Exploits2References2Affected Software1

CVE•added 2021/06/30 2:41 p.m.•83 views

CVE-2021-35973

The CVE-2021-35973 entry describes an authentication bypass in NETGEAR WAC104 devices (pre-1.0.4.15) via the mini_httpd component. Exploitation allows unauthenticated attackers to invoke actions by injecting the substring currentsetting.htm into HTTP queries, enabling password changes for the web...

10CVSS9.1AI score0.03064EPSS

Exploits2References2Affected Software1

Cvelist•added 2021/06/30 2:41 p.m.•35 views

CVE-2021-35973

9.8CVSS9.5AI score0.03064EPSS

Exploits2References2

OSV•added 2021/03/15 10:32 p.m.•2 views

USN-4848-1 mini-httpd vulnerability

It was discovered that ACME minihttpd did not properly handle HTTP GET requests with empty headers. A remote attacker could use this vulnerability to read arbitrary files...

6.5CVSS7.4AI score0.74036EPSS

Exploits0References2

NVD•added 2021/02/12 12:15 a.m.•19 views

CVE-2020-27866

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Authentication is not required to exploit this...

8.8CVSS0.08656EPSS

Exploits0References2

NVD•added 2021/02/12 12:15 a.m.•13 views

CVE-2020-27867

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Although authentication is required to exploit...

7.7CVSS0.02344EPSS

Exploits0References2

OSV•added 2021/02/12 12:15 a.m.•3 views

CVE-2020-27867

6.8CVSS7AI score0.02344EPSS

Exploits0References2

Prion•added 2021/02/12 12:15 a.m.•18 views

Authentication flaw

8.3CVSS8.9AI score0.08656EPSS

Exploits0References2Affected Software19

Prion•added 2021/02/12 12:15 a.m.•21 views

Design/Logic Flaw

7.7CVSS6.9AI score0.02344EPSS

Exploits0References2Affected Software19

CVE•added 2021/02/11 11:35 p.m.•75 views

CVE-2020-27867

CVE-2020-27867 affects NETGEAR routers (including R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100/AC2400) via a vulnerability in the mini_httpd service. The flaw arises when parsing the funjsq_access_token parameter, where insufficient validat...

7.7CVSS6.9AI score0.02344EPSS

In wildExploits0References2Affected Software1

Cvelist•added 2021/02/11 11:35 p.m.•19 views

CVE-2020-27867

6.8CVSS6.9AI score0.02344EPSS

Exploits0References2

Cvelist•added 2021/02/11 11:35 p.m.•27 views

CVE-2020-27866

8.8CVSS9AI score0.08656EPSS

Exploits0References2

Rows per page