CVE-2026-0407

CVE-2026-0407 describes an insufficient authentication vulnerability in NETGEAR WiFi range extenders. An adjacent attacker with WiFi authentication or a connected Ethernet port can bypass authentication and access the admin panel. Documented by multiple sources (NVD, Red Hat, CNNVD, CIRCL, EUVD, ...

CVE-2023-43627

Path traversal vulnerability in ACERA 1320 firmware ver.01.26 and earlier, and ACERA 1310 firmware ver.01.26 and earlier allows a network-adjacent authenticated attacker to alter critical information such as system files by sending a specially crafted request. They are affected when running in...

EUVD-2023-58505

Malicious code in bioql PyPI...

PT-2024-32433 · Aiphone · Aiphone Ixg System Ixg-2C7

Name of the Vulnerable Software and Affected Versions: AIPHONE IXG SYSTEM IXG-2C7 firmware versions 2.03 and earlier AIPHONE IXG SYSTEM IXG-2C7-L firmware versions 2.03 and earlier Description: The issue is related to insufficiently protected credentials, which may allow a network-adjacent...

CVE-2023-32148

D-Link DIR-2640 HNAP PrivateLogin Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2640 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within...

Command injection

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Brivo ACS100, ACS300 allows OS Command Injection, Bypassing Physical Security.This issue affects ACS100 Network Adjacent Access, ACS300 Physical Access: from 5.2.4 before 6.2.4.3...

CVE-2023-6260 Web UI OS Command Injection in Brivo ACS100, ACS300

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Brivo ACS100, ACS300 allows OS Command Injection, Bypassing Physical Security.This issue affects ACS100 Network Adjacent Access, ACS300 Physical Access: from 5.2.4 before 6.2.4.3...

CVE-2023-51363

VR-S1000 firmware Ver. 2.37 and earlier allows a network-adjacent unauthenticated attacker who can access the product's web management page to obtain sensitive information...

PT-2023-9185 · D Link · D-Link Dir-2640

Name of the Vulnerable Software and Affected Versions: D-Link DIR-2640 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640-US routers. The flaw exists within the prog.cgi file, which handl...

CVE-2023-32619

Archer C50 firmware versions prior to 'Archer C50JPV3230505' and Archer C55 firmware versions prior to 'Archer C55JPV1230506' use hard-coded credentials to login to the affected device, which may allow a network-adjacent unauthenticated attacker to execute an arbitrary OS command...

PT-2023-4966 · D Link · D-Link Dap-2622

Name of the Vulnerable Software and Affected Versions: D-Link DAP-2622 affected versions not specified Description: This issue allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2622 routers. The specific flaw exists within the DDP service,...

PT-2023-4860 · D Link · D-Link Dap-2622

Name of the Vulnerable Software and Affected Versions: D-Link DAP-2622 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. The specific flaw exists within the DDP service, resulti...

PT-2023-9252 · Actiontec · Actiontec Wcb6200Q

Name of the Vulnerable Software and Affected Versions: Actiontec WCB6200Q affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. The flaw exists within the HTTP server, where a...

PT-2022-26990 · D Link · D-Link Dir-825

Name of the Vulnerable Software and Affected Versions: D-Link DIR-825 version 1.0.9/EE Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The specific flaw exists within the Dreambox...