97 matches found
CVE-2024-5947
The CVE-2024-5947 issue affects Deep Sea Electronics DSE855. It arises from a missing authentication flow in the web UI that allows access to the configuration backup (Backup.bin), enabling network-adjacent attackers to disclose stored credentials. The flaw is exploitable without authentication v...
CVE-2024-5948 Deep Sea Electronics DSE855 Multipart Boundary Stack-Based Buffer Overflow Remote Code Execution Vulnerability
Deep Sea Electronics DSE855 Multipart Boundary Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploi...
CVE-2024-5242
CVE-2024-5242 affects TP-Link Omada ER605 routers. The vulnerability is a stack-based buffer overflow in the DDNS handling path (UpdateSvr1/CMDDNS) caused by improper validation of attacker-controlled data length before copying into a fixed-size stack buffer, enabling remote code execution as roo...
CVE-2023-44424
CVE-2023-44424 affects D-Link DIR-X3260 routers. A flaw in prog.cgi handling HNAP requests on the lighttpd web server (ports 80/443) allows command injection via an unsafely used user-supplied string, enabling code execution as root. Attack path requires network adjacency and bypasses authenticat...
CVE-2023-37310 D-Link DAP-2622 DDP Set Device Info Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability
D-Link DAP-2622 DDP Set Device Info Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this...
CVE-2023-35753
CVE-2023-35753 concerns D-Link DAP-2622. The DDP Set AG profile UUID component has a stack-based buffer overflow due to improper validation of user-supplied data length, enabling remote code execution with root privileges on routers. The vulnerability is exploitable by network-adjacent attackers ...
CVE-2023-35742 D-Link DAP-2622 DDP Configuration Restore Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability
D-Link DAP-2622 DDP Configuration Restore Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit...
CVE-2023-35743
CVE-2023-35743 concerns the D-Link DAP-2622 DDP service. The flaw is a stack-based buffer overflow caused by insufficient validation of the length of user-supplied data before copying into a fixed-size stack buffer, enabling remote code execution in the context of root. The vulnerability permits ...
CVE-2023-35730
The CVE-2023-35730 entry concerns D-Link DAP-2622 firmware vulnerability in the DDP service. A stack-based buffer overflow caused by improper validation of user-supplied data length can allow a network-adjacent attacker with no authentication to execute arbitrary code with root privileges. Docume...
CVE-2023-35725 D-Link DAP-2622 DDP User Verification Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability
D-Link DAP-2622 DDP User Verification Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this...
CVE-2023-34281
D‑Link DIR‑2150 is affected by CVE‑2023‑34281 due to a GetFirmwareStatus target command injection in the SOAP API interface (listening on TCP/80). The flaw lacks proper validation of a user‑supplied string that is used to execute a system call, enabling an attacker to run arbitrary code with root...
CVE-2023-32145
Consolidated view of CVE-2023-32145: D-Link DAP-1360 devices are affected by a hardcoded credentials authentication bypass in the web UI login handling. This enables network-adjacent attackers to bypass authentication without user interaction. The vulnerability scores high (CVSSv3.1: AV=A, AC:L, ...
CVE-2024-32051
CVE-2024-32051 affects RoamWiFi R10 prior to firmware version 4.8.45. The issue is the insertion of sensitive information into log files due to a vulnerability in the device’s logging behavior. Attackers with network-adjacent access and no authentication could potentially obtain sensitive informa...
CVE-2024-30220
Command injection vulnerability in PLANEX COMMUNICATIONS wireless LAN routers allows a network-adjacent unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port. Note that MZK-MF300N is no longer supported, therefore the update for this...
CVE-2024-30381
An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Juniper Networks Paragon Active Assurance Control Center allows a network-adjacent attacker with root access to a Test Agent Appliance the ability to access sensitive information about downstream devices. The...
CVE-2024-25579
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit "WMC-2LX-B"...
CVE-2024-21833
Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product to execute arbitrary OS commands. The affected device, with the initial configuration, allows login only from the LAN port or Wi-Fi...
CVE-2024-21821
Multiple TP-LINK products allow a network-adjacent authenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands...
(0Day) BlueZ Audio Profile AVRCP Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device. The specific flaw exists within the handling of the...
D-Link DAP-2622 DDP Configuration Restore Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation ...