Lucene search
K

97 matches found

CVE
CVE
added 2024/06/13 7:40 p.m.75 views

CVE-2024-5947

The CVE-2024-5947 issue affects Deep Sea Electronics DSE855. It arises from a missing authentication flow in the web UI that allows access to the configuration backup (Backup.bin), enabling network-adjacent attackers to disclose stored credentials. The flaw is exploitable without authentication v...

6.5CVSS6.1AI score0.02418EPSS
Exploits3References1Affected Software1
Cvelist
Cvelist
added 2024/06/13 7:40 p.m.32 views

CVE-2024-5948 Deep Sea Electronics DSE855 Multipart Boundary Stack-Based Buffer Overflow Remote Code Execution Vulnerability

Deep Sea Electronics DSE855 Multipart Boundary Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploi...

8.8CVSS0.01108EPSS
Exploits0References1
CVE
CVE
added 2024/05/23 9:55 p.m.78 views

CVE-2024-5242

CVE-2024-5242 affects TP-Link Omada ER605 routers. The vulnerability is a stack-based buffer overflow in the DDNS handling path (UpdateSvr1/CMDDNS) caused by improper validation of attacker-controlled data length before copying into a fixed-size stack buffer, enabling remote code execution as roo...

7.5CVSS8AI score0.00791EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/05/03 2:13 a.m.58 views

CVE-2023-44424

CVE-2023-44424 affects D-Link DIR-X3260 routers. A flaw in prog.cgi handling HNAP requests on the lighttpd web server (ports 80/443) allows command injection via an unsafely used user-supplied string, enabling code execution as root. Attack path requires network adjacency and bypasses authenticat...

8CVSS8.4AI score0.01114EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/05/03 1:58 a.m.20 views

CVE-2023-37310 D-Link DAP-2622 DDP Set Device Info Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP Set Device Info Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this...

8.8CVSS8.8AI score0.00855EPSS
Exploits0References2
CVE
CVE
added 2024/05/03 1:58 a.m.66 views

CVE-2023-35753

CVE-2023-35753 concerns D-Link DAP-2622. The DDP Set AG profile UUID component has a stack-based buffer overflow due to improper validation of user-supplied data length, enabling remote code execution with root privileges on routers. The vulnerability is exploitable by network-adjacent attackers ...

8.8CVSS9.1AI score0.00855EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/05/03 1:57 a.m.17 views

CVE-2023-35742 D-Link DAP-2622 DDP Configuration Restore Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP Configuration Restore Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit...

8.8CVSS9.1AI score0.00855EPSS
Exploits0References2
CVE
CVE
added 2024/05/03 1:57 a.m.89 views

CVE-2023-35743

CVE-2023-35743 concerns the D-Link DAP-2622 DDP service. The flaw is a stack-based buffer overflow caused by insufficient validation of the length of user-supplied data before copying into a fixed-size stack buffer, enabling remote code execution in the context of root. The vulnerability permits ...

8.8CVSS9AI score0.00895EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/05/03 1:57 a.m.64 views

CVE-2023-35730

The CVE-2023-35730 entry concerns D-Link DAP-2622 firmware vulnerability in the DDP service. A stack-based buffer overflow caused by improper validation of user-supplied data length can allow a network-adjacent attacker with no authentication to execute arbitrary code with root privileges. Docume...

8.8CVSS9.1AI score0.00855EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/05/03 1:57 a.m.43 views

CVE-2023-35725 D-Link DAP-2622 DDP User Verification Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP User Verification Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this...

8.8CVSS9.2AI score0.00855EPSS
Exploits0References2
CVE
CVE
added 2024/05/03 1:57 a.m.105 views

CVE-2023-34281

D‑Link DIR‑2150 is affected by CVE‑2023‑34281 due to a GetFirmwareStatus target command injection in the SOAP API interface (listening on TCP/80). The flaw lacks proper validation of a user‑supplied string that is used to execute a system call, enabling an attacker to run arbitrary code with root...

8CVSS7.3AI score0.0176EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/05/03 1:56 a.m.60 views

CVE-2023-32145

Consolidated view of CVE-2023-32145: D-Link DAP-1360 devices are affected by a hardcoded credentials authentication bypass in the web UI login handling. This enables network-adjacent attackers to bypass authentication without user interaction. The vulnerability scores high (CVSSv3.1: AV=A, AC:L, ...

8.8CVSS8.9AI score0.00916EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/04/24 5:45 a.m.50 views

CVE-2024-32051

CVE-2024-32051 affects RoamWiFi R10 prior to firmware version 4.8.45. The issue is the insertion of sensitive information into log files due to a vulnerability in the device’s logging behavior. Attackers with network-adjacent access and no authentication could potentially obtain sensitive informa...

6.5CVSS6.3AI score0.00278EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/04/15 10:44 a.m.20 views

CVE-2024-30220

Command injection vulnerability in PLANEX COMMUNICATIONS wireless LAN routers allows a network-adjacent unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port. Note that MZK-MF300N is no longer supported, therefore the update for this...

8.8CVSS7.8AI score0.01013EPSS
Exploits0References1
NVD
NVD
added 2024/04/12 3:15 p.m.16 views

CVE-2024-30381

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Juniper Networks Paragon Active Assurance Control Center allows a network-adjacent attacker with root access to a Test Agent Appliance the ability to access sensitive information about downstream devices. The...

8.4CVSS8.2AI score0.00457EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/02/28 11:8 p.m.32 views

CVE-2024-25579

OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit "WMC-2LX-B"...

6.8CVSS8.1AI score0.00838EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/01/10 11:25 p.m.16 views

CVE-2024-21833

Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product to execute arbitrary OS commands. The affected device, with the initial configuration, allows login only from the LAN port or Wi-Fi...

7.7AI score0.01072EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2024/01/10 11:25 p.m.3 views

CVE-2024-21821

Multiple TP-LINK products allow a network-adjacent authenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands...

7.6AI score0.00446EPSS
Exploits0References5
Zero Day Initiative
Zero Day Initiative
added 2023/12/21 12:0 a.m.26 views

(0Day) BlueZ Audio Profile AVRCP Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device. The specific flaw exists within the handling of the...

7.1CVSS7.3AI score0.01563EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2023/08/25 12:0 a.m.19 views

D-Link DAP-2622 DDP Configuration Restore Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation ...

8.8CVSS7.3AI score0.00895EPSS
Exploits0References1
Rows per page
Query Builder