Lucene search
K

97 matches found

Vulnrichment
Vulnrichment
added 2023/07/13 2:59 a.m.18 views

CVE-2023-37563

ELECOM wireless LAN routers are vulnerable to sensitive information exposure, which allows a network-adjacent unauthorized attacker to obtain sensitive information. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S...

6.3AI score0.00291EPSS
Exploits0References3
Zero Day Initiative
Zero Day Initiative
added 2023/03/31 12:0 a.m.82 views

TP-Link AX1800 Firmware Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AX1800 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of firmware images. The issue results from the lack of prop...

8.8CVSS7.1AI score0.00712EPSS
Exploits0References1
Prion
Prion
added 2023/03/29 7:15 p.m.17 views

Design/Logic Flaw

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825 1.0.9/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the xupnpd service, which listens on TCP port 4044. The issue...

5.8CVSS8.8AI score0.00962EPSS
Exploits0References2Affected Software2
Prion
Prion
added 2023/03/29 7:15 p.m.14 views

Design/Logic Flaw

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

4.7CVSS6.9AI score0.01085EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/03/22 12:0 a.m.4 views

PT-2023-8670 · Bluez +9 · Bluez +9

Name of the Vulnerable Software and Affected Versions: BlueZ affected versions not specified Description: The issue is related to the improper validation of array indexes in the AVRCP protocol handling of BlueZ, which can result in a write past the end of an allocated buffer. This allows...

9.1CVSS8.4AI score0.07879EPSS
Exploits10References143
Prion
Prion
added 2023/01/26 6:59 p.m.19 views

Design/Logic Flaw

This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Dreambox plugin for the xupnpd service, which listens on...

5.8CVSS8.9AI score0.00968EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/01/26 6:59 p.m.24 views

Stack overflow

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the anweb service, which listens on TCP ports 80 and 443 by default. The issue...

5.8CVSS8.9AI score0.00623EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/01/13 10:15 p.m.15 views

Stack overflow

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6260 1.1.0.781.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setupwizard.cgi page. When parsing the SOAPLOGINTOKEN...

8.3CVSS8.8AI score0.01372EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/01/13 10:15 p.m.17 views

Stack overflow

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6260 1.1.0.781.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setupwizard.cgi page. A crafted SOAP request can trigg...

8.3CVSS8.9AI score0.0152EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2021/10/25 5:15 p.m.14 views

Stack overflow

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the var:menu parameter provided to the webpr...

5.8CVSS8.8AI score0.00794EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2021/07/07 8:15 a.m.13 views

Command injection

WRC-300FEBK, WRC-F300NF, WRC-733FEBK, WRH-300RD, WRH-300BK, WRH-300SV, WRH-300WH, WRH-H300WH, WRH-H300BK, WRH-300BK-S, and WRH-300WH-S all versions allows an unauthenticated network-adjacent attacker to execute an arbitrary OS command via unspecified vectors...

5.8CVSS8.8AI score0.00512EPSS
Exploits0References2
Prion
Prion
added 2021/04/14 4:15 p.m.19 views

Design/Logic Flaw

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handli...

8.3CVSS8.8AI score0.01127EPSS
Exploits0References2Affected Software43
Prion
Prion
added 2021/04/14 4:15 p.m.23 views

Design/Logic Flaw

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A7 AC1750 1.0.15 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of MAC addresses by the tdpServer endpoin...

7.9CVSS8.1AI score0.06598EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/04/14 4:15 p.m.17 views

Stack overflow

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. When parsing the...

8.3CVSS8.8AI score0.026EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2020/07/28 6:15 p.m.4 views

CVE-2020-15417

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.8410.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads. A crafted...

6.3CVSS7AI score0.01285EPSS
Exploits0References1
Prion
Prion
added 2020/07/28 6:15 p.m.28 views

Stack overflow

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.8410.0.58 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists...

8.3CVSS8.8AI score0.87343EPSS
Exploits2References1Affected Software1
Prion
Prion
added 2020/07/28 6:15 p.m.16 views

Design/Logic Flaw

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R6700 V1.0.4.8410.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of URLs. The issue results from th...

3.3CVSS6.3AI score0.00916EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder