261 matches found
CVE-2023-2573
The CVE-2023-2573 issue affects Advantech EKI-1521/1522/1524 devices up to firmware 1.21. The vulnerability is a command injection in the NTP server input field that can be triggered by authenticated users via a crafted POST request, exposing confidentiality, integrity, and availability (CVSS v3....
CVE-2023-2573 Authenticated Command Injection
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the NTP server input field, which can be triggered by authenticated users via a crafted POST request...
CVE-2023-2391
A vulnerability was found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic. This issue affects some unknown processing of the file scgi-bin/platform.cgi?page=timezone.htm of the component Web Management Interface. The manipulation of the argument ntp.server2 leads to cross site...
CVE-2023-26554
An out-of-bounds write flaw was found in the ntp package. A remote attacker may trigger this vulnerability by sending malicious data packets to the ntp server. An adversary may be able to attack a client ntpq process, but cannot attack ntpd...
CVE-2023-26553
An out-of-bounds write flaw was found in the ntp package. A remote attacker may trigger this vulnerability by sending malicious data packets to the ntp server. An adversary may be able to attack a client ntpq process, but cannot attack ntpd...
CVE-2023-26552
An out-of-bounds write flaw was found in the ntp package. A remote attacker may trigger this vulnerability by sending malicious data packets to the ntp server. An adversary may be able to attack a client ntpq process, but cannot attack ntpd...
CVE-2023-26551
An out-of-bounds write flaw was found in the ntp package. A remote attacker can trigger this vulnerability by sending malicious data packets to the ntp server. An adversary may be able to attack a client ntpq process, but cannot attack ntpd...
K17527: NTP vulnerability CVE-2015-7705
Security Advisory Description The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests. CVE-2015-7705 Impact An attacker with the ability to spoof multiple client requests may be able to...
dnsmasq security and bug fix update
2.79-24 - Prevent endless loop in forwardquery 2120357 2.79-23 - Add IPv6 ntp-server suboptions support 2049691 2.79-22 - Prevent use after free in dhcp6norelay CVE-2022-0934...
Command injection
D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the systemtimetimezone parameter at function SetNTPServerSettings...
CVE-2022-42160
D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the systemtimetimezone parameter at function SetNTPServerSettings...
CVE-2022-28573
D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetNTPserverSeting. This vulnerability allows attackers to execute arbitrary commands via the systemtimetimezone parameter...
CVE-2022-28573
CVE-2022-28573 concerns D-Link DIR-823-Pro firmware v1.0.2 where the vulnerable function is SetNTPserverSeting(). The issue allows an attacker to trigger a command injection via the system_time_timezone parameter, enabling arbitrary command execution. Multiple connected sources (NVD, Red Hat, CVE...
CVE-2022-25457
Tenda AC6 v15.03.05.09multi was discovered to contain a stack overflow via the ntpserver parameter in the SetSysTimeCfg function...
CVE-2022-27000
Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the time and time zone function via the hprimaryntpserver, hbackupntpserver, and htimezone parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
CVE-2022-27000
Arris TR3300 v1.0.13 is affected by a command-injection vulnerability in the time and time zone function, exploitable via h_primary_ntp_server, h_backup_ntp_server, and h_time_zone parameters. The issue allows arbitrary command execution and is described across multiple sources (NVD/Red Hat/CNVD/...
CVE-2022-25555
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service DoS via the ntpServer parameter...
CVE-2021-41383
setup.cgi on NETGEAR R6020 1.0.0.48 devices allows an admin to execute arbitrary shell commands via shell metacharacters in the ntpserver field...
CVE-2021-41383
setup.cgi on NETGEAR R6020 1.0.0.48 devices allows an admin to execute arbitrary shell commands via shell metacharacters in the ntpserver field...
CVE-2021-41383
CVE-2021-41383 affects NETGEAR R6020 router firmware 1.0.0.48. Vulnerability arises from lack of validation/filtering in setup.cgi ntp_server field, allowing an administrator to inject shell commands and execute arbitrary commands on the device. Exploitation details are not provided in the availa...