CVE-2022-30023

Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Command Injection via the Ping function...

Command injection

Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Command Injection via the Ping function...

CVE-2022-30023

Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Command Injection via the Ping function...

CVE-2022-30023

The CVE-2022-30023 issue affects Tenda ONT GPON AC1200 Dual Band WiFi HG9 (firmware v1.0.1). It is a command-injection vulnerability exploitable via the Ping function, enabling remote code execution with network access and high impact on confidentiality, integrity, and availability (as reflected ...

PT-2022-19976

Name of the Vulnerable Software and Affected Versions Tenda ONT GPON AC1200 Dual band WiFi HG9 version 1.0.1 Description The issue is related to Command Injection via the Ping function. Recommendations For Tenda ONT GPON AC1200 Dual band WiFi HG9 version 1.0.1, consider disabling the Ping functio...

Tenda AC1200 操作系统命令注入漏洞

The Tenda AC1200 is a wireless router from Tenda China. The Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 version suffers from an operating system command injection vulnerability, which can be exploited by an attacker to conduct a command injection attack via the Ping function...

undertow: Double AJP response for 400 from EAP 7 results in CPING failures

A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second...

Puwr - SSH Pivoting Script For Expanding Attack Surfaces On Local Networks

Easily expand your attack surface on a local network by discovering more hosts, via SSH. Using a machine running a SSH service, Puwr uses a given subnet range to scope out IP's, sending back any successful ping requests it has. This can be used to expand out an attack surface on a local network, ...

CVE-2022-30425

Tenda Technology Co.,Ltd HG6 3.3.0-210926 was discovered to contain a command injection vulnerability via the pingAddr and traceAddr parameters. This vulnerability is exploited via a crafted POST request...

CVE-2022-30425

Tenda Technology Co.,Ltd HG6 3.3.0-210926 was discovered to contain a command injection vulnerability via the pingAddr and traceAddr parameters. This vulnerability is exploited via a crafted POST request...

MAL-2022-625 Malicious code in @techops-ui/ping-authentication (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a749343c0f3bd880d49d9a576f5a3444ea3c61994a7d87d8f4f0f3fda0db14a5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @techops-ui/ping-authentication (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a749343c0f3bd880d49d9a576f5a3444ea3c61994a7d87d8f4f0f3fda0db14a5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

golang.org/x/net/http vulnerable to ping floods

Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU,...

GHSA-HGR8-6H9X-F7Q9 golang.org/x/net/http vulnerable to ping floods

Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU,...

Uncontrolled Resource Consumption

Some HTTP/2 implementations is vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU,...

Uncontrolled Resource Consumption

Some HTTP/2 implementations is vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU,...

CVE-2022-28944

Certain EMCO Software products are affected by: CWE-494: Download of Code Without Integrity Check. This affects MSI Package Builder for Windows 9.1.4 and Remote Installer for Windows 6.0.13 and Ping Monitor for Windows 8.0.18 and Remote Shutdown for Windows 7.2.2 and WakeOnLan 2.0.8 and Network...

Remote code execution

Certain EMCO Software products are affected by: CWE-494: Download of Code Without Integrity Check. This affects MSI Package Builder for Windows 9.1.4 and Remote Installer for Windows 6.0.13 and Ping Monitor for Windows 8.0.18 and Remote Shutdown for Windows 7.2.2 and WakeOnLan 2.0.8 and Network...

new packages: perl-Net-Ping

An update is available for perl-Net-Ping. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

CVE-2019-9512

A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...