Victure WR1200 操作系统命令注入漏洞

The Victure WR1200 is a router. A security vulnerability exists in the Victure WR1200 1.0.3 and prior versions, which stems from a lack of command filtering and restriction in the device's web interface, resulting in a command injection vulnerability that could be exploited by an attacker to inje...

Tp-link TL-WR840N Code Injection Vulnerability

Tp-link TL-WR840N is a wireless router from Tp-link China. tp-link TL-WR840N EU v5 router TL-WR840NEU v5 171211 firmware previous version has a security vulnerability where the PING function in the device lacks filtering and escaping for data submitted by IP address and is vulnerable to to remote...

Lantronix PremierWave 2050 操作系统命令注入漏洞

The Lantronix PremierWave 2050 is an embedded enterprise Wi-Fi module from Lantronix, Inc. The Lantronix PremierWave 2050 in version 8.9.0.0R4 is vulnerable to OS command injection, which stems from a Web Manager Diagnostics:Ping feature that fails to properly filter special characters, commands,...

Lantronix PremierWave 2050 Web Manager Ping stack-based buffer overflow vulnerability

Summary A stack-based buffer overflow vulnerability exists in the Web Manager Ping functionality of Lantronix PremierWave 2050 8.9.0.0R4 in QEMU. A specially crafted HTTP request can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2021-41653

The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840NEUV5171211 is vulnerable to remote code execution via a crafted payload in an IP address input field...

Tp-link TL-WR840N 代码注入漏洞

Tp-link TL-WR840N is a wireless router from Tp-link China. tp-link TL-WR840N EU v5 router TL-WR840NEU v5 171211 firmware previous version has a security vulnerability where the PING function in the device lacks filtering and escaping for data submitted by IP address and is vulnerable to to remote...

CVE-2021-39474

Vulnerability in the product Docsis 3.0 UBC1319BA00 Router supported affected version 1319010201r009. The vulnerability allows an attacker with privileges and network access through the ping.cmd component to execute commands on the device...

Connect Box EuroDOCSIS 3.0 Voice Gateway 操作系统命令注入漏洞

The Connect Box EuroDOCSIS 3.0 Voice Gateway is a home voice gateway device. An operating system command injection vulnerability exists in Connect Box EuroDOCSIS 3.0 Voice Gateway that allows an attacker with privileges and network access to execute commands on the device via the ping.cmd compone...

CVE-2021-38470

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to an attacker using a ping tool to inject commands into the device. This may allow the attacker to remotely run commands on behalf of the device...

Command injection

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to an attacker using a ping tool to inject commands into the device. This may allow the attacker to remotely run commands on behalf of the device...

Wire has unspecified vulnerabilities (CNVD-2022-10740)

Wire is a chat software from a personal developer. The software supports Web, WindowsiOS, Android, and OS X platforms, has group functionality, the ability to make voice calls, send photos, and its ingenious way of saying hello, PING. Wire has a security vulnerability that allows users of Wire by...

Ping Identity PingFederate 代码问题漏洞

Ping Identity PingFederate is a flagship software-based federation server in the United States. used for identity management. A security vulnerability exists in Ping Identity PingFederate that stems from improper handling of pre-parsed validation, resulting in an XXE attack that can enable XML fi...

CVE-2021-40329

The Authentication API in Ping Identity PingFederate before 10.3 mishandles certain aspects of external password management...

Authentication flaw

The Authentication API in Ping Identity PingFederate before 10.3 mishandles certain aspects of external password management...

CVE-2021-40329

Summary: CVE-2021-40329 affects Ping Identity PingFederate’s Authentication API prior to version 10.3, where external password management is mishandled. The vulnerability is tied to authentication handling and could impact confidentiality, integrity, and availability as reflected by the CVSS metr...

Ping Identity PingFederate 加密问题漏洞

Ping Identity PingFederate is a flagship software-based federation server in the United States. for identity management. A cryptographic issue vulnerability exists in Ping Identity PingFederate that stems from the mishandling of certain aspects of external password management by the Authenticatio...

CVE-2021-31923

Ping Identity PingAccess before 5.3.3 is affected by an HTTP request smuggling vulnerability via header manipulation. The CVE-2021-31923 entry is corroborated by multiple sources (NVD, Red Hat advisory, CVE records) indicating the issue lies in PingAccess prior to version 5.3.3. The available doc...

CVE-2021-31923

Ping Identity PingAccess before 5.3.3 allows HTTP request smuggling via header manipulation...

PT-2021-5456 · Tp Link · Tp-Link Tl-Wr840N

Name of the Vulnerable Software and Affected Versions: TP-Link TL-WR840N EU v5 router with firmware through TL-WR840NEU V5 171211 Description: The PING function is vulnerable to remote code execution via a crafted payload in an IP address input field. This issue is related to incorrect code...

Smurf DDoS attack:❗️ How it works and how to mitigate

Attacks geared at denying users access to servers are executed in different ways. One notable approach — similar in many forms of service denials — is the use of volume. The sheer volume of requests is employed by attackers to render a particular network useless. A good representation of that is...