Lucene search
K

1992 matches found

Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.9 views

PT-2026-40598

Name of the Vulnerable Software and Affected Versions ELECOM wireless LAN access point devices affected versions not specified Description An OS command injection exists in the processing of the username parameter. This allows an unauthenticated attacker to execute arbitrary OS commands by sendin...

9.8CVSS7.5AI score0.01633EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.11 views

PT-2026-40596

ELECOM wireless LAN access point devices contain an OS command injection vulnerability in processing of ping ip addr parameter. If processing a crafted request sent by a logged-in user, an arbitrary OS command may be executed...

8.6CVSS7.2AI score0.01308EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.10 views

PT-2026-40593

ELECOM wireless LAN access point devices use a hard-coded cryptographic key when creating backups of configuration files. An attacker who knows the encryption key can tamper the configuration file of the product, and a victim administrator may be tricked to use a crafted configuration file...

6.9CVSS6.6AI score0.00124EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.19 views

PT-2026-40600

ELECOM wireless LAN access point devices do not check if language parameter has an appropriate value. If a user views a malicious page while logged in, the admin page on the user's web browser may become broken...

5.1CVSS5.8AI score0.00207EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/12 9:31 p.m.13 views

EUVD-2026-29739

A vulnerability in the command line interface of Access Points running AOS-10 could allow an authenticated remote attacker to perform command injection. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system. NOTE: This vulnerability only...

7.2CVSS6.2AI score0.00957EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/12 9:31 p.m.11 views

EUVD-2026-29734

A vulnerability in the web-based management interface of Access Points running AOS-10 and AOS-8 Instant could allow an unauthenticated remote attacker to execute arbitrary JavaScript code in a victim's browser within the same local network. Successful exploitation could allow an attacker to...

8.8CVSS6.2AI score0.0027EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/12 9:31 p.m.10 views

EUVD-2026-29737

A vulnerability in the configuration processing logic of Access Points running AOS-10 could allow an authenticated remote attacker to execute system commands under certain pre-existing conditions. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying...

7.2CVSS6.1AI score0.00616EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/12 9:31 p.m.12 views

EUVD-2026-29736

A vulnerability in the command line interface of Access Points running AOS-10 and AOS-8 Instant could allow an authenticated remote attacker to execute system commands in a restricted shell environment. Successful exploitation could allow an attacker to execute arbitrary commands on the underlyin...

7.2CVSS6.1AI score0.00555EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/12 9:31 p.m.10 views

EUVD-2026-29738

A vulnerability in the XML handling component of AOS-8 DHCP services could allow an unauthenticated remote attacker to trigger a denial-of-service condition. Successful exploitation could allow an attacker to cause excessive resource consumption upon user interaction, leading to service disruptio...

5.3CVSS5.8AI score0.00263EPSS
Exploits0References2
NVD
NVD
added 2026/05/12 7:16 p.m.9 views

CVE-2026-23822

A vulnerability in the XML handling component of AOS-8 DHCP services could allow an unauthenticated remote attacker to trigger a denial-of-service condition. Successful exploitation could allow an attacker to cause excessive resource consumption upon user interaction, leading to service disruptio...

5.3CVSS0.00263EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 7:16 p.m.9 views

CVE-2026-23819

A vulnerability in the web-based management interface of Access Points running AOS-10 and AOS-8 Instant could allow an unauthenticated remote attacker to execute arbitrary JavaScript code in a victim's browser within the same local network. Successful exploitation could allow an attacker to...

8.8CVSS0.0027EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 6:38 p.m.18 views

CVE-2026-23823

Summary: CVE-2026-23823 describes a vulnerability in the command line interface of Access Points running AOS-10, enabling an authenticated remote attacker to perform command injection and potentially execute arbitrary commands on the underlying operating system. Affected products/versions: Access...

7.2CVSS6.2AI score0.00957EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 6:37 p.m.9 views

CVE-2026-23822 Unauthenticated XML External Entity Injection in AOS-8 Instant allows Denial of Service

A vulnerability in the XML handling component of AOS-8 DHCP services could allow an unauthenticated remote attacker to trigger a denial-of-service condition. Successful exploitation could allow an attacker to cause excessive resource consumption upon user interaction, leading to service disruptio...

5.3CVSS5.8AI score0.00263EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 6:35 p.m.31 views

CVE-2026-23821 Inconsistent input filtering allows Authenticated Command Injection in AOS-10 CLI

A vulnerability in the configuration processing logic of Access Points running AOS-10 could allow an authenticated remote attacker to execute system commands under certain pre-existing conditions. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying...

7.2CVSS0.00616EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 6:35 p.m.7 views

CVE-2026-23821 Inconsistent input filtering allows Authenticated Command Injection in AOS-10 CLI

A vulnerability in the configuration processing logic of Access Points running AOS-10 could allow an authenticated remote attacker to execute system commands under certain pre-existing conditions. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying...

7.2CVSS6.1AI score0.00616EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 6:31 p.m.23 views

CVE-2026-23819

CVE-2026-23819 affects Access Points running AOS-10 and AOS-8 Instant, targeting the web-based management interface. The vulnerability arises from SSID processing in the web UI, enabling an unauthenticated remote attacker to inject and execute arbitrary JavaScript in a victim’s browser within the...

8.8CVSS6.2AI score0.0027EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 6:31 p.m.9 views

CVE-2026-23819 Error in SSID Processing allows Stored XSS in Web Management Interface

A vulnerability in the web-based management interface of Access Points running AOS-10 and AOS-8 Instant could allow an unauthenticated remote attacker to execute arbitrary JavaScript code in a victim's browser within the same local network. Successful exploitation could allow an attacker to...

8.8CVSS6.2AI score0.0027EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 6:31 p.m.32 views

CVE-2026-23819 Error in SSID Processing allows Stored XSS in Web Management Interface

A vulnerability in the web-based management interface of Access Points running AOS-10 and AOS-8 Instant could allow an unauthenticated remote attacker to execute arbitrary JavaScript code in a victim's browser within the same local network. Successful exploitation could allow an attacker to...

8.8CVSS0.0027EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.14 views

PT-2026-40340

A vulnerability in the command line interface of Access Points running AOS-10 could allow an authenticated remote attacker to perform command injection. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system. NOTE: This vulnerability only...

7.2CVSS6.2AI score0.00957EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.11 views

PT-2026-40336

A vulnerability in the web-based management interface of Access Points running AOS-10 and AOS-8 Instant could allow an unauthenticated remote attacker to execute arbitrary JavaScript code in a victim's browser within the same local network. Successful exploitation could allow an attacker to...

8.8CVSS6.2AI score0.0027EPSS
Exploits0References2
Rows per page
Query Builder