6 matches found
CVE-2025-59886
The CVE-2025-59886 issue affects Eaton xComfort ECI, specifically improper input validation at a web interface endpoint. This could allow a network-adjacent attacker to execute privileged commands on the device. Multiple sources corroborate a high-severity impact (CVSS 3.1: Network access, Privil...
CVE-2024-8132
A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. It has been classified as critical. This...
CVE-2024-4964
UNSUPPORTED WHEN ASSIGNED A vulnerability has been found in D-Link DAR-7000-40 V31R02B1413C and classified as critical. This vulnerability affects unknown code of the file /firewall/urlblist.php. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated...
CVE-2024-4965
The CVE-2024-4965 issue is a remote OS command injection in D-Link DAR-7000-40 (V31R02B1413C) triggered by manipulating the load parameter in /useratte/resmanage.php. Affected product: D-Link DAR-7000-40 (and possibly DAR-7000/DAR-8000 per PT-2024-3650). Root cause: lack of input neutralization i...
CVE-2024-0769 D-Link DIR-859 HTTP POST Request hedwig.cgi path traversal
UNSUPPORTED WHEN ASSIGNED A vulnerability was found in D-Link DIR-859 1.06B01. It has been rated as critical. Affected by this issue is some unknown functionality of the file /hedwig.cgi of the component HTTP POST Request Handler. The manipulation of the argument service with the input...
Out-of-bounds
UNSUPPORTED WHEN ASSIGNED A vulnerability has been found in D-Link DAR-8000 up to 20151231 and classified as critical. This vulnerability affects unknown code of the file /sysmanage/changelogo.php. The manipulation of the argument fileupload leads to unrestricted upload. The attack can be initiat...