86 matches found
Command injection
In ProLink PRC2402M V1.0.18 and older, the setsyscmd function in the adm.cgi binary, accessible with a page parameter value of sysCMD contains a trivial command injection where the value of the command parameter is passed directly to system...
Command injection
In ProLink PRC2402M V1.0.18 and older, the setledonoff function in the adm.cgi binary, accessible with a page parameter value of ledonoff contains a trivial command injection where the value of the ledcmd parameter is passed directly to dosystem...
Design/Logic Flaw
In ProLink PRC2402M V1.0.18 and older, the setsysinit function in the login.cgi binary allows an attacker to reset the password to the administrative interface of the router...
CVE-2021-36708
In ProLink PRC2402M V1.0.18 and older, the setsysinit function in the login.cgi binary allows an attacker to reset the password to the administrative interface of the router...
CVE-2021-36708
ProLink PRC2402M routers (firmware v1.0.18 and earlier) are affected by CVE-2021-36708 due to a flaw in the set_sys_init function of login.cgi. This allows an attacker to reset the admin password on the router’s administrative interface. The connected documents confirm the vulnerable component an...
CVE-2021-36707
ProLink PRC2402M routers (V1.0.18 and older) are affected by a command-injection in the set_ledonoff function of the adm.cgi binary. The ledonoff page parameter triggers a vulnerability where the led_cmd parameter value is passed directly to do_system, enabling arbitrary command execution. Affect...
CVE-2021-36707
In ProLink PRC2402M V1.0.18 and older, the setledonoff function in the adm.cgi binary, accessible with a page parameter value of ledonoff contains a trivial command injection where the value of the ledcmd parameter is passed directly to dosystem...
CVE-2021-36706
In ProLink PRC2402M V1.0.18 and older, the setsyscmd function in the adm.cgi binary, accessible with a page parameter value of sysCMD contains a trivial command injection where the value of the command parameter is passed directly to system...
CVE-2021-36706
ProLink PRC2402M routers (version 1.0.18 and earlier) contain a command injection vulnerability in the adm.cgi page handler set_sys_cmd. The vulnerability is triggered by a sysCMD parameter value that is passed directly to the system() call, allowing an attacker to execute arbitrary commands. Pub...
CVE-2021-36705
In ProLink PRC2402M V1.0.18 and older, the setTR069 function in the adm.cgi binary, accessible with a page parameter value of TR069 contains a trivial command injection where the value of the TR069localport parameter is passed directly to system...
CVE-2021-36705
CVE-2021-36705 affects ProLink PRC2402M (V1.0.18 and older). The vulnerability is in the set_TR069 function of the adm.cgi binary, where the TR069 parameter TR069_local_port is passed directly to system, enabling a command injection. This is a network-accessible issue with high impact as describe...
ProLink PRC2402M 授权问题漏洞
ProLink PRC2402M is a router from ProLink Singapore. An information disclosure vulnerability exists in the setsysinit function in the login.cgi binary file of ProLink PRC2402M 1.0.18 and prior versions. An attacker can exploit this vulnerability to reset the password in the administrator interfac...
ProLink PRC2402M 命令注入漏洞
ProLink PRC2402M is a router from ProLink Singapore. A command injection vulnerability exists in the setTR069 function in the adm.cgi binary file of ProLink PRC2402M 1.0.18 and prior versions. An attacker can exploit this vulnerability to cause command injection by passing the TR069localport...
ProLink PRC2402M 命令注入漏洞
ProLink PRC2402M is a router from ProLink Singapore. A command injection vulnerability exists in the setsyscmd function in the adm.cgi binary file of ProLink PRC2402M 1.0.18 and prior versions. An attacker could exploit this vulnerability to cause command injection by passing the command paramete...
ProLink PRC2402M 命令注入漏洞
ProLink PRC2402M is a router from ProLink Singapore. A command injection vulnerability exists in the setledonoff function in the adm.cgi binary file of ProLink PRC2402M 1.0.18 and prior versions. An attacker can exploit this vulnerability to cause command injection by passing the ledcmd parameter...
prolink-usa.com XSS vulnerability
Vulnerable URL: http://www.prolink-usa.com/productDetail.php?productname=%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 2350953 Google...
PROLiNK H5004NK Backdoor Accounts / RBAC Failure / CSRF
Exploit Title: PROLiNK H5004NK ADSL Wireless Modem Multiple Vulnerabilities Discovered by: Karn Ganeshen Reported on: October 13, 2015 Vendor Response: No process to handle vuln reports Vendor Homepage: http://www.prolink2u.com/newtemp/datacom/adsl-modem-router/381-h5004nk.html Version Affected:...
PROLiNK H5004NK ADSL Wireless Modem - Multiple Vulnerabilities
Exploit for hardware platform in category web applications Exploit Title: PROLiNK H5004NK ADSL Wireless Modem Multiple Vulnerabilities Discovered by: Karn Ganeshen Reported on: October 13, 2015 Vendor Response: No process to handle vuln reports Vendor Homepage:...
PROLiNK H5004NK ADSL Wireless Modem - Multiple Vulnerabilities
PROLiNK H5004NK ADSL Wireless Modem - Multiple Vulnerabilities Exploit Title: PROLiNK H5004NK ADSL Wireless Modem Multiple Vulnerabilities Discovered by: Karn Ganeshen Reported on: October 13, 2015 Vendor Response: No process to handle vuln reports Vendor Homepage:...
PROLiNK H5004NK Cross Site Request Forgery
Exploit Title: PROLiNK H5004NK Multiple Vulnerabilities Date: 16-04-2015 Firmware: R76S Slt 4WNE1 6.1R Tested on: Windows 8 64-bit Exploit Author: Osanda Malith Jayathissa @OsandaMalith Disclaimer: Use this for educational purposes only! 1| Admin Password Manipulation XSRF...