ESP-IDF 安全漏洞

ESP-IDF is an Espressif open source development framework for Espressif SoCs supported on Windows, Linux and macOS. A security vulnerability exists in ESP-IDF version v.5.1, which stems from the presence of a buffer overflow vulnerability that could allow a remote attacker to obtain sensitive...

CVE-2024-9786

A vulnerability, which was classified as critical, has been found in D-Link DIR-619L B1 2.06. Affected by this issue is the function formSetLog of the file /goform/formSetLog. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has...

CVE-2024-9782

A vulnerability was found in D-Link DIR-619L B1 2.06. It has been declared as critical. This vulnerability affects the function formEasySetupWWConfig of the file /goform/formEasySetupWWConfig. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely...

CVE-2024-9557

A vulnerability has been found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This vulnerability affects the function formSetWanPPPoE of the file /goform/formSetWanPPPoE. The manipulation of the argument webpage leads to buffer overflow. The attack can be initiated remotely. The...

CVE-2024-9514

A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been declared as critical. This vulnerability affects the function formSetDomainFilter of the file /goform/formSetDomainFilter. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely...

Backdoor.Win32.Prorat.jz MVID-2024-0699 Buffer Overflow

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/277f9a4db328476300c4da5f680902ea.txt Contact: [email protected] Media: x.com/malvuln Threat: Backdoor.Win32.Prorat.jz Vulnerability: Remote Stack Buffer Overflow SEH Description: The RAT...

CVE-2024-8579

A vulnerability classified as critical has been found in TOTOLINK AC1200 T8 4.1.5cu.861B20230220. This affects the function setWiFiRepeaterCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to buffer overflow. It is possible to initiate the attack remotely. The...

D-Link多款产品 安全漏洞

D-Link DNS Series and D-Link DNR Series are both products of China-based D-Link Corporation.D-Link DNS Series is a series of NAS network storage devices.D-Link DNR Series is a series of network video recorders. A security vulnerability exists in several D-Link products. The vulnerability stems fr...

CVE-2024-7463

CVE-2024-7463 affects TOTOLINK CP900 (v6.3c.566). The vulnerability is in the UploadCustomModule function of /cgi-bin/cstecgi.cgi, where unsafely handling the File parameter leads to a buffer overflow. This allows remote exploitation and could enable arbitrary code execution or device compromise....

CVE-2024-7336

A vulnerability classified as critical was found in TOTOLINK EX200 4.0.3c.7646B20201211. Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument httphost leads to buffer overflow. The attack can be launched remotely. The exploit...

CVE-2024-7212

A vulnerability, which was classified as critical, has been found in TOTOLINK A7000R 9.1.0u.6268B20220504. This issue affects the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to buffer overflow. The attack may be initiated remotely. The...

PT-2024-38172 · Totolink · Totolink A7000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A7000R version 9.1.0u.6268 B20220504 Description: A critical issue has been found in the function loginauth of the file /cgi-bin/cstecgi.cgi, where the manipulation of the password argument leads to buffer overflow. The attack can be...

CVE-2024-7185

A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182B20201102 and classified as critical. Affected by this issue is the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument webWlanIdx leads to buffer overflow. The attack may be launched remotely. The...

CVE-2024-7185

The CVE-2024-7185 entry concerns TOTOLINK A3600R (v4.1.2cu.5182_B20201102). The vulnerability lies in the function setWebWlanIdx within /cgi-bin/cstecgi.cgi; manipulating the webWlanIdx argument causes a buffer overflow. Attack vector is NETWORK with low complexity and no privileges beyond LOW, p...

CVE-2024-7177

A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182B20201102. It has been classified as critical. Affected is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument langType leads to buffer overflow. It is possible to launch the attack remotely. The...

CVE-2024-7173

A vulnerability, which was classified as critical, has been found in TOTOLINK A3600R 4.1.2cu.5182B20201102. Affected by this issue is the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password/httphost leads to buffer overflow. The attack may be launched...

PT-2024-38135 · Totolink · Totolink A3600R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3600R version 4.1.2cu.5182 B20201102 Description: A critical issue has been found in the loginauth function of the /cgi-bin/cstecgi.cgi file. The manipulation of the password and http host arguments leads to a buffer overflow. This...

PT-2024-5478 · Totolink · Totolink N350Rt

Name of the Vulnerable Software and Affected Versions: TOTOLINK N350RT version 9.3.5u.6139 B20201216 Description: A critical issue affects the setParentalRules function of the /cgi-bin/cstecgi.cgi file, causing a buffer overflow when the week, sTime, and eTime parameters are manipulated. This can...

The vulnerability of the fromNatlimit function in Tenda W30E microprogrammable router software allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the fromNatlimit function in the Tenda W30E router’s microprogramming system is related to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a remote attacker to compromise the confidentiality, integrity, and accessibility of the...

PT-2024-3133 · Tenda · Tenda Ac8

Name of the Vulnerable Software and Affected Versions: Tenda AC8 version 16.03.34.09 Description: A critical issue affects the function R7WebsSecurityHandler of the file /goform/execCommand, leading to a stack-based buffer overflow when the password argument is manipulated. This can be exploited...