CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

6.3CVSS7.3AI score0.00675EPSS

TOTOLINK A6000R 安全漏洞

The TOTOLINK A6000R is a high-performance wireless router that utilizes advanced technology and design to provide users with an outstanding network experience. A security vulnerability exists in the TOTOLINK A6000R actionpasswd function's handling of the newpasswd parameter, which can be exploite...

9.8CVSS9.2AI score0.01645EPSS

Linksys E7350 安全漏洞

The Linksys E7350 is a wireless router device from Leadsys. A security vulnerability exists in the handling of the ifname parameter by the Linksys E7350 apcliwpsgenpincode function, which can be exploited by a remote attacker to submit a special request that can be used in the application context...

5.1CVSS7.2AI score0.0074EPSS

TOTOLINK A6000R 安全漏洞

The TOTOLINK A6000R is a high-performance wireless router that utilizes advanced technology and design to provide users with an outstanding networking experience. A security vulnerability exists in the handling of the opmode parameter in the TOTOLINK A6000R actionreboot function, which can be...

8CVSS7.1AI score0.01174EPSS

Linksys E7350 安全漏洞

The Linksys E7350 is a wireless router device from Leadsys. An input validation vulnerability exists in the handling of the iface parameter by the Linksys E7350 vifdisable function, which can be exploited by a remote attacker to submit a special request that can be used in the application context...

9.8CVSS7.2AI score0.01645EPSS

Linksys E7350 安全漏洞

The Linksys E7350 is a wireless router device from Leadsys. A security vulnerability exists in the handling of the devname parameter by the Linksys E7350 resetwifi function, which can be exploited by a remote attacker to submit a special request that can be used in the application context to...

6.3CVSS7.1AI score0.00794EPSS

Linksys E7350 安全漏洞

The Linksys E7350 is a wireless router device from Leadsys. A security vulnerability exists in the handling of the ifname parameter in the Linksys E7350 apclicancelwps function, which can be exploited by a remote attacker to submit a special request that can be used in the application context to...

CNNVD•added 2025/01/10 12:0 a.m.•5 views

NETGEAR DGN1000 访问控制错误漏洞

The NETGEAR DGN1000 is a wireless router from NETGEAR for home and small office networking. An authentication bypass vulnerability exists in the NETGEAR DGN1000 prior to version 1.1.00.48. An attacker can exploit this vulnerability to take full control of the device by sending a constructed HTTP...

9.8CVSS9.2AI score0.28986EPSS

Exploits1References5

Positive Technologies•added 2025/01/09 12:0 a.m.•6 views

PT-2025-1386 · Opsview · Opsview Monitor Agent

Name of the Vulnerable Software and Affected Versions: Opsview Monitor Agent version 6.8 Description: A problem was discovered in Opsview Monitor Agent where an unauthenticated remote attacker can call check nrpe against affected targets, specifying known NRPE plugins. In default installations,...

9.8CVSS8AI score0.0116EPSS

Exploits0References4

CVE•added 2025/01/09 12:0 a.m.•54 views

CVE-2023-28354

An issue in Opsview Monitor Agent 6.8 allows an unauthenticated remote attacker to call NRPE via check_nrpe and escape NRPE plugin execution by sending command control characters, enabling remote execution of commands on the target as NT_AUTHORITY\SYSTEM. This is documented in multiple sources (N...

9.8CVSS8.1AI score0.0116EPSS

Vulnrichment•added 2025/01/09 12:0 a.m.•4 views

CVE-2023-28354

An issue was discovered in Opsview Monitor Agent 6.8. An unauthenticated remote attacker can call checknrpe against affected targets, specifying known NRPE plugins, which in default installations are configured to accept command control characters and pass them to command-line interpreters for NR...

7.8AI score0.0116EPSS

CNNVD•added 2025/01/09 12:0 a.m.•2 views

Opsview Monitor Agent 安全漏洞

Opsview Monitor Agent is a monitoring platform agent program from Opsview. A security vulnerability exists in Opsview Monitor Agent version 0.3.9.700 2022-09-28 and earlier, which stems from the ability of an unauthenticated remote attacker to invoke the checknrpe specified plug-in, which allows...

9.8CVSS7.4AI score0.0116EPSS

Exploits0References2

Positive Technologies•added 2025/01/09 12:0 a.m.•4 views

PT-2025-3384 · Totolink · Totolink X5000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK X5000R version V9.1.0cu.2350 B20230313 Description: The issue is related to the setVpnAccountCfg function, specifically the /web/cgi-bin/cstecgi.cgi endpoint, where the desc parameter is not properly sanitized, allowing an attacker t...

10CVSS9.6AI score0.01573EPSS

Exploits1References7

BDU FSTEC•added 2025/01/09 12:0 a.m.•6 views

The vulnerability of the hnap_main() function in D-LINK DIR-806 wireless router software allows a hacker to execute arbitrary commands, gain unauthorized access to protected information, or cause service failures.

The vulnerability of the hnapmain function in D-LINK DIR-806 wireless routers is related to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows an attacker to execute arbitrary commands remotely, gain unauthorized...

10CVSS8.3AI score0.19442EPSS

Exploits1References6

NVD•added 2025/01/07 6:15 p.m.•11 views

CVE-2024-54007

Multiple command injection vulnerabilities exist in the web interface of the 501 Wireless Client Bridge which could lead to authenticated remote command execution. Successful exploitation of these vulnerabilities result in the ability of an attacker to execute arbitrary commands as a privileged...

7.2CVSS0.0155EPSS

Cvelist•added 2025/01/07 5:12 p.m.•14 views

CVE-2024-54006 Authenticated Remote Command Injection Vulnerability in the Web Interface of a 501 Wireless Client Bridge

7.2CVSS0.0155EPSS

Vulnrichment•added 2025/01/07 5:12 p.m.•4 views

CVE-2024-54006 Authenticated Remote Command Injection Vulnerability in the Web Interface of a 501 Wireless Client Bridge

7.2CVSS7.7AI score0.0155EPSS