27 matches found
EUVD-2021-12223
Malware in sbrugna...
CVE-2021-25328
Skyworth Digital Technology RN510 V.3.1.0.4 RN510 V.3.1.0.4 contains a buffer overflow vulnerability in /cgi-bin/app-staticIP.asp. An authenticated attacker can send a specially crafted request to endpoint which can lead to a denial of service DoS or possible code execution on the device...
Shenzhen Skyworth RN510 Information Disclosure
Overview ======== Title:- UnAuthenticated Sensitive information Discloser in RN510 Mesh Extender. CVE-ID :- CVE-2021-25326 Author: Kaustubh G. Padwad Vendor: Shenzhen Skyworth Digital Technology Company Ltd.http://www.skyworthdigital.com/products Products: 1. RN510 with firmware V.3.1.0.4 Tested...
Shenzhen Skyworth RN510 Buffer Overflow
itle :- Authenticated Stack Overflow in RN510 mesh Device CVE-ID:- CVE-2021-25328 Author: Kaustubh G. Padwad Vendor: Shenzhen Skyworth Digital Technology Company Ltd.http://www.skyworthdigital.com/products Products: 1. RN510 with firmware V.3.1.0.4 Tested and verified Potential 2.RN620 with...
Shenzhen Skyworth RN510 Cross Site Request Forgery / Cross Site Scripting
Overview ======== Title:- Authenticated XSRF in RN510 Mesh Extender. CVE-ID :- CVE-2021-25327 Author: Kaustubh G. Padwad Vendor: Shenzhen Skyworth Digital Technology Company Ltd.http://www.skyworthdigital.com/products Products: 1. RN510 with firmware V.3.1.0.4 Tested and verified Potential 2.RN62...
Shenzhen Skyworth RN510 Buffer Overflow Vulnerability
Title :- Authenticated Stack Overflow in RN510 mesh Device CVE-ID:- CVE-2021-25328 Author: Kaustubh G. Padwad Vendor: Shenzhen Skyworth Digital Technology Company Ltd.http://www.skyworthdigital.com/products Products: 1. RN510 with firmware V.3.1.0.4 Tested and verified Potential 2.RN620 with...
Shenzhen Skyworth RN510 Cross Site Request Forgery / Cross Site Scripting Vulnerabilities
Overview ======== Title:- Authenticated XSRF in RN510 Mesh Extender. CVE-ID :- CVE-2021-25327 Author: Kaustubh G. Padwad Vendor: Shenzhen Skyworth Digital Technology Company Ltd.http://www.skyworthdigital.com/products Products: 1. RN510 with firmware V.3.1.0.4 Tested and verified Potential 2.RN62...
Shenzhen Skyworth RN510 Information Disclosure Vulnerability
Overview ======== Title:- UnAuthenticated Sensitive information Discloser in RN510 Mesh Extender. CVE-ID :- CVE-2021-25326 Author: Kaustubh G. Padwad Vendor: Shenzhen Skyworth Digital Technology Company Ltd.http://www.skyworthdigital.com/products Products: 1. RN510 with firmware V.3.1.0.4 Tested...
Skyworth Digital Technology RN510 Buffer Overflow Vulnerability
The RN510 is a dual-band wireless AC2100 access point from Skyworth Digital Technology. A buffer overflow vulnerability exists in /cgi-bin/app-staticIP.asp in the Skyworth Digital Technology RN510 version V.3.1.0.4. An attacker could exploit this vulnerability by sending a specially crafted reque...
Skyworth Digital Technology RN510 Cross-Site Request Forgery Vulnerability
The RN510 is a dual-band wireless AC2100 access point from Skyworth Digital Technology. A cross-site request forgery vulnerability exists in /cgi-bin/net-routeadd.asp and /cgi-bin/sec-urlfilter.asp in the Skyworth Digital Technology RN510 version V.3.1.0.4. No detailed vulnerability details are...
Skyworth Digital Technology RN510 Access Control Error Vulnerability
The RN510 is a dual-band wireless AC2100 access point from Skyworth Digital Technology. An access control error vulnerability exists in /cgi-bin/testversion.asp in the Skyworth Digital Technology RN510 version V.3.1.0.4. An attacker can exploit the vulnerability to obtain the SSID password and We...
CVE-2021-25327
Skyworth Digital Technology RN510 V.3.1.0.4 contains a cross-site request forgery CSRF vulnerability in /cgi-bin/net-routeadd.asp and /cgi-bin/sec-urlfilter.asp. Missing CSRF protection in devices can lead to XSRF, as the above pages are vulnerable to cross-site scripting XSS...
CVE-2021-25327
Skyworth Digital Technology RN510 V.3.1.0.4 contains a cross-site request forgery CSRF vulnerability in /cgi-bin/net-routeadd.asp and /cgi-bin/sec-urlfilter.asp. Missing CSRF protection in devices can lead to XSRF, as the above pages are vulnerable to cross-site scripting XSS...
CVE-2021-25326
Skyworth Digital Technology RN510 V.3.1.0.4 is affected by an incorrect access control vulnerability in/cgi-bin/testversion.asp. If Wi-Fi is connected but an unauthenticated user visits a URL, the SSID password and web UI password may be disclosed...
CVE-2021-25326
Skyworth Digital Technology RN510 V.3.1.0.4 is affected by an incorrect access control vulnerability in/cgi-bin/testversion.asp. If Wi-Fi is connected but an unauthenticated user visits a URL, the SSID password and web UI password may be disclosed...
CVE-2021-25328
Skyworth Digital Technology RN510 V.3.1.0.4 RN510 V.3.1.0.4 contains a buffer overflow vulnerability in /cgi-bin/app-staticIP.asp. An authenticated attacker can send a specially crafted request to endpoint which can lead to a denial of service DoS or possible code execution on the device...
Cross site request forgery (csrf)
Skyworth Digital Technology RN510 V.3.1.0.4 contains a cross-site request forgery CSRF vulnerability in /cgi-bin/net-routeadd.asp and /cgi-bin/sec-urlfilter.asp. Missing CSRF protection in devices can lead to XSRF, as the above pages are vulnerable to cross-site scripting XSS...
Buffer overflow
Skyworth Digital Technology RN510 V.3.1.0.4 RN510 V.3.1.0.4 contains a buffer overflow vulnerability in /cgi-bin/app-staticIP.asp. An authenticated attacker can send a specially crafted request to endpoint which can lead to a denial of service DoS or possible code execution on the device...
CVE-2021-25328
Skyworth Digital Technology RN510 V.3.1.0.4 RN510 V.3.1.0.4 contains a buffer overflow vulnerability in /cgi-bin/app-staticIP.asp. An authenticated attacker can send a specially crafted request to endpoint which can lead to a denial of service DoS or possible code execution on the device...
CVE-2021-25328
The CVE-2021-25328 vulnerability affects Skyworth Digital Technology RN510 firmware v3.1.0.4. It is a buffer overflow in /cgi-bin/app-staticIP.asp. An authenticated attacker can send a specially crafted request to that endpoint, potentially causing a denial of service or executing code on the dev...