CVE-2023-41198 D-Link DAP-1325 HNAP SetHostIPv6StaticSettings StaticDNS1 Command Injection Remote Code Execution Vulnerability

D-Link DAP-1325 HNAP SetHostIPv6StaticSettings StaticDNS1 Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this...

CVE-2023-41198

CVE-2023-41198 impacts the D-Link DAP-1325 router. The flaw is in the HNAP1 endpoint under the function SetHostIPv6StaticSettings, specifically the StaticDNS1 parameter. Lack of validation of a user-supplied string leads to command injection and remote code execution with root privileges. Attack ...

CVE-2023-41198 D-Link DAP-1325 HNAP SetHostIPv6StaticSettings StaticDNS1 Command Injection Remote Code Execution Vulnerability

D-Link DAP-1325 HNAP SetHostIPv6StaticSettings StaticDNS1 Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this...

CVE-2023-41197

CVE-2023-41197 describes a command injection/remote code execution in the D-Link DAP-1325 router through the HNAP1 endpoint, specifically SetHostIPv6StaticSettings StaticDefaultGateway. The flaw arises from inadequate validation of a user-supplied string used to construct a system call, allowing ...

CVE-2023-41196 D-Link DAP-1325 HNAP SetHostIPv6StaticSettings StaticAddress Command Injection Remote Code Execution Vulnerability

D-Link DAP-1325 HNAP SetHostIPv6StaticSettings StaticAddress Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this...

CVE-2023-41193 D-Link DAP-1325 HNAP SetAPLanSettings SecondaryDNS Command Injection Remote Code Execution Vulnerability

D-Link DAP-1325 HNAP SetAPLanSettings SecondaryDNS Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this...

CVE-2023-41193

D-Link DAP-1325 is affected by CVE-2023-41193 via the HNAP SetAPLanSettings (secondaryDNS) command injection, enabling remote code execution. The root cause is improper validation of a user-supplied string used to execute a system call in the HNAP1 SOAP endpoint, allowing network-adjacent attacke...

CVE-2023-41192 D-Link DAP-1325 HNAP SetAPLanSettings PrimaryDNS Command Injection Remote Code Execution Vulnerability

D-Link DAP-1325 HNAP SetAPLanSettings PrimaryDNS Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability...

CVE-2023-41192

CVE-2023-41192 affects D-Link DAP-1325 (HNAP1 SOAP endpoint) with a SetAPLanSettings/PrimaryDNS input handling flaw that allows remote code execution as root. The issue stems from insufficient validation of a user-supplied string used in a system call, enabling network-adjacent attackers to execu...

CVE-2023-41188 D-Link DAP-1325 HNAP SetAPLanSettings DeviceName Command Injection Remote Code Execution Vulnerability

D-Link DAP-1325 HNAP SetAPLanSettings DeviceName Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability...

CVE-2023-41188

CVE-2023-41188 affects D-Link DAP-1325 routers. The root cause is improper validation of a user-supplied string in the HNAP1 SOAP endpoint’s SetAPLanSettings DeviceName parameter, leading to remote code execution with root privileges. Exploitation requires network adjacency and no authentication....

CVE-2023-41187

CVE-2023-41187 affects D-Link DAP-1325 via HNAP: missing authentication allows network-adjacent attackers to execute arbitrary code with root privileges. The vulnerability stems from unauthenticated access to the HNAP interface. Documented by NVD and ZDI, with no confirmed exploit status or publi...

CVE-2023-41184 TP-Link Tapo C210 ActiveCells Stack-based Buffer Overflow Remote Code Execution Vulnerability

TP-Link Tapo C210 ActiveCells Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Tapo C210 IP cameras. Although authentication is required to exploit this vulnerabilit...

CVE-2023-39481 Softing Secure Integration Server Interpretation Conflict Remote Code Execution Vulnerability

Softing Secure Integration Server Interpretation Conflict Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, th...

CVE-2023-39481

CVE-2023-39481 affects Softing Secure Integration Server. The root cause is an inconsistency in URI parsing between NGINX and the application web server, enabling an attacker to execute arbitrary code in the root context. The vulnerability is described as remote code execution and is noted to all...

CVE-2023-39481 Softing Secure Integration Server Interpretation Conflict Remote Code Execution Vulnerability

Softing Secure Integration Server Interpretation Conflict Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, th...

CVE-2023-39471

The CVE-2023-39471 issue affects TP-Link TL-WR841N routers, specifically the ated_tp service. The vulnerability stems from improper validation of a user-supplied string used in a system call, enabling remote code execution. Exploitation is possible by network-adjacent attackers without authentica...

CVE-2023-39461 Triangle MicroWorks SCADA Data Gateway Event Log Improper Output Neutralization For Logs Arbitrary File Write Vulnerability

Triangle MicroWorks SCADA Data Gateway Event Log Improper Output Neutralization For Logs Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to write arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required...

CVE-2023-39462

CVE-2023-39462 affects Triangle MicroWorks SCADA Data Gateway. The vulnerability stems from improper validation in the processing of workspace files, allowing remote attackers to upload arbitrary files. Although authentication is required to exploit, the existing authentication mechanism can be b...

CVE-2023-39460

CVE-2023-39460 affects Triangle MicroWorks SCADA Data Gateway. The vulnerability lies in event log creation, where a user-supplied path is not properly validated before file operations, enabling directory traversal and arbitrary file creation. The root cause is inadequate validation of the path, ...