CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Prion•added 2022/01/13 10:15 p.m.•14 views

Design/Logic Flaw

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6260 1.1.0.781.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SOAP requests. When parsing the SOAPAction...

8.3CVSS8.8AI score0.01374EPSS

Prion•added 2022/01/13 10:15 p.m.•16 views

Stack overflow

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6260 1.1.0.781.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setupwizard.cgi page. A crafted SOAP request can trigg...

8.3CVSS8.9AI score0.0152EPSS

Zero Day Initiative•added 2021/12/21 12:0 a.m.•17 views

Microsoft Azure Defender for IoT update-handshake Endpoint SQL Injection Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Microsoft Azure Defender for IoT. Authentication is not required to exploit this vulnerability. The specific flaw exists within the update-handshake endpoint. The issue results from the lack of proper...

9.8CVSS8.8AI score0.0403EPSS

Exploits1References1

CNVD•added 2021/11/01 12:0 a.m.•12 views

NETGEAR R6260 mini_httpd SOAP buffer overflow vulnerability

NETGEAR R6260 is a router device. A security vulnerability exists in NETGEAR R6260 routers, which stems from the device's failure to properly validate the length of user-supplied data before copying it to a fixed-length buffer, which could be exploited by an attacker to execute code in the root...

8.8CVSS6.2AI score0.01374EPSS

Zero Day Initiative•added 2021/10/28 12:0 a.m.•48 views

NETGEAR R6260 setupwizard.cgi Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6260 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setupwizard.cgi page. A crafted SOAP request can trigger an overflow...

8.8CVSS6.4AI score0.0152EPSS

NVD•added 2021/10/25 5:15 p.m.•12 views

CVE-2021-34862

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the var:menu parameter provided to the webpr...

8.8CVSS0.00794EPSS

Prion•added 2021/10/25 5:15 p.m.•12 views

Stack overflow

5.8CVSS8.8AI score0.00794EPSS

Prion•added 2021/10/25 5:15 p.m.•15 views

Stack overflow

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the webproc endpoint, which listens on TCP port 80 by defaul...

5.8CVSS8.8AI score0.00794EPSS

Cvelist•added 2021/10/25 5:10 p.m.•19 views

CVE-2021-34863

8.8CVSS9AI score0.01432EPSS

Cvelist•added 2021/10/25 5:10 p.m.•16 views

CVE-2021-34862

8.8CVSS9AI score0.00794EPSS

Zero Day Initiative•added 2021/08/18 12:0 a.m.•37 views

D-Link DAP-2020 webproc Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the webproc endpoint, which listens on TCP port 80 by default. The iss...

8.8CVSS5.1AI score0.00794EPSS

CNVD•added 2021/06/17 12:0 a.m.•28 views

Arlo Q Plus Trust Management Issue Vulnerability

Arlo Q Plus is a smart security camera from Arlo U.S.A. The Arlo Q Plus is vulnerable to a trust management issue that could be exploited by an attacker to escalate privileges and execute arbitrary code in the root context...

7.2CVSS4AI score0.00551EPSS

CNNVD•added 2021/06/14 12:0 a.m.•3 views

Arlo Q Plus 信任管理问题漏洞

7.2CVSS6.1AI score0.00551EPSS

Exploits0References5

NVD•added 2021/04/14 4:15 p.m.•16 views

CVE-2021-27249

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. The issue result...

8.8CVSS0.05089EPSS

Prion•added 2021/04/14 4:15 p.m.•17 views

Design/Logic Flaw

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the vendorspecific DHCP opcode. The...

8.3CVSS8.8AI score0.01118EPSS

Exploits0References2Affected Software43

Prion•added 2021/04/14 4:15 p.m.•15 views

Stack overflow

8.3CVSS8.8AI score0.026EPSS

Prion•added 2021/04/14 4:15 p.m.•17 views

Design/Logic Flaw

8.3CVSS8.8AI score0.05089EPSS