EUVD-2024-52202

Malicious code in bioql PyPI...

CVE-2024-53940

An issue was discovered in Victure RX1800 WiFi 6 Router software ENV1.0.0r12110933, hardware 1.0 devices. Certain /cgi-bin/luci/admin endpoints are vulnerable to command injection. Attackers can exploit this by sending crafted payloads through parameters intended for the ping utility, enabling...

CVE-2024-53942

An issue was discovered on NRadio N8-180 NROS-1.9.2.n3.c5 devices. The /cgi-bin/luci/nradio/basic/radio endpoint is vulnerable to command injection via the 2.4 GHz and 5 GHz name parameters, allowing a remote attacker to execute arbitrary OS commands on the device with root-level permissions via...

CVE-2024-53937

An issue was discovered on Victure RX1800 WiFi 6 Router software ENV1.0.0r12110933, hardware 1.0 devices. The TELNET service is enabled by default with admin/admin as default credentials and is exposed over the LAN. The allows attackers to execute arbitrary commands with root-level permissions...

CVE-2024-53939

An issue was discovered in Victure RX1800 WiFi 6 Router software ENV1.0.0r12110933, hardware 1.0 devices. The /cgi-bin/luci/admin/opsw/Dualfrequnapple endpoint is vulnerable to command injection through the 2.4 GHz and 5 GHz name parameters, allowing an attacker to execute arbitrary commands on t...

CVE-2024-53937

An issue was discovered on Victure RX1800 WiFi 6 Router software ENV1.0.0r12110933, hardware 1.0 devices. The TELNET service is enabled by default with admin/admin as default credentials and is exposed over the LAN. The allows attackers to execute arbitrary commands with root-level permissions...

CVE-2024-53940

An issue was discovered in Victure RX1800 WiFi 6 Router software ENV1.0.0r12110933, hardware 1.0 devices. Certain /cgi-bin/luci/admin endpoints are vulnerable to command injection. Attackers can exploit this by sending crafted payloads through parameters intended for the ping utility, enabling...

CVE-2024-53940

CVE-2024-53940 affects Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933; hardware 1.0). Certain /cgi-bin/luci/admin endpoints are vulnerable to command injection; crafted payloads in parameters meant for the ping utility can lead to arbitrary command execution at root. Exploitation is ...

CVE-2024-53939

An issue was discovered in Victure RX1800 WiFi 6 Router software ENV1.0.0r12110933, hardware 1.0 devices. The /cgi-bin/luci/admin/opsw/Dualfrequnapple endpoint is vulnerable to command injection through the 2.4 GHz and 5 GHz name parameters, allowing an attacker to execute arbitrary commands on t...

CVE-2024-53939

CVE-2024-53939 affects Victure RX1800 WiFi 6 Router (EN_V1.0.0_r12_110933, hardware 1.0). The endpoint /cgi-bin/luci/admin/opsw/Dual_freq_un_apple is vulnerable to command injection via the 2.4 GHz and 5 GHz name parameters, enabling an attacker to execute arbitrary commands with root-level permi...

CVE-2024-53937

Affects Victure RX1800 WiFi 6 Router (EN_V1.0.0_r12_110933, hardware 1.0). TELNET is enabled by default with admin/admin credentials and exposed over the LAN, allowing attackers to execute arbitrary commands with root-level permissions. The TELNET password is dictated by the current GUI password,...

CVE-2024-45242

EnGenius ENH1350EXT A8J-ENH1350EXT devices through 3.9.3.2c1.9.51 allow blind OS Command Injection via shell metacharacters to the Ping or Speed Test utility. During the time of initial setup, the device creates an open unsecured network whose admin panel is configured with the default credential...

CVE-2024-45242

EnGenius ENH1350EXT A8J-ENH1350EXT devices through 3.9.3.2c1.9.51 allow blind OS Command Injection via shell metacharacters to the Ping or Speed Test utility. During the time of initial setup, the device creates an open unsecured network whose admin panel is configured with the default credential...

TP-Link Wi-Fi extender remote code execution vulnerability analysis-vulnerability warning-the black bar safety net

WiFi extender can enlarge the WiFi signal, mainly used for large or multi-storey residential, and the router signal can not cover the family's case. The extender's principle is from the main router to get a WiFi signal, and broadcast channel other WiFi signal weak or no signal area. IBM X-Force...

Cradlepoint MBR 1200 / 1400 Local File Inclusion

Exploit Title: Cradlepoint MBR LFI Date: 7/7/2015 Exploit Author: DocHak Vendor Homepage: https://cradlepoint.com/ Version: 1200/1400 REQUIRED Tested on: Embedded linux I found a local file include with root level permissions on cradlepoint routers. So far looks like it works on MBR1400 and MBR12...

Cradlepoint MBR1400 and MBR1200 - Local File Inclusion

Exploit Title: Cradlepoint MBR LFI Date: 7/7/2015 Exploit Author: DocHak Vendor Homepage: https://cradlepoint.com/ Version: 1200/1400 REQUIRED Tested on: Embedded linux I found a local file include with root level permissions on cradlepoint routers. So far looks like it works on MBR1400 and MBR12...

Cradlepoint MBR1400 and MBR1200 Local File Inclusion Vulnerability

Exploit for hardware platform in category web applications Exploit Title: Cradlepoint MBR LFI Date: 7/7/2015 Exploit Author: DocHak Vendor Homepage: https://cradlepoint.com/ Version: 1200/1400 REQUIRED Tested on: Embedded linux I found a local file include with root level permissions on cradlepoi...