CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Nuclei•added 6 hours ago•7 views

TOTOLINK/Realtek Routers - Information Disclosure

A certain router administration interface using Realtek APMIB e.g., on TOTOLINK models allows unauthenticated remote attackers to disclose the entire router configuration, including sensitive credentials, via accessing the "config.dat" file. Affected devices include TOTOLINK A3002RU through 2.0.0...

7.5CVSS7.3AI score0.08669EPSS

Exploits3References2

Nuclei•added 6 hours ago•38 views

WAVLINK WN535 G3 - Information Disclosure

WAVLINK WN535 G3 M35G3R.V5030.180927 is susceptible to information disclosure in the livemfg.shtml page. An attacker can obtain sensitive router information via the exec cmd function and possibly obtain additional sensitive information, modify data, and/or execute unauthorized operations. id:...

7.5CVSS6.7AI score0.06979EPSS

Exploits2References5

CNNVD•added 2026/05/27 12:0 a.m.•5 views

Netis AC1200 安全漏洞

The Netis AC1200 is a series of dual-band wireless broadband routers produced by the Chinese company Netis. The Netis AC1200 V4.0.1.4296 version contains a security vulnerability. This vulnerability stems from the CGI endpoint/cgi-bin/skkget.cgi function, which can return the entire router...

7.3CVSS5.8AI score0.00358EPSS

Positive Technologies•added 2026/05/27 12:0 a.m.•9 views

PT-2026-43706

Netis AC1200 Router NC21 V4.0.1.4296 exposes a CGI endpoint /cgi-bin/skk get.cgi that returns the entire router configuration as a JSON response with no authentication required. Any attacker on the LAN can send a single HTTP GET request and instantly retrieve administrator credentials, WiFi...

5.8AI score0.00358EPSS

Positive Technologies•added 2026/05/26 12:0 a.m.•8 views

PT-2026-43354

Name of the Vulnerable Software and Affected Versions FastNetMon Community Edition versions prior to 1.3.0 Description A configuration injection issue exists in the Juniper router integration plugin. In the file src/juniper plugin/fastnetmon juniper.php, the variable IP ATTACK received from argv1...

8.1CVSS6AI score0.00234EPSS

Exploits0References17

RedhatCVE•added 2026/03/10 2:12 a.m.•2 views

CVE-2026-30140

An incorrect access control vulnerability exists in Tenda W15E V02.03.01.26cn. An unauthenticated attacker can access the /cgi-bin/DownloadCfg/RouterCfm.jpg endpoint to download the configuration file containing plaintext administrator credentials, leading to sensitive information disclosure and...

7.5CVSS6AI score0.00327EPSS

EUVD•added 2026/03/09 9:31 p.m.•1 views

EUVD-2026-10347

6AI score0.00327EPSS

NVD•added 2026/03/09 7:16 p.m.•1 views

CVE-2026-30140

7.5CVSS0.00327EPSS

EUVD•added 2026/03/09 6:31 p.m.•4 views

EUVD-2026-10345

Keygraph Shannon contains a hard-coded API key in its router configuration that, when the router component is enabled and exposed, allows network attackers to authenticate using the publicly known static key. An attacker able to reach the router port can proxy requests through the Shannon instanc...

7.3CVSS5.7AI score0.00243EPSS

EUVD•added 2026/03/09 6:31 p.m.•2 views

EUVD-2026-10344

7.3CVSS5.7AI score0.00243EPSS

NVD•added 2026/03/09 6:16 p.m.•4 views

CVE-2026-29023

7.3CVSS0.00243EPSS

Exploits0References4

Cvelist•added 2026/03/09 5:46 p.m.•29 views

CVE-2026-29023 Keygraph Shannon Hard-coded Router API Key

7.3CVSS0.00243EPSS

Exploits0References4

Vulnrichment•added 2026/03/09 12:0 a.m.•3 views

CVE-2026-30140

6AI score0.00327EPSS

Cvelist•added 2026/03/09 12:0 a.m.•22 views

CVE-2026-30140

0.00327EPSS

Positive Technologies•added 2026/03/09 12:0 a.m.•2 views

PT-2026-24098

An incorrect access control vulnerability exists in Tenda W15E V02.03.01.26 cn. An unauthenticated attacker can access the /cgi-bin/DownloadCfg/RouterCfm.jpg endpoint to download the configuration file containing plaintext administrator credentials, leading to sensitive information disclosure and...

6AI score0.00327EPSS

CVE•added 2026/03/09 12:0 a.m.•7 views

CVE-2026-30140

The CVE-2026-30140 entry describes an authentication-and-access-control flaw in Tenda W15E V02.03.01.26_cn. An unauthenticated attacker can access the /cgi-bin/DownloadCfg/RouterCfm.jpg endpoint to download the device configuration, exposing plaintext administrator credentials and enabling potent...

7.5CVSS6AI score0.00327EPSS

Exploits0References1Affected Software1

CNNVD•added 2026/02/11 12:0 a.m.•4 views

ZBT WE2001 安全漏洞

ZBT WE2001 is a wireless router produced by ZBT Corporation. The version dated 23.09.27 of ZBT WE2001 contains a security vulnerability. This vulnerability stems from the lack of an authentication mechanism in the Web management API component, which may allow unauthenticated attackers on the loca...

8.1CVSS5.8AI score0.00263EPSS

CVE•added 2026/02/11 12:0 a.m.•9 views

CVE-2025-65128

CVE-2025-65128 affects Shenzhen Zhibotong Electronics ZBT WE2001 (firmware version 23.09.27). The web management API lacks authentication, allowing unauthenticated local-network attackers to modify router/network configurations. Attack vectors involve invoking operations ending with “_nocommit” a...

8.1CVSS5.6AI score0.00263EPSS

Positive Technologies•added 2026/02/11 12:0 a.m.•5 views

PT-2026-7623

Name of the Vulnerable Software and Affected Versions Shenzhen Zhibotong Electronics ZBT WE2001 version 23.09.27 Description A flaw exists in the web management API components that allows unauthenticated attackers on the local network to modify router and network configurations. Attackers can...

5.4AI score0.00263EPSS