21 matches found
Shibby Tomato 操作系统命令注入漏洞
Shibby Tomato is a third-party router firmware developed by Shibby’s individual developers. Version 1.28.0000 of Shibby Tomato contains a vulnerability related to operating system command injection. This vulnerability stems from the startvpnserver function in the /sbin/rc file within the Web UI...
EUVD-2020-29217
Malware in sbrugna...
EUVD-2023-27250
Malicious code in bioql PyPI...
EUVD-2022-48626
Malicious code in bioql PyPI...
CVE-2025-52379
Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 and below contains an authenticated command injection vulnerability in the firmware update feature. The /web/umfileNameset.cgi and /web/umwebupgrade.cgi endpoints fail to properly sanitize the upgradeFileName parameter, allowing authenticated...
The vulnerability of the fromRouteStatic function in the microprogramming software for wireless Wi-Fi routers Tenda W30E allows a attacker to trigger a service failure or execute arbitrary code.
The vulnerability of the fromRouteStatic function in the microprogramming software for Tenda W30E wireless routers involves reading data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor to cause service failures or execute arbitrary code...
Netis Router Exploit Chain Reactor (CVE-2024-48455, CVE-2024-48456 and CVE-2024-48457).
Several Netis Routers including rebranded routers from GLCtec and Stonet suffer from a command injection vulnerability at the change admin password page of the router web interface see CVE-2024-48456 for more details. The vulnerability stems from improper handling of the 'password' and 'new...
The vulnerability of Netgear WNR614 N300 Wi-Fi router’s microprogramming software, related to permission processing errors, allows a intruder to gain unauthorized access to protected information.
The vulnerability of Netgear WNR614 N300 Wi-Fi router’s microprogramming software is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the cancelPing function in D-Link DIR-820L router microprogramming software allows a hacker to execute arbitrary code.
The vulnerability of the cancelPing function in D-Link DIR-820L router microprogramming software arises due to overflow in the stack buffer. Exploiting this vulnerability can allow an attacker operating remotely to execute arbitrary code...
The vulnerability of D-Link DSL-3782 router’s microprogramming software allows a hacker to bypass the authentication process and gain access to confidential information.
The vulnerability of the D-Link DSL-3782 router’s microprogramming software is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to bypass the authentication process and gain access to confidential information through a specially crafted...
The vulnerabilities of D-Link DIR-550A and DIR-604M router microprogramming software allow attackers to enhance their privileges.
The vulnerability of D-Link DIR-550A and DIR-604M router microprogramming software is related to insecure resource initialization. Exploiting this vulnerability can allow a malicious actor to gain increased privileges...
The vulnerability of the HNAP1 protocol implementation in D-Link DIR-2640-US router microsoftware allows a attacker to execute arbitrary code.
The vulnerability of the HNAP1 protocol implementation in D-Link DIR-2640-US router microprogramming software is related to the lack of measures to sanitize input data during the processing of the LocalIPAddress parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrar...
CVE-2023-23150
SA-WR915ND router firmware v17.35.1 was discovered to be vulnerable to code execution...
Improper access control
COMFAST Shenzhen Sihai Zhonglian Network Technology Co., Ltd CF-WR623N Router firmware V2.3.0.1 is vulnerable to Incorrect Access Control...
The vulnerability of Trendnet TEW-831DR router microprogramming software, related to the use of a rigidly encrypted cryptographic key, allows a hacker to obtain the encryption key.
The vulnerability of Trendnet TEW-831DR router microprogramming software is related to the use of a strictly encrypted cryptographic key. Exploiting this vulnerability can allow an attacker operating remotely to obtain the encryption key...
The vulnerability of the implementation of the genacgi_main() function in D-Link DIR-859 router microprogramming software allows a hacker to cause a service failure.
The vulnerability of the genacgimain function implementation in D-Link DIR-859 router microprogramming software is related to the output of operations that go beyond the buffer in memory. Exploiting this vulnerability can allow an attacker to cause a service failure by executing the /gena.cgi...
The vulnerability of NETGEAR XR1000 Wi-Fi routers’ microprogramming software, related to the use of pre-installed credentials, allows a intruder to gain unauthorized access to protected information.
The vulnerability of NETGEAR XR1000 Wi-Fi routers’ microprogramming software relates to the use of pre-installed credentials. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
The vulnerability of NETGEAR D7000 Wi-Fi routers’ microprogramming software, related to deficiencies in authentication procedures, allows attackers to escalate their privileges.
The vulnerability of NETGEAR D7000 Wi-Fi routers’ microprogramming software is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow an attacker to enhance their privileges remotely...
The vulnerability of the SetWizardConfig function in D-Link DIR-846 router microprogramming software allows a hacker to execute arbitrary commands.
The vulnerability of the SetWizardConfig function in D-Link DIR-846 router microprogramming software is related to insufficient checking of arguments passed in commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using a specially created request /HNAP1/...
The vulnerability of Cisco Small Business RV016, RV042, RV042G, and RV082 router microprogramming software lies in the presence of embedded authentication data (a static H.509 certificate), which allows attackers to escalate their privileges.
The vulnerability of Cisco Small Business RV016, RV042, RV042G, and RV082 router microprogramming software is related to the presence of embedded authentication data static certificate H.509. Exploiting this vulnerability can allow a malicious actor to gain increased privileges remotely...