42 matches found
Edimax BR-6228NC 注入漏洞
The Edimax BR-6228NC is a wireless broadband router produced by Edimax Corporation. Version 1.22 of the Edimax BR-6228NC has a vulnerability known as “injection flaw.” This flaw arises from the function mp in the POST Request Handler component, which processes the command parameter. The improper...
Cross-site Request Forgery (CSRF)
Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF due to the improper origin checks of UI route submissions in server-side route action handlers in Framework Mode. An attacker can execute unauthorized actions by tricking a user into submitting a crafted...
Exposure of Sensitive Information Due to Incompatible Policies
Overview Affected versions of this package are vulnerable to Exposure of Sensitive Information Due to Incompatible Policies due to insufficient access validation to private user projects. An attacker can gain unauthorized access to sensitive project information by directly accessing private proje...
Linksys E5600 安全漏洞
Linksys E5600 is a powerful, compact and reliable WiFi 5 router from Linksys, Inc. A security vulnerability exists in Linksys E5600 version V1.1.0.26, which stems from a command injection in the ddnsStatus function...
text-generation-inference: Unbounded external image fetch in validation leads to resource-exhaustion DoS
Description Text Generation Inference Router DoS via pre-validation image fetch in VLM mode. Affected: Router workspace version 3.3.6 the latest repo, when deployed with a vision/VLM model e.g., Idefics/Mllama/Idefics2/Idefics3/Gemma3/Llama4/Paligemma/LlavaNext/Qwen2VL/Qwen25VL. Pure text LLMs do...
Mercusys MW301R 安全漏洞
Mercusys MW301R is a router from Mercusys, China. A security vulnerability exists in Mercusys MW301R version 1.0.2 Build 190726 Rel.59423n, which stems from an improperly restricted authentication attempt in the Login component...
CVE-2024-29671
Buffer Overflow vulnerability in NEXTU FLATA AX1500 Router v.1.0.2 allows a remote attacker to execute arbitrary code via the POST request handler component...
TOTOLINK A720R、TOTOLINK A3002R和TOTOLINK A3002RU 安全漏洞
TOTOLINK A3002RU and others are products of China Gion Electronics TOTOLINK.TOTOLINK A3002RU is a wireless router product.TOTOLINK A720R is a wireless router.TOTOLINK A3002R is a wireless router.TOTOLINK A3002R is a wireless router. A security vulnerability exists in the TOTOLINK A720R, TOTOLINK...
CVE-2024-57232
NETGEAR RAX5 AX1600 WiFi Router V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcliwpsgenpincode function...
PT-2025-17867
Name of the Vulnerable Software and Affected Versions React Router versions 7.2.0 through 7.5.2 Description The issue allows an attacker to force an application to switch to SPA mode by adding a header to the request. If the application uses SSR and is forced to switch to SPA, this causes an erro...
PT-2024-22222 · Unknown · Mc Lr Router
Name of the Vulnerable Software and Affected Versions: MC LR Router version 2.10.5 Description: The issue concerns OS command injection vulnerabilities in the web interface I/O configuration functionality. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can...
PT-2024-22221 · Unknown · Mc Lr Router
Name of the Vulnerable Software and Affected Versions: MC LR Router version 2.10.5 Description: The issue is related to OS command injection vulnerabilities in the web interface I/O configuration functionality. A specially crafted HTTP request can lead to arbitrary command execution. An attacker...
MC Technologies MC LR Router 操作系统命令注入漏洞
MC Technologies MC LR Router is a router from MC Technologies, Germany. An operating system command injection vulnerability exists in MC Technologies MC LR Router version 2.10.5, which stems from an OS command injection in the I/O configuration function of the web interface, which could lead to...
PT-2024-19054 · Unknown · Mc Lr Router
Name of the Vulnerable Software and Affected Versions: MC LR Router version 2.10.5 Description: An OS command injection vulnerability exists in the web interface configuration upload functionality. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an...
PT-2024-30095 · Wishnet · Wishnet Nepstech Wifi Router Ntpl-Xpon1Gfevn
Name of the Vulnerable Software and Affected Versions: wishnet Nepstech Wifi Router NTPL-XPON1GFEVN version 1.0 Description: An issue in the wishnet Nepstech Wifi Router allows a remote attacker to obtain sensitive information via the cookie's parameter. Recommendations: For wishnet Nepstech Wifi...
Exploit for Incorrect Authorization in Nexxtsolutions Nebula1200-Ac_Firmware
EN This project provides a proof-of-concept exploit for a remo...
PT-2024-19490 · Digisol · Digisol Router
Name of the Vulnerable Software and Affected Versions: Digisol Router DG-GR1321 version v3.2.02 Description: This issue is caused by the improper implementation of password policies. An attacker with physical access could exploit this by creating passwords that do not adhere to the defined securi...
Design/Logic Flaw
The Apollo Router is a graph router written in Rust to run a federated supergraph that uses Apollo Federation. Versions 0.9.5 until 1.40.2 are subject to a Denial-of-Service DoS type vulnerability. When receiving compressed HTTP payloads, affected versions of the Router evaluate the...
GHSA-CGQF-3CQ5-WVCJ Apollo Router's Compressed Payloads do not respect HTTP Payload Limits
Impact The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation. Affected versions are subject to a Denial-of-Service DoS type vulnerability. When receiving compressed HTTP payloads, affected versions of the Route...
CVE-2023-51730
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the DDNS Password parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web...