CVE-2021-20137

A reflected cross-site scripting vulnerability exists in the url parameter of the /cgi-bin/luci/siteaccess/ page on the Gryphon Tower router's web interface. An attacker could exploit this issue by tricking a user into following a specially crafted link, granting the attacker javascript execution...

D-Link DI-524 V2.06RU - Multiple Cross-Site Scripting

D-Link DI-524 V2.06RU - Multiple Cross-Site Scripting Exploit Title: Multiple Stored and Reflected XSS vulnerabilities in D-Link DI-524 Date: April 6, 2019 Exploit Author: Semen Alexandrovich Lyhin https://www.linkedin.com/in/semenlyhin/ Vendor Homepage: https://www.dlink.com Version: D-Link DI-5...

Researcher Reveals Multiple Flaws in Verizon Fios Routers — PoC Released

A cybersecurity researcher at Tenable has discovered multiple security vulnerabilities in Verizon Fios Quantum Gateway Wi-Fi routers that could allow remote attackers to take complete control over the affected routers, exposing every other device connected to it. Currently used by millions of...

Authentication flaw

A vulnerability is in the 'BSWcxttongr.htm' page of the Netgear DGN2200, version DGN2200-V1.0.0.507.0.50, and DGND3700, version DGND3700-V1.0.0.171.0.17, which can allow a remote attacker to access this page without any authentication. When processed, it exposes the admin password in clear text...