25 matches found
CVE-2026-2068
The CVE-2026-2068 entry concerns UTT 进取 520W (version 1.7.7-180627). The vulnerability stems from the strcpy usage in /goform/formSyslogConf where manipulating the ServerIp argument can cause a buffer overflow. It is exploitable remotely, and public PoC/exploits are noted across sources. Multiple...
PT-2026-6800
Name of the Vulnerable Software and Affected Versions UTT 进取 520W version 1.7.7-180627 Description A buffer overflow issue exists in the strcpy function within the /goform/formSyslogConf file. Manipulation of the ServerIp argument can trigger this issue, potentially allowing for remote attacks. T...
UTT 520W 安全漏洞
UTT 520W is a wireless router produced by China's UT Technology Co., Ltd. The UTT 520W version 1.7.7-180627 contains a security vulnerability. This vulnerability stems from incorrect handling of parameters in the file/goform/formSyslogConf, specifically the ServerIp parameter, which may lead to a...
EUVD-2020-7419
Malware in sbrugna...
EUVD-2023-28215
Malicious code in bioql PyPI...
EUVD-2023-28220
Malicious code in bioql PyPI...
TOTOLINK T6 安全漏洞
TOTOLINK T6 is a wireless dual-band router from China's Gion Electronics TOTOLINK. A buffer overflow vulnerability exists in TOTOLINK T6 version 4.1.5cu.748B20211015, which stems from the failure of the parameter serverIp in the MQTT Service to correctly validate the length and size of the input...
TOTOLINK T8 meshSlaveUpdate Method Command Injection Vulnerability
TOTOLINK T8 is a wireless dual-band router that is mainly used for internet connection and data transmission. TOTOLINK T8 suffers from a command injection vulnerability that stems from the serverIp parameter of the meshSlaveUpdate method failing to properly filter construct command special...
TOTOLINK T8 meshSlaveDlfw Method Command Injection Vulnerability
TOTOLINK T8 is a wireless dual-band router that is mainly used for internet connection and data transmission. The TOTOLINK T8 suffers from a command injection vulnerability that stems from the serverIp parameter of the meshSlaveDlfw method failing to properly filter constructed command special...
CVE-2023-24157
A command injection vulnerability in the serverIp parameter in the function updateWifiInfo of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet...
CVE-2023-24152
A command injection vulnerability in the serverIp parameter in the function meshSlaveUpdate of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet...
CVE-2023-24152
A command injection vulnerability in the serverIp parameter in the function meshSlaveUpdate of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet...
CVE-2023-24150
A command injection vulnerability in the serverIp parameter in the function meshSlaveDlfw of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet...
CVE-2023-24150
A command injection vulnerability in the serverIp parameter in the function meshSlaveDlfw of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet...
Command injection
A command injection vulnerability in the serverIp parameter in the function updateWifiInfo of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet...
Command injection
A command injection vulnerability in the serverIp parameter in the function meshSlaveDlfw of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet...
Command injection
A command injection vulnerability in the serverIp parameter in the function meshSlaveUpdate of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet...
TOTOLINK T8 命令注入漏洞
TOTOLINK T8 is a wireless dual-band router that is mainly used for internet connection and data transmission. TOTOLINK T8 suffers from a command injection vulnerability that stems from the serverIp parameter of the meshSlaveUpdate method failing to properly filter construct command special...
TOTOLINK T8 命令注入漏洞
TOTOLINK T8 is a wireless dual-band router that is mainly used for internet connection and data transmission. TOTOLINK T8 suffers from a command injection vulnerability that stems from the serverIp parameter of the updateWifiInfo method failing to correctly filter constructed command special...
CVE-2023-24152
A command injection vulnerability in the serverIp parameter in the function meshSlaveUpdate of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet...