Lucene search
+L

64 matches found

vulnrichment
vulnrichment
added 2025/09/28 5:2 a.m.4 views

CVE-2025-11097 D-Link DIR-823X set_device_name command injection

A vulnerability has been found in D-Link DIR-823X 250416. Impacted is an unknown function of the file /goform/setdevicename. The manipulation of the argument mac leads to command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be...

6.5CVSS6.7AI score0.04125EPSS
Exploits1References5
osv
osv
added 2025/09/15 3:15 p.m.6 views

UBUNTU-CVE-2023-53241

In the Linux kernel, the following vulnerability has been resolved: nfsd: call oprelease, even when opfunc returns an error For ops with "trivial" replies, nfsd4encodeoperation will shortcut most of the encoding work and skip to just marshalling up the status. One of the things it skips is callin...

5.5CVSS5.7AI score0.00146EPSS
Exploits0References8
redhatcve
redhatcve
added 2025/08/13 1:31 a.m.5 views

CVE-2025-8823

A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this vulnerability is the function setDeviceName of the file /goform/setDeviceName. The manipulation of the argument DeviceName leads to os command injection. The attack can be...

8.8CVSS7.6AI score0.08257EPSS
Exploits1References1
cvelist
cvelist
added 2025/08/11 1:5 a.m.16 views

CVE-2025-8823 Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setDeviceName os command injection

A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this vulnerability is the function setDeviceName of the file /goform/setDeviceName. The manipulation of the argument DeviceName leads to os command injection. The attack can be...

6.5CVSS0.08257EPSS
Exploits1References6
cve
cve
added 2025/08/11 1:5 a.m.25 views

CVE-2025-8823

CVE-2025-8823 affects Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 up to 20250801. The issue is in the function setDeviceName of /goform/setDeviceName, where manipulating the DeviceName argument leads to OS command injection. The vulnerability can be exploited remotely, and public proof-of-e...

8.8CVSS7.5AI score0.08257EPSS
Exploits1References6Affected Software1
ptsecurity
ptsecurity
added 2025/08/01 12:0 a.m.7 views

PT-2025-32501 · Linksys · Linksys Re9000 +5

Name of the Vulnerable Software and Affected Versions: Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 versions up to 20250801 Description: A vulnerability exists in Linksys range extenders that allows for remote operating system command injection. The vulnerability is located in the...

6.5CVSS6.7AI score0.08257EPSS
Exploits1References13
bdu_fstec
bdu_fstec
added 2025/07/02 12:0 a.m.8 views

The vulnerability of the set_device_language() function in the portal.cgi script of Linksys E8450 Wi-Fi router software allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the setdevicelanguage function in the portal.cgi script of Linksys E8450 Wi-Fi routers is related to the issue where the operation results outside the buffer in memory when processing the dutlanguage parameter. Exploiting this vulnerability allows an attacker to compromise th...

9CVSS7.8AI score0.0064EPSS
Exploits0References4Affected Software1
cnnvd
cnnvd
added 2025/06/27 12:0 a.m.7 views

Linksys E8450 安全漏洞

The Linksys E8450 is an E-Series wireless router from Linksys, Inc. A security vulnerability exists in Linksys E8450 1.2.00.360516 and earlier versions, which stems from improper manipulation of the dutlanguage parameter by the setdevicelanguage function in the portal.cgi file, which may result i...

9CVSS8.9AI score0.0064EPSS
Exploits0References6
redhatcve
redhatcve
added 2025/05/23 3:17 a.m.6 views

CVE-2023-23302

The Toybox.GenericChannel.setDeviceConfig API method in CIQ API version 1.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application could call the API method with specially crafted object and hijack the executi...

9.8CVSS7.2AI score0.01274EPSS
Exploits1References1
cnnvd
cnnvd
added 2025/05/02 12:0 a.m.4 views

TOTOLINK A950RG 安全漏洞

The TOTOLINK A950RG is an ultra-generation Giga wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A950RG suffers from a command execution vulnerability that stems from improper handling of the deviceMac parameter in the setDeviceName interface in the /lib/cstemodules/global.so...

9.8CVSS7.6AI score0.00725EPSS
Exploits1References2
bdu_fstec
bdu_fstec
added 2025/01/31 12:0 a.m.7 views

The vulnerability of the set_device_flags() function in the net/bluetooth/mgmt.c module of Linux kernel allows a hacker to trigger a service failure.

The vulnerability of the setdeviceflags function in the net/bluetooth/mgmt.c module of Linux kernel relates to the unlocking of a mutex that has not been unlocked before. Exploiting this vulnerability could allow an attacker to cause a service failure...

7.5CVSS5.5AI score
Exploits0References1Affected Software1
osv
osv
added 2024/07/12 11:8 a.m.4 views

OESA-2024-1818 xorg-x11-server-xwayland security update

Xwayland is an X server for running X clients under Wayland. %package devel Summary: Development package Requires: pkgconfig %description devel The development package provides the developmental files which are necessary for developing Wayland compositors using Xwayland. %prep %autosetup -n...

7.8CVSS7.7AI score0.00573EPSS
Exploits0References2
attackerkb
attackerkb
added 2024/05/03 2:15 a.m.4 views

CVE-2023-37312

D-Link DAP-2622 DDP Set Device Info Device Name Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this...

8.8CVSS7.9AI score0.00637EPSS
Exploits0References3
bdu_fstec
bdu_fstec
added 2023/12/11 12:0 a.m.7 views

The vulnerability of the setDeviceInfo() function in Tenda AX9 Wi-Fi routers allows a hacker to execute arbitrary commands.

The vulnerability of the setDeviceInfo function in Tenda AX9 Wi-Fi routers’ microprogramming software is related to the lack of measures taken to protect the SQL query structure when processing the mac parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

10CVSS8.3AI score0.02411EPSS
Exploits1References3Affected Software1
osv
osv
added 2023/12/07 6:15 p.m.2 views

CVE-2023-49408

Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the function setdevicename...

9.8CVSS5.9AI score0.00925EPSS
Exploits1References1
attackerkb
attackerkb
added 2023/12/07 6:15 p.m.4 views

CVE-2023-49408

Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the function setdevicename...

9.8CVSS5.8AI score0.00925EPSS
Exploits1References2
osv
osv
added 2023/12/07 4:15 p.m.3 views

CVE-2023-49429

Tenda AX9 V22.03.01.46 was discovered to contain a SQL command injection vulnerability in the 'setDeviceInfo' feature through the 'mac' parameter at /goform/setModules...

9.8CVSS5.9AI score0.02411EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2023/12/07 12:0 a.m.6 views

PT-2023-31210 · Tenda · Tenda Ax3

Name of the Vulnerable Software and Affected Versions: Tenda AX3 version 16.03.12.11 Description: A stack overflow issue was discovered via the function set device name. Recommendations: For Tenda AX3 version 16.03.12.11, consider disabling the set device name function until a patch is available...

9.8CVSS9.6AI score0.00925EPSS
Exploits1References4
osv
osv
added 2023/11/29 1:15 a.m.4 views

CVE-2023-24294

Zumtobel Netlink CCD Onboard v3.74 - Firmware v3.80 was discovered to contain a buffer overflow via the component NetlinkWeb::Information::SetDeviceIdentification...

7.5CVSS6.1AI score0.00835EPSS
Exploits0References2
osv
osv
added 2023/11/27 5:15 p.m.5 views

CVE-2023-49047

Tenda AX1803 v1.0.0.1 contains a stack overflow via the devName parameter in the function formSetDeviceName...

7.5CVSS5.8AI score0.0077EPSS
Exploits1References1
Rows per page
Query Builder