Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2026/06/08 8:58 a.m.12 views

CVE-2026-11452

A vulnerability has been found in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function FUN0042e200 of the file /cgi-bin/glc of the component SETUSERPWD Handler. The manipulation of the argument Password leads to command injection. The attack can be initiated remotely. Upgrading to version 4.8....

7.5CVSS6.8AI score0.01681EPSS
Exploits1References1
CVE
CVE
added 2026/06/07 3:15 a.m.31 views

CVE-2026-11452

GL.iNet GL-MT3000 (firmware ≤ 4.4.5) exposes a remote command-injection in the SET_USER_PWD Handler (function FUN_0042e200) via the /cgi-bin/glc interface. The vulnerability stems from manipulating the Password parameter, enabling remote execution of commands. Upgrading to firmware 4.8.1 is recom...

7.5CVSS6.8AI score0.01681EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/06/07 3:15 a.m.11 views

CVE-2026-11452 GL.iNet GL-MT3000 SET_USER_PWD glc FUN_0042e200 command injection

A vulnerability has been found in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function FUN0042e200 of the file /cgi-bin/glc of the component SETUSERPWD Handler. The manipulation of the argument Password leads to command injection. The attack can be initiated remotely. Upgrading to version 4.8....

7.5CVSS6.8AI score0.01681EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/06/07 3:15 a.m.10 views

CVE-2026-11452

A vulnerability has been found in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function FUN0042e200 of the file /cgi-bin/glc of the component SETUSERPWD Handler. The manipulation of the argument Password leads to command injection. The attack can be initiated remotely. Upgrading to version 4.8....

7.5CVSS5.2AI score0.01681EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2026/06/07 3:15 a.m.33 views

CVE-2026-11452 GL.iNet GL-MT3000 SET_USER_PWD glc FUN_0042e200 command injection

A vulnerability has been found in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function FUN0042e200 of the file /cgi-bin/glc of the component SETUSERPWD Handler. The manipulation of the argument Password leads to command injection. The attack can be initiated remotely. Upgrading to version 4.8....

7.5CVSS0.01681EPSS
Exploits1References5
EUVD
EUVD
added 2025/12/02 3:30 p.m.5 views

EUVD-2025-200230

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'SetUserPassword' function, the 'newPassword' parameter is directly embedded in a shell command string using 'sprintf' without any sanitisation or validation, and then executed using 'system'. This allows a...

8.5CVSS7.2AI score0.00344EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/02 1:1 p.m.3 views

CVE-2025-11786 Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'SetUserPassword' function, the 'newPassword' parameter is directly embedded in a shell command string using 'sprintf' without any sanitisation or validation, and then executed using 'system'. This allows a...

8.5CVSS7.3AI score0.00344EPSS
Exploits0References1
OSV
OSV
added 2025/02/28 12:16 a.m.8 views

OSV-2025-178 Heap-buffer-overflow in usm_set_user_password

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=399458050 Crash type: Heap-buffer-overflow WRITE 9 Crash state: usmsetuserpassword usmsetpassword runconfighandler...

7.2AI score
Exploits0References1
Rows per page
Query Builder