CVE-2021-44736

Lexmark devices are affected by CVE-2021-44736: the initial admin account setup wizard permits unauthenticated access to the out of service erase feature, enabling unauthenticated control over a device function. The issue is documented in multiple sources (ZDI advisory ZDI-22-331; Tenable OT plug...

Lexmark 授权问题漏洞

Lexmark is a family of printers in the United States. An authorization issue vulnerability exists in Lexmark devices, which arises from the product's initial administrative account setup wizard allowing an unauthenticated user's access to the out-of-service erase function...

Xxe

In a Junos Fusion scenario an External Control of Critical State Data vulnerability in the Satellite Device SD control state machine of Juniper Networks Junos OS allows an attacker who is able to make physical changes to the cabling of the device to cause a denial of service DoS. An SD can get...

CVE-2021-35969

Pexip Infinity before 26 allows temporary remote Denial of Service abort because of missing call-setup input validation...

CVE-2021-42555

Pexip Infinity before 26.2 allows temporary remote Denial of Service abort because of missing call-setup input validation...

CVE-2021-34980

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6260 1.1.0.781.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setupwizard.cgi page. When parsing the SOAPLOGINTOKEN...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

!DDT Framework Functional Testing - Passhttps://img.shields.i...

DEBIAN-CVE-2022-23134

After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend...

CVE-2022-23134

After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend...

CVE-2022-23134

After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend...

CVE-2022-23134

After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend...

Design/Logic Flaw

After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend...

CVE-2022-23134 Possible view of the setup pages by unauthenticated users if config file already exists

After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend...

CVE-2022-23134 Possible view of the setup pages by unauthenticated users if config file already exists

After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend...

CVE-2022-23134

After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend...

Zabbix 授权问题漏洞

Zabbix is an open source monitoring system from Zabbix. The system supports network monitoring, server monitoring, cloud monitoring, and application monitoring. Zabbix suffers from an authorization issue vulnerability that stems from the fact that after the initial setup process, certain steps in...

Multiple XSS and HTML injection attacks in setup script

PMASA-2022-2 Announcement-ID: PMASA-2022-2 Date: 2022-01-10 Summary Multiple XSS and HTML injection attacks in setup script Description A series of weaknesses has been discovered that could allow an attacker to inject malicious code in to aspects of the setup script, which can allow XSS or HTML...

Trendnet AC2600 TEW-827DRU Licensing Issue Vulnerability

Trendnet AC2600 TEW-827DRU is a wireless router.Trendnet AC2600 TEW-827DRU version 2.08B01 has a security vulnerability that can be exploited by an attacker to manually navigate through the setup wizard and force it to redirect to the desired page, which can bypass authentication and allow users ...

CVE-2021-20150

Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses information via redirection from the setup wizard. Authentication can be bypassed and a user may view information as Admin by manually browsing to the setup wizard and forcing it to redirect to the desired page...

CVE-2021-20150

Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses information via redirection from the setup wizard. Authentication can be bypassed and a user may view information as Admin by manually browsing to the setup wizard and forcing it to redirect to the desired page...