CVE-2023-50677

An issue in NETGEAR-DGND4000 v.1.1.00.151.00.15 allows a remote attacker to escalate privileges via the nextfile parameter to the /setup.cgi component...

CVE-2023-50677

An issue in NETGEAR-DGND4000 v.1.1.00.151.00.15 allows a remote attacker to escalate privileges via the nextfile parameter to the /setup.cgi component...

NETGEAR DGND4000 安全漏洞

The NETGEAR DGND4000 is a wireless router , with modem capabilities. An elevation of privilege vulnerability exists in the ETGEAR DGND4000 that originates from elevating privileges to the /setup.cgi component via the nextfile parameter. No details of the vulnerability are provided at this time...

CVE-2023-50677

NETGEAR DGND4000 router (firmware v1.1.00.15_1.00.15) is affected by CVE-2023-50677. The issue allows a remote attacker to escalate privileges via the next_file parameter to the /setup.cgi component, reported due to inadequate access control. Exploitation details, impact scope, and patch informat...

PT-2024-2649 · NetGear · Netgear Dgnd4000

Name of the Vulnerable Software and Affected Versions: NETGEAR-DGND4000 version 1.1.00.15 1.00.15 Description: The issue allows a remote attacker to escalate privileges via the next file parameter to the "/setup.cgi" component. This is related to inadequate access control in the NETGEAR DGND4000...

CVE-2023-50677

An issue in NETGEAR-DGND4000 v.1.1.00.151.00.15 allows a remote attacker to escalate privileges via the nextfile parameter to the /setup.cgi component...

CVE-2023-38924

Netgear DGN3500 1.1.00.37 was discovered to contain a buffer overflow via the httppassword parameter at setup.cgi...

CVE-2023-38924

Netgear DGN3500 1.1.00.37 was discovered to contain a buffer overflow via the httppassword parameter at setup.cgi...

CVE-2023-38924

Netgear DGN3500 1.1.00.37 was discovered to contain a buffer overflow via the httppassword parameter at setup.cgi...

CVE-2023-38924

Netgear DGN3500 (firmware 1.1.00.37) is affected by a buffer overflow in the setup.cgi http_password parameter. Multiple sources concur that improper validation of the input length can allow a remote attacker to leverage the overflow, potentially enabling arbitrary code execution or denial of ser...

CVE-2023-38924

Netgear DGN3500 1.1.00.37 was discovered to contain a buffer overflow via the httppassword parameter at setup.cgi...

CVE-2021-44080

A Command Injection vulnerability in httpd web server setup.cgi in SerComm h500s, FW: lowi-h500s-v3.4.22 allows logged in administrators to arbitrary OS commands as root in the device via the connectiontype parameter of the statussupportdiagnostictracing.json endpoint...

SerComm h500s 操作系统命令注入漏洞

The SerComm h500s is a router device from SerComm China. A security vulnerability exists in the SerComm h500s lowi-h500s-v3.4.22 version, which stems from a command injection issue in the httpd web server setup.cgi. The vulnerability can be exploited to execute arbitrary operating system commands...

CVE-2021-44080

A Command Injection vulnerability in httpd web server setup.cgi in SerComm h500s, FW: lowi-h500s-v3.4.22 allows logged in administrators to arbitrary OS commands as root in the device via the connectiontype parameter of the statussupportdiagnostictracing.json endpoint...

CVE-2021-41427

Beeline Smart Box 2.0.38 is vulnerable to Cross Site Scripting XSS via the choosemac parameter to setup.cgi...

CVE-2021-41427

Beeline Smart Box 2.0.38 is vulnerable to Cross Site Scripting XSS via the choosemac parameter to setup.cgi...

CVE-2021-41427

Beeline Smart Box 2.0.38 is vulnerable to a Cross Site Scripting (XSS) flaw in the setup.cgi endpoint, exploitable via the choose_mac parameter. The issue is documented under CVE-2021-41427. Affected component: the web interface handling setup.cgi; vulnerability type: XSS. Impact details in the p...

Beeline Smart Box 跨站脚本漏洞

Beeline Smart Box is a wireless router from the Russian company Beeline. A security vulnerability exists in Beeline Smart box 2.0.38, which stems from the choosemac parameter of setup.cgi and is susceptible to cross-site scripting XSS attacks...

CVE-2021-41383

setup.cgi on NETGEAR R6020 1.0.0.48 devices allows an admin to execute arbitrary shell commands via shell metacharacters in the ntpserver field...

Netgear NETGEAR R6020 命令注入漏洞

The NETGEAR R6020 is a router from Netgear, Inc. NETGEAR R6020 is vulnerable to a command injection vulnerability in version 1.0.0.48, which stems from a lack of validation and filtering in the ntpserver field of setup.cgi. An attacker with administrator status can use this vulnerability to injec...