Lucene search
K

176 matches found

NVD
NVD
added 2021/07/15 6:15 p.m.20 views

CVE-2021-34827

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the SOAPAction HTTP header. The issue...

8.8CVSS0.02333EPSS
Exploits0References1
NVD
NVD
added 2021/07/15 6:15 p.m.26 views

CVE-2021-34828

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the SOAPAction HTTP header. The issue...

8.8CVSS0.02333EPSS
Exploits0References1
Prion
Prion
added 2021/07/15 6:15 p.m.18 views

Stack overflow

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the SOAPAction HTTP header. The issue...

8.3CVSS8.8AI score0.02333EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/07/15 6:15 p.m.22 views

Design/Logic Flaw

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the SOAPAction HTTP header. The issue...

8.3CVSS8.8AI score0.02333EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/07/15 5:35 p.m.20 views

CVE-2021-34828

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the SOAPAction HTTP header. The issue...

8.8CVSS8.9AI score0.02333EPSS
Exploits0References1
CVE
CVE
added 2021/07/15 5:35 p.m.66 views

CVE-2021-34828

CVE-2021-34828 affects D-Link DAP-1330 (firmware 1.13B01 BETA). The flaw is in handling of the SOAPAction HTTP header, caused by insufficient validation of the length of user-supplied data copied into a fixed-length buffer. This enables network-adjacent attackers with no authentication to execute...

8.8CVSS8.8AI score0.02333EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/07/15 5:35 p.m.69 views

CVE-2021-34827

CVE-2021-34827 affects D-Link DAP-1330 1.13B01 BETA routers. The issue is a stack-based buffer overflow in the handling of the SOAPAction HTTP header caused by improper validation of the length of user-supplied data, enabling network-adjacent attackers to execute arbitrary code in the device cont...

8.8CVSS8.8AI score0.02333EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/07/15 5:35 p.m.29 views

CVE-2021-34827

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the SOAPAction HTTP header. The issue...

8.8CVSS8.9AI score0.02333EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2021/06/10 12:0 a.m.43 views

(0Day) D-Link DAP-1330 HNAP checkValidRequest Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the SOAPAction HTTP header. The issue results from the...

8.8CVSS2.8AI score0.02333EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2021/06/10 12:0 a.m.53 views

(0Day) D-Link DAP-1330 lighttpd get_soap_action Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the SOAPAction HTTP header. The issue results from the...

8.8CVSS2.9AI score
Exploits0
OSV
OSV
added 2020/07/23 9:15 p.m.6 views

CVE-2020-15631

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 1.04B03HOTFIX WiFi extenders. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

8CVSS7.5AI score0.02942EPSS
Exploits0References2
NVD
NVD
added 2020/07/23 9:15 p.m.22 views

CVE-2020-15631

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 1.04B03HOTFIX WiFi extenders. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

8CVSS8.1AI score0.02942EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/07/23 8:45 p.m.27 views

CVE-2020-15631

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 1.04B03HOTFIX WiFi extenders. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

8CVSS8.1AI score0.02942EPSS
Exploits0References2
Zero Day Initiative
Zero Day Initiative
added 2020/06/15 12:0 a.m.77 views

(0Day) (Pwn2Own) NETGEAR R6700 UPnP SOAPAction Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service, which listens on TCP port 5000. A crafted UPnP message...

6.5CVSS4.1AI score
Exploits0
OSV
OSV
added 2020/01/07 11:15 p.m.3 views

CVE-2019-17146

This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link DCS-960L v1.07.102. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HNAP service, which listens on TCP port 80 by default. When parsing the...

9.8CVSS7.7AI score0.09532EPSS
Exploits0References2
Prion
Prion
added 2020/01/07 11:15 p.m.22 views

Stack overflow

This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link DCS-960L v1.07.102. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HNAP service, which listens on TCP port 80 by default. When parsing the...

10CVSS9.7AI score0.09532EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2020/01/07 11:5 p.m.99 views

CVE-2019-17146

The CVE covers a vulnerability in D-Link DCS-960L (v1.07.102) where the HNAP service on port 80 improperly validates the length of user-supplied data in SOAPAction headers, leading to a stack-based overflow and remote code execution as the admin user. Multiple sources (ZDI advisory ZDI-19-1031, N...

10CVSS9.7AI score0.09532EPSS
Exploits0References2Affected Software1
Zero Day Initiative
Zero Day Initiative
added 2019/12/23 12:0 a.m.36 views

D-Link DCS-960L HNAP SOAPAction Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link DCS-960L. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HNAP service, which listens on TCP port 80 by default. When parsing the SOAPAction...

8.8CVSS5.2AI score0.09532EPSS
Exploits0References1
Talos
Talos
added 2019/09/09 12:0 a.m.67 views

NETGEAR N300 WNR2000v5 unauthenticated host access point daemon denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the Host Access Point Daemon hostapd on the NETGEAR N300 WNR2000v5 wireless router. A SOAP request sent in an invalid sequence to the service can cause a null pointer dereference, resulting in the hostapd service crashing. An...

7.5CVSS7.5AI score0.02014EPSS
Exploits1
Exploit DB
Exploit DB
added 2019/05/21 12:0 a.m.152 views

Oracle CTI Web Service - 'EBS_ASSET_HISTORY_OPERATIONS' XML Entity Injection

Exploit Title: Oracle CTI Web Service XML Entity Exp. Exploit Author: omurugur Author Web: https://www.justsecnow.com Author Social: @omurugurrr URL : http://server/EBSASSETHISTORYOPERATIONS As can be seen in the following request / response example, the xml entity expansion attack can be...

7.4AI score
Exploits0
Rows per page
Query Builder