7 matches found
CVE-2021-34870
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR XR1000 1.0.0.521.0.38 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of SOAP messages. The issue resul...
Design/Logic Flaw
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR XR1000 1.0.0.521.0.38 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of SOAP messages. The issue resul...
Design/Logic Flaw
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DVA-2800 and DSL-2888A routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dhttpd service, which listens on TCP port 80...
CVE-2020-27863
CVE-2020-27863 affects D-Link DVA-2800 and DSL-2888A routers. The flaw is in the dhttpd service (listening on TCP port 8008 by default) where incorrect string-matching logic when accessing protected pages allows network-adjacent attackers to disclose stored credentials without authentication. The...
Design/Logic Flaw
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R6120, R6080, R6260, R6220, R6020, JNR3210, and WNR2020 routers with firmware 1.0.66. Authentication is not required to exploit this vulnerability. The specific flaw exists...
Design/Logic Flaw
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole 5.5.0.64. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getFileUploadBytes method of the FlashValidatorServiceImpl...
CVE-2020-15641
CVE-2020-15641 affects Marvell QConvergeConsole 5.5.0.64. The vulnerability is a directory traversal flaw in the getFileUploadBytes method of the FlashValidatorServiceImpl class, caused by insufficient validation of a user-supplied path before file operations. This allows remote attackers to disc...