43 matches found
CVE-2026-15427
An OS command injection vulnerability exists in the TR-069 / CWMP management interface of Archer VX1800v v1 due to insufficient input validation and sanitization of parameters, allowing crafted input to be executed as system-level commands. Exploitation requires specific conditions such as TR-069...
CVE-2026-15428 OS Command Injection in TR-069 (CWMP) Management Interface in TP-Link Archer VX1800v
An OS command injection vulnerability exists in Archer VX800v v1 due to insufficient input sanitization of the domain name parameter. An adjacent attacker who can access the relevant HTTP interface can modify the parameter to inject shell metacharacters, resulting in arbitrary code execution with...
CVE-2025-67113
OS command injection in the CWMP client /ftl/bin/cwmp of Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote attackers controlling the ACS endpoint to execute arbitrary commands as root via a crafted TR-069 Download URL that is passed unescaped into t...
EUVD-2020-26920
Malware in sbrugna...
EUVD-2020-26921
Malware in sbrugna...
CVE-2020-5762
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to a denial of service attack against the TR-069 service. An unauthenticated remote attacker can stop the service due to a NULL pointer dereference in the TR-069 service. This condition is triggered due to mishandling of t...
CVE-2020-5761
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to CPU exhaustion due to an infinite loop in the TR-069 service. Unauthenticated remote attackers can trigger this case by sending a one character TCP message to the TR-069 service...
CVE-2020-27692
The Relish Verve Connect VH510 device with firmware before 1.0.1.6L0516 contains multiple CSRF vulnerabilities within its web management portal. Attackers can, for example, use this to update the TR-069 configuration server settings responsible for managing devices remotely. This makes it possibl...
Cross site request forgery (csrf)
The Relish Verve Connect VH510 device with firmware before 1.0.1.6L0516 contains multiple CSRF vulnerabilities within its web management portal. Attackers can, for example, use this to update the TR-069 configuration server settings responsible for managing devices remotely. This makes it possibl...
CVE-2020-27692
The Relish Verve Connect VH510 device with firmware before 1.0.1.6L0516 contains multiple CSRF vulnerabilities within its web management portal. Attackers can, for example, use this to update the TR-069 configuration server settings responsible for managing devices remotely. This makes it possibl...
4 Unpatched Bugs Plague Grandstream ATAs for VoIP Users
UPDATE Multiple high-severity vulnerabilities in the Grandstream HT800 series of Analog Telephone Adaptors ATAs threaten home office and midrange users alike, with outages, eavesdropping and device takeover. The HT800 series of ATAs is designed for everyone from home or small-office users to...
CVE-2020-5761
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to CPU exhaustion due to an infinite loop in the TR-069 service. Unauthenticated remote attackers can trigger this case by sending a one character TCP message to the TR-069 service...
CVE-2020-5762
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to a denial of service attack against the TR-069 service. An unauthenticated remote attacker can stop the service due to a NULL pointer dereference in the TR-069 service. This condition is triggered due to mishandling of t...
Null pointer dereference
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to a denial of service attack against the TR-069 service. An unauthenticated remote attacker can stop the service due to a NULL pointer dereference in the TR-069 service. This condition is triggered due to mishandling of t...
Code injection
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to CPU exhaustion due to an infinite loop in the TR-069 service. Unauthenticated remote attackers can trigger this case by sending a one character TCP message to the TR-069 service...
CVE-2020-5762
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to a denial of service attack against the TR-069 service. An unauthenticated remote attacker can stop the service due to a NULL pointer dereference in the TR-069 service. This condition is triggered due to mishandling of t...
CVE-2020-5762
CVE-2020-5762 affects Grandstream HT800 series firmware
CVE-2020-5761
The CVE-2020-5761 issue affects Grandstream HT800 series firmware 1.0.17.5 and earlier. A bug in the TR-069 service can enter an infinite loop, causing CPU exhaustion when an unauthenticated remote attacker sends a single-character TCP message to TR-069. Public descriptions confirm the impact is ...
CVE-2020-5761
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to CPU exhaustion due to an infinite loop in the TR-069 service. Unauthenticated remote attackers can trigger this case by sending a one character TCP message to the TR-069 service...
Vigor ACS Unsafe Flex AMF Java Object Deserialization(CVE-2017-5641)
Vulnerability Summary A vulnerability in Vigor ACS allows unauthenticated users to cause the product to execute arbitrary code. VigorACS 2 “is a powerful centralized management software for Vigor Routers and VigorAPs, it is an integrated solution for configuring, monitoring, and maintenance of...