Lucene search
+L

43 matches found

nvd
nvd
added 2 days ago4 views

CVE-2026-15427

An OS command injection vulnerability exists in the TR-069 / CWMP management interface of Archer VX1800v v1 due to insufficient input validation and sanitization of parameters, allowing crafted input to be executed as system-level commands. Exploitation requires specific conditions such as TR-069...

8.6CVSS0.005EPSS
Exploits0References2
cvelist
cvelist
added 2 days ago22 views

CVE-2026-15428 OS Command Injection in TR-069 (CWMP) Management Interface in TP-Link Archer VX1800v

An OS command injection vulnerability exists in Archer VX800v v1 due to insufficient input sanitization of the domain name parameter. An adjacent attacker who can access the relevant HTTP interface can modify the parameter to inject shell metacharacters, resulting in arbitrary code execution with...

8.5CVSS0.00885EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/03/19 12:0 a.m.3 views

CVE-2025-67113

OS command injection in the CWMP client /ftl/bin/cwmp of Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote attackers controlling the ACS endpoint to execute arbitrary commands as root via a crafted TR-069 Download URL that is passed unescaped into t...

6.2AI score0.01222EPSS
Exploits0References3
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-26920

Malware in sbrugna...

7.8CVSS7.5AI score0.04093EPSS
Exploits1References3
euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-26921

Malware in sbrugna...

7.5CVSS7.5AI score0.03361EPSS
Exploits1References3
redhatcve
redhatcve
added 2025/05/22 5:41 p.m.16 views

CVE-2020-5762

Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to a denial of service attack against the TR-069 service. An unauthenticated remote attacker can stop the service due to a NULL pointer dereference in the TR-069 service. This condition is triggered due to mishandling of t...

7.5CVSS7.2AI score0.03361EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/22 3:40 p.m.21 views

CVE-2020-5761

Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to CPU exhaustion due to an infinite loop in the TR-069 service. Unauthenticated remote attackers can trigger this case by sending a one character TCP message to the TR-069 service...

7.8CVSS7.1AI score0.04093EPSS
Exploits1References1
nvd
nvd
added 2020/11/04 9:15 p.m.18 views

CVE-2020-27692

The Relish Verve Connect VH510 device with firmware before 1.0.1.6L0516 contains multiple CSRF vulnerabilities within its web management portal. Attackers can, for example, use this to update the TR-069 configuration server settings responsible for managing devices remotely. This makes it possibl...

8.8CVSS8.9AI score0.00542EPSS
Exploits1References2
prion
prion
added 2020/11/04 9:15 p.m.13 views

Cross site request forgery (csrf)

The Relish Verve Connect VH510 device with firmware before 1.0.1.6L0516 contains multiple CSRF vulnerabilities within its web management portal. Attackers can, for example, use this to update the TR-069 configuration server settings responsible for managing devices remotely. This makes it possibl...

6.8CVSS8.8AI score0.00542EPSS
Exploits1References2Affected Software1
cvelist
cvelist
added 2020/11/04 8:14 p.m.21 views

CVE-2020-27692

The Relish Verve Connect VH510 device with firmware before 1.0.1.6L0516 contains multiple CSRF vulnerabilities within its web management portal. Attackers can, for example, use this to update the TR-069 configuration server settings responsible for managing devices remotely. This makes it possibl...

9AI score0.00542EPSS
Exploits1References2
threatpost
threatpost
added 2020/07/31 9:5 p.m.73 views

4 Unpatched Bugs Plague Grandstream ATAs for VoIP Users

UPDATE Multiple high-severity vulnerabilities in the Grandstream HT800 series of Analog Telephone Adaptors ATAs threaten home office and midrange users alike, with outages, eavesdropping and device takeover. The HT800 series of ATAs is designed for everyone from home or small-office users to...

9.3CVSS8.9AI score0.0547EPSS
Exploits4References12
nvd
nvd
added 2020/07/29 7:15 p.m.27 views

CVE-2020-5761

Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to CPU exhaustion due to an infinite loop in the TR-069 service. Unauthenticated remote attackers can trigger this case by sending a one character TCP message to the TR-069 service...

7.8CVSS7.5AI score0.04093EPSS
Exploits1References2
nvd
nvd
added 2020/07/29 7:15 p.m.28 views

CVE-2020-5762

Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to a denial of service attack against the TR-069 service. An unauthenticated remote attacker can stop the service due to a NULL pointer dereference in the TR-069 service. This condition is triggered due to mishandling of t...

7.5CVSS7.5AI score0.03361EPSS
Exploits1References2
prion
prion
added 2020/07/29 7:15 p.m.16 views

Null pointer dereference

Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to a denial of service attack against the TR-069 service. An unauthenticated remote attacker can stop the service due to a NULL pointer dereference in the TR-069 service. This condition is triggered due to mishandling of t...

5CVSS7.5AI score0.03361EPSS
Exploits1References2Affected Software6
prion
prion
added 2020/07/29 7:15 p.m.14 views

Code injection

Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to CPU exhaustion due to an infinite loop in the TR-069 service. Unauthenticated remote attackers can trigger this case by sending a one character TCP message to the TR-069 service...

7.8CVSS7.5AI score0.04093EPSS
Exploits1References2Affected Software6
cvelist
cvelist
added 2020/07/29 6:51 p.m.28 views

CVE-2020-5762

Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to a denial of service attack against the TR-069 service. An unauthenticated remote attacker can stop the service due to a NULL pointer dereference in the TR-069 service. This condition is triggered due to mishandling of t...

7.5AI score0.03361EPSS
Exploits1References2
cve
cve
added 2020/07/29 6:51 p.m.60 views

CVE-2020-5762

CVE-2020-5762 affects Grandstream HT800 series firmware

7.5CVSS7.5AI score0.03361EPSS
Exploits1References2Affected Software1
cve
cve
added 2020/07/29 6:51 p.m.66 views

CVE-2020-5761

The CVE-2020-5761 issue affects Grandstream HT800 series firmware 1.0.17.5 and earlier. A bug in the TR-069 service can enter an infinite loop, causing CPU exhaustion when an unauthenticated remote attacker sends a single-character TCP message to TR-069. Public descriptions confirm the impact is ...

7.8CVSS7.5AI score0.04093EPSS
Exploits1References2Affected Software1
cvelist
cvelist
added 2020/07/29 6:51 p.m.32 views

CVE-2020-5761

Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to CPU exhaustion due to an infinite loop in the TR-069 service. Unauthenticated remote attackers can trigger this case by sending a one character TCP message to the TR-069 service...

7.5AI score0.04093EPSS
Exploits1References2
seebug
seebug
added 2018/04/25 12:0 a.m.213 views

Vigor ACS Unsafe Flex AMF Java Object Deserialization(CVE-2017-5641)

Vulnerability Summary A vulnerability in Vigor ACS allows unauthenticated users to cause the product to execute arbitrary code. VigorACS 2 “is a powerful centralized management software for Vigor Routers and VigorAPs, it is an integrated solution for configuring, monitoring, and maintenance of...

7.5CVSS10AI score0.21274EPSS
Exploits4
Rows per page
Query Builder