Lucene search
K

28 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-6002

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.39247EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-24632

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.05765EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/08/15 12:30 a.m.13 views

CVE-2025-43982

Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices enable the SSH service by default. There is a hidden hard-coded root account that cannot be disabled in the GUI...

9.8CVSS7.3AI score0.00338EPSS
Exploits0References1
NVD
NVD
added 2025/08/13 8:15 p.m.6 views

CVE-2025-43982

Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices enable the SSH service by default. There is a hidden hard-coded root account that cannot be disabled in the GUI...

9.8CVSS0.00338EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/13 12:0 a.m.3 views

CVE-2025-43989

The /goform/formJsonAjaxReq POST endpoint of Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices mishandles the settimesetting action with the ntpserver0 parameter, which is used in a system command. By setting a username=admin cookie bypassing normal session checks, an...

8AI score0.05765EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/08/13 12:0 a.m.3 views

Tuoshi NR500-EA 安全漏洞

Tuoshi NR500-EA is a wireless router from Tuoshi China. A security vulnerability exists in Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43, which stems from the default enablement of SSH service and the presence of a hard-coded root account...

9.8CVSS6.8AI score0.00338EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/08/13 12:0 a.m.2 views

Tuoshi NR500-EA 安全漏洞

Tuoshi NR500-EA is a wireless router from Tuoshi China. A security vulnerability exists in the Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43, which stems from the incorrect operation of the parameter ntpserver0 in the settimesetting operation could lead to the execution of arbitrary commands...

6.5CVSS7AI score0.05765EPSS
Exploits0References5
CVE
CVE
added 2025/08/13 12:0 a.m.54 views

CVE-2025-43989

CVE-2025-43989 affects Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLIC firmware 3.4.2731.16.43. The /goform/formJsonAjaxReq POST endpoint mishandles set_timesetting with ntpserver0; setting a username=admin cookie bypasses session checks and allows an unauthenticated attacker to execute arbitrary OS ...

6.5CVSS8AI score0.05765EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/08/13 12:0 a.m.4 views

CVE-2025-43982

Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices enable the SSH service by default. There is a hidden hard-coded root account that cannot be disabled in the GUI...

7.2AI score0.00338EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/13 12:0 a.m.6 views

PT-2025-33067 · Unknown · Shenzhen Tuoshi Nr500-Ea +1

Name of the Vulnerable Software and Affected Versions: Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLIC version 3.4.2731.16.43 Description: Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLIC devices enable the SSH service by default. A hidden, hard-coded root account exists that cannot be disabled through th...

9.8CVSS7.3AI score0.00338EPSS
Exploits0References5
VulnCheck KEV
VulnCheck KEV
added 2025/07/02 12:0 a.m.6 views

VulnCheck KEV: CVE-2024-53944

An issue was discovered on Tuoshi/Dionlink LT15D 4G Wi-Fi devices through M7628NNxlSPv2xUIv1.0.1802.10.08P4 and LT21B devices through M7628xUSAxUIv2v1.0.1481.15.02P0. A unauthenticated remote attacker with network access can exploit a command injection vulnerability. The /goform/formJsonAjaxReq...

9.8CVSS6.1AI score0.39247EPSS
In wildExploits0References137
RedhatCVE
RedhatCVE
added 2025/05/23 7:30 a.m.6 views

CVE-2024-48440

Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router NR500-EA RG500UEAABxCOMSLICv3.2.2543.12.18 was discovered to contain a command injection vulnerability via the component atcommand.asp...

8.8CVSS8AI score0.01632EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:15 a.m.9 views

CVE-2024-48442

Incorrect access control in Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router NR500-EA RG500UEAABxCOMSLICv3.2.2543.12.18 allows attackers to access the SSH protocol without authentication...

6.5CVSS6.9AI score0.00253EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/01 12:19 a.m.7 views

CVE-2024-53944

An issue was discovered on Tuoshi/Dionlink LT15D 4G Wi-Fi devices through M7628NNxlSPv2xUIv1.0.1802.10.08P4 and LT21B devices through M7628xUSAxUIv2v1.0.1481.15.02P0. A unauthenticated remote attacker with network access can exploit a command injection vulnerability. The /goform/formJsonAjaxReq...

9.8CVSS8.6AI score0.39247EPSS
Exploits0References1
NVD
NVD
added 2025/02/27 8:16 p.m.6 views

CVE-2024-53944

An issue was discovered on Tuoshi/Dionlink LT15D 4G Wi-Fi devices through M7628NNxlSPv2xUIv1.0.1802.10.08P4 and LT21B devices through M7628xUSAxUIv2v1.0.1481.15.02P0. A unauthenticated remote attacker with network access can exploit a command injection vulnerability. The /goform/formJsonAjaxReq...

9.8CVSS0.39247EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/02/27 12:0 a.m.6 views

CVE-2024-53944

An issue was discovered on Tuoshi/Dionlink LT15D 4G Wi-Fi devices through M7628NNxlSPv2xUIv1.0.1802.10.08P4 and LT21B devices through M7628xUSAxUIv2v1.0.1481.15.02P0. A unauthenticated remote attacker with network access can exploit a command injection vulnerability. The /goform/formJsonAjaxReq...

10AI score0.39247EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/02/27 12:0 a.m.4 views

PT-2025-8982

Name of the Vulnerable Software and Affected Versions Tuoshi/Dionlink LT15D 4G Wi-Fi devices version M7628NNxlSPv2xUI v1.0.1802.10.08 P4 Tuoshi/Dionlink LT21B devices version M7628xUSAxUIv2 v1.0.1481.15.02 P0 Description An issue allows a remote attacker with network access to exploit a command...

9.8CVSS8AI score0.39247EPSS
Exploits0References12
CNNVD
CNNVD
added 2025/02/27 12:0 a.m.5 views

Tuoshi LT15D 安全漏洞

Tuoshi LT15D is a wireless router from China's Tuoshi Tuoshi. A security vulnerability exists in the Tuoshi LT15D that originates from the /goform/formJsonAjaxReq endpoint that does not clean up shell metacharacters, allowing an unauthenticated, remote attacker to execute arbitrary OS commands...

9.8CVSS7.4AI score0.39247EPSS
Exploits0References6
CVE
CVE
added 2025/02/27 12:0 a.m.51 views

CVE-2024-53944

CVE-2024-53944 affects Tuoshi/Dionlink LT15D 4G and LT21B devices (M7628NNxlSPv2xUI_v1.0.1802.10.08_P4 and M7628xUSAxUIv2_v1.0.1481.15.02_P0). The issue is a command injection via /goform/formJsonAjaxReq where JSON parameters aren’t sanitized, allowing unauthenticated network‑remote attackers to ...

9.8CVSS8.6AI score0.39247EPSS
In wildExploits0References5
NVD
NVD
added 2024/10/24 6:15 p.m.11 views

CVE-2024-48440

Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router NR500-EA RG500UEAABxCOMSLICv3.2.2543.12.18 was discovered to contain a command injection vulnerability via the component atcommand.asp...

8.8CVSS0.01632EPSS
Exploits0References1
Rows per page
Query Builder