94 matches found
PT-2022-4903 · NetGear · Netgear N300
Name of the Vulnerable Software and Affected Versions: Netgear N300 wireless router version 1.0.0.70 Description: The issue is related to a stack overflow via strcpy in uhttpd, which can lead to a buffer overflow when processing configuration files in the uHTTPd web server. This can potentially...
VulnCheck KEV: CVE-2021-4045
TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, present in the uhttpd binary running by default as root. The exploitation of this vulnerability allows an attacker to take full control of the camera...
Tp-link Tapo C200 Command Injection Vulnerability
A command injection vulnerability exists in Tp-link Tapo C200 1.1.15 and previous firmware versions, which is caused by the presence of a uhttpd binary file that runs as root by default and lacks filtering and escaping. An unauthenticated attacker could use this vulnerability to execute system...
CVE-2021-4045
TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, present in the uhttpd binary running by default as root. The exploitation of this vulnerability allows an attacker to take full control of the camera...
CVE-2021-4045
TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, present in the uhttpd binary running by default as root. The exploitation of this vulnerability allows an attacker to take full control of the camera...
Default configuration
TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, present in the uhttpd binary running by default as root. The exploitation of this vulnerability allows an attacker to take full control of the camera...
Tp-link Tapo C200 命令注入漏洞
A command injection vulnerability exists in Tp-link Tapo C200 1.1.15 and previous firmware versions, which is caused by the presence of a uhttpd binary file that runs as root by default and lacks filtering and escaping. An unauthenticated attacker could use this vulnerability to execute system...
CVE-2021-4045 TP-LINK Tapo C200 remote code execution vulnerability
TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, present in the uhttpd binary running by default as root. The exploitation of this vulnerability allows an attacker to take full control of the camera...
CVE-2021-4045
CVE-2021-4045 affects Tp-Link Tapo C200 IP cameras running firmware 1.1.15 and earlier. The vulnerability arises from a root-running uhttpd binary that does not properly filter/escape input, enabling an unauthenticated remote command execution (RCE) and full device compromise. Public documents co...
PT-2022-2572 · Tp Link · Tp-Link Tapo C200
Name of the Vulnerable Software and Affected Versions: TP-Link Tapo C200 version 1.1.15 and below Description: The issue is related to an unauthenticated remote code execution RCE vulnerability in the uhttpd binary, which runs by default as root. This vulnerability is caused by a lack of input da...
CVE-2021-4045
TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, present in the uhttpd binary running by default as root. The exploitation of this vulnerability allows an attacker to take full control of the camera...
PT-2022-4911 · NetGear · Netgear N300 Wireless Router
Name of the Vulnerable Software and Affected Versions: Netgear N300 wireless router wnr2000v4 version V1.0.0.70 Description: The issue is related to a buffer overflow vulnerability caused by the strcpy function in the uhttpd web server, which can lead to a stack overflow. This vulnerability can b...
Exploit for Command Injection in Tp-Link Tapo_C200_Firmware
CVE-2021-4045 CVE-2021-4045 is a Command Injection vulnerabil...
CVE-2021-25811
MERCUSYS Mercury X18G 1.0.5 devices allow Denial of service via a crafted value to the POST listenhttplan parameter. Upon subsequent device restarts after this vulnerability is exploted the device will not be able to access the webserver unless the listenhttplan parameter to uhttpd.json is manual...
CVE-2021-25811
CVE-2021-25811 affects MERCUSYS Mercury X18G 1.0.5. A DoS can be triggered by a crafted value sent via POST to listen_http_lan, and after reboot the webserver may be inaccessible until the listen_http_lan value in uhttpd.json is corrected. No exploitation details are provided in the available doc...
CVE-2020-27865
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 firmware version 1.04B03 WiFi extenders. Authentication is not required to exploit this vulnerability. The specific flaw exists within the uhttpd service, which listens on T...
CVE-2020-27865
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 firmware version 1.04B03 WiFi extenders. Authentication is not required to exploit this vulnerability. The specific flaw exists within the uhttpd service, which listens on T...
Design/Logic Flaw
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 firmware version 1.04B03 WiFi extenders. Authentication is not required to exploit this vulnerability. The specific flaw exists within the uhttpd service, which listens on T...
CVE-2020-27865
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 firmware version 1.04B03 WiFi extenders. Authentication is not required to exploit this vulnerability. The specific flaw exists within the uhttpd service, which listens on T...
CVE-2020-27865
The CVE-2020-27865 entry concerns the D-Link DAP-1860 WiFi extender (firmware 1.04B03). A flaw in the uhttpd service causes incorrect string matching when accessing protected pages, enabling network-adjacent attackers to bypass authentication and execute arbitrary code with device privileges. Mul...