CVE-2024-23766

An issue was discovered on HMS Anybus X-Gateway AB7832-F 3 devices. The gateway exposes a web interface on port 80. An unauthenticated GET request to a specific URL triggers the reboot of the Anybus gateway or at least most of its modules. An attacker can use this feature to carry out a denial of...

CVE-2024-23766

CVE-2024-23766 affects HMS Anybus X-Gateway AB7832-F (3 devices) where an unauthenticated GET request to a specific URL on port 80 can reboot the gateway or many modules, enabling DoS via repeated requests. Documented impact is availability loss (CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H; bas...

CVE-2021-41553

In ARCHIBUS Web Central 21.3.3.815 (2014), the Web Application at /archibus/login.axvw assigns a session token that can already be in use by another user. After login, the app does not issue a new token, continuing to use the inserted token as the session identifier. It is also possible to set th...

Cross site request forgery (csrf)

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and 4.0.8-std devices. They can be rebooted by sending an unauthenticated poof.cgi HTTP GET request...

Cross site request forgery (csrf)

An improper webserver configuration on Plum IK-401 devices with firmware before 1.02 allows an attacker with network access to the device to obtain the configuration file, including hashed credential data. Successful exploitation could allow access to hashed credential data with a single...

CVE-2019-20487

An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multiple actions within the WNR1000V4 web management console are vulnerable to an unauthenticated GET request exploitable directly or through CSRF, as demonstrated by the setup.cgi?todo=savehtpaccount URI...