9 matches found
CVE-2026-61875
luci-app-upnp contains a stored cross-site scripting vulnerability that allows unauthenticated LAN clients to inject JavaScript via UPnP IGD AddPortMapping SOAP requests. Attackers can send malicious HTML in the NewPortMappingDescription field, which miniupnpd stores and luci-app-upnp renders...
CVE-2026-61875
The vulnerability is in luci-app-upnp (OpenWrt LuCI) and is a stored cross-site scripting (XSS) flaw in the UPnP IGD AddPortMapping SOAP request. An unauthenticated LAN client can submit malicious HTML in the NewPortMappingDescription field; miniupnpd stores it and luci-app-upnp renders it withou...
CVE-2026-36611
Mercusys AC12G EU V1 with firmware AC12GEUV1200909 returns 128 bytes of uninitialized buffer when receiving POST requests without SOAPAction header on UPnP port 1900, exposing internal memory to unauthenticated adjacent network attackers...
CVE-2026-36608
Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 allows UPnP AddPortMapping to forward external ports to the router's own admin interface by accepting its own IP 192.168.1.1 or localhost 127.0.0.1 as InternalClient. An unauthenticated LAN attacker can expose the admin panel to the intern...
CVE-2026-36611
Mercusys AC12G EU V1 with firmware AC12GEUV1200909 returns 128 bytes of uninitialized buffer when receiving POST requests without SOAPAction header on UPnP port 1900, exposing internal memory to unauthenticated adjacent network attackers...
CVE-2023-35722
NETGEAR RAX30 UPnP Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists withi...
NETGEAR RAX30 安全漏洞
The NETGEAR RAX30 is a wireless router from NETGEAR. The NETGEAR RAX30 suffers from a command injection vulnerability that stems from a command injection vulnerability when processing UPnP port mapping requests, which can be exploited by an attacker to execute arbitrary commands...
PT-2023-3417 · NetGear · Netgear Rax30
Name of the Vulnerable Software and Affected Versions: NETGEAR RAX30 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this issue. The...
openSUSE Security Update : tor (openSUSE-SU-2014:0719-1) (Heartbleed)
tor 0.2.4.22 bnc878486 Tor was updated to the recommended version of the 0.2.4.x series. - major features in 0.2.4.x : - improved client resilience - support better link encryption with forward secrecy - new NTor circuit handshake - change relay queue for circuit create requests from size-based...