9 matches found
CVE-2026-25071
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a missing authentication vulnerability in the /switchconfig.src endpoint that allows unauthenticated remote attackers to download device configuration files. Attackers can access this endpoint without credentials to...
CVE-2026-25071
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a missing authentication vulnerability in the /switchconfig.src endpoint that allows unauthenticated remote attackers to download device configuration files. Attackers can access this endpoint without credentials to...
CVE-2026-25071
CVE-2026-25071 affects XikeStor SKS8310-8X network switch firmware version 1.04.B07 and earlier. The vulnerability is a missing authentication on the /switch_config.src endpoint, allowing unauthenticated remote attackers to download device configuration files, potentially exposing sensitive VLAN ...
CVE-2026-25071 XikeStor SKS8310-8X switch_config.src Missing Authentication
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a missing authentication vulnerability in the /switchconfig.src endpoint that allows unauthenticated remote attackers to download device configuration files. Attackers can access this endpoint without credentials to...
The vulnerability of the SetVLANSettings() function in the prog.cgi script of D-Link DIR-878 and DIR-882 routers allows a hacker to execute arbitrary commands.
The vulnerability of the SetVLANSettings function in the prog.cgi script of D-Link DIR-878 and DIR-882 routers exists due to the failure to take measures to neutralize special elements used in operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary...
CVE-2024-48637
D-Link DIR882FW130B06 and DIR878 DIR878FW130B08 were discovered to contain a command injection vulnerability via the VLANID:1/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request...
CVE-2024-48635
D-Link DIR-882 (firmware FW130B06) and DIR-878 (firmware FW130B08) expose a command injection in SetVLANSettings. The root cause is a lack of neutralization of special elements in the VLANID:2/VID parameter, allowing an attacker to run arbitrary OS commands via a crafted POST request. Public sour...
PT-2024-7094 · D Link · D-Link Dir-878 +1
Name of the Vulnerable Software and Affected Versions: D-Link DIR-882 versions FW130B06 D-Link DIR-878 version FW130B08 Description: A command injection issue exists in the SetVLANSettings function due to insufficient neutralization of special elements used in an OS command. This allows attackers...
PT-2024-7035 · D Link · D-Link Dir-878 +1
Name of the Vulnerable Software and Affected Versions: D-Link DIR-882 versions FW130B06 D-Link DIR-878 versions FW130B08 Description: A command injection issue exists due to the lack of neutralization of special elements used in the operating system command in the SetVLANSettings function. This...