61 matches found
CVE-2026-10127
A weakness has been identified in Edimax BR-6478AC 1.23. This affects the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component POST Request Handler. This manipulation of the argument rootAPmac causes command injection. The attack may be initiated remotely. The exploit has...
EUVD-2020-19887
Malware in sbrugna...
EUVD-2018-4297
Malware in sbrugna...
CVE-2025-11301
A weakness has been identified in Belkin F9K1015 1.00.10. This affects an unknown function of the file /goform/formWlanSetupWPS. This manipulation of the argument webpage causes buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be...
EUVD-2025-30228
Malicious code in bioql PyPI...
EUVD-2022-26388
Malicious code in bioql PyPI...
EUVD-2025-1788
Malicious code in bioql PyPI...
CVE-2025-7770 Predictable Seed in Pseudo-Random Number Generator (PRNG) in Tigo Energy Cloud Connect Advanced
Tigo Energy's CCA device is vulnerable to insecure session ID generation in their remote API. The session IDs are generated using a predictable method based on the current timestamp, allowing attackers to recreate valid session IDs. When combined with the ability to circumvent session ID...
CVE-2023-24147
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for the telnet service which is stored in the component /etc/config/product.ini...
PT-2025-16977 · D Link · Dir 832
Name of the Vulnerable Software and Affected Versions: dlink DIR 832x version 240802 Description: The issue allows a remote attacker to execute arbitrary code via the target addr key value and the function 0x41737c. This enables the attacker to potentially gain control over the device...
CVE-2024-9200
A post-authentication command injection vulnerability in the "host" parameter of the diagnostic function in Zyxel VMG4005-B50A firmware versions through V5.15ABQA.2.2C0 could allow an authenticated attacker with administrator privileges to execute operating system OS commands on a vulnerable devi...
CVE-2024-9200
CVE-2024-9200 describes a post-authentication command injection in the Zyxel VMG4005-B50A diagnostic function via the vulnerable host parameter. A user with administrator privileges can trigger OS commands on the device. Affected firmware: through V5.15(ABQA.2.2)C0. Root cause: lack of input hand...
CVE-2024-8748
The CVE-2024-8748 entry describes a buffer overflow in the packet parser of the third‑party library libclinkc used by Zyxel VMG8825‑T50K firmware up to V5.50(ABOM.8.4)C0. This can allow a remote attacker to cause a temporary DoS of the device web management interface by sending a crafted HTTP POS...
CVE-2024-44402
D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via mspinfo.htm...
CVE-2024-29975
UNSUPPORTED WHEN ASSIGNED The improper privilege management vulnerability in the SUID executable binary in Zyxel NAS326 firmware versions before V5.21AAZF.17C0 and NAS542 firmware versions before V5.21ABAG.14C0 could allow an authenticated local attacker with administrator privileges to execute...
CVE-2023-37929
The buffer overflow vulnerability in the CGI program of the VMG3625-T50B firmware version V5.50ABPM.8C0 could allow an authenticated remote attacker to cause denial of service DoS conditions by sending a crafted HTTP request to a vulnerable device...
CVE-2023-37929
The buffer overflow vulnerability in the CGI program of the VMG3625-T50B firmware version V5.50ABPM.8C0 could allow an authenticated remote attacker to cause denial of service DoS conditions by sending a crafted HTTP request to a vulnerable device...
CVE-2023-37929
The buffer overflow vulnerability in the CGI program of the VMG3625-T50B firmware version V5.50ABPM.8C0 could allow an authenticated remote attacker to cause denial of service DoS conditions by sending a crafted HTTP request to a vulnerable device...
CVE-2023-37929
CVE-2023-37929 refers to a buffer overflow in the CGI program of the Zyxel VMG3625-T50B firmware (V5.50(ABPM.8)C0). The vulnerability allows an authenticated remote attacker to trigger denial of service by sending a crafted HTTP request to the affected device. CVSSv3.1 metrics indicate an attacke...
CVE-2023-38296
Various software builds for the following TCL 30Z and TCL A3X devices leak the ICCID to a system property that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party apps from directly obtaining non-resettable device identifiers...