15 matches found
CVE-2022-4982
DBLTek GoIP-1 firmware versions up to and including GHSFVT-1.1-67-5 contain a local file inclusion vulnerability. The device's web server exposes handlers frame.html and frame.A100.html that accept a path parameter content or sidebar which is not properly validated or canonicalized. An attacker c...
EUVD-2022-52940
Malicious code in bioql PyPI...
CVE-2025-9357 Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 langSwitchByBBS stack-based overflow
A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function langSwitchByBBS of the file /goform/langSwitchByBBS. The manipulation of the argument langSelectionOnly leads to stack-bas...
CVE-2021-39291
Certain NetModule devices allow credentials via GET parameters to CLI-PHP. These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3720, and NB3800...
Zyxel VMG8825-T50K 操作系统命令注入漏洞
The Zyxel VMG8825-T50K is an Internet access device from China Hopkins Zyxel. An operating system command injection vulnerability exists in Zyxel VMG8825-T50K V5.50ABOM.8.5C0 and earlier versions, which stems from a command injection in the DNSServer parameter in the diagnostic function, which...
Design/Logic Flaw
Client-side enforcement of server-side security issue exists in T&D Corporation and ESPEC MIC CORP. data logger products, which may lead to an arbitrary script execution on a logged-in user's web browser. Affected products and versions are as follows: T&D Corporation data logger products TR-71W/7...
PT-2022-4660 · Zyxel · Zyxel Nas326 +2
Name of the Vulnerable Software and Affected Versions: Zyxel NAS326 firmware versions prior to V5.21AAZF.12C0 Zyxel NAS540 firmware versions prior to V5.21AAZF.12C0 Zyxel NAS542 firmware versions prior to V5.21AAZF.12C0 Description: A format string vulnerability could allow an attacker to achieve...
Netgear WNR3500L和NETGEAR 加密问题漏洞
Netgear WNR3500L and NETGEAR are both products of Netgear, Inc.WNR3500L is a wireless router.NETGEAR is a router. A hardware device that connects two or more networks and acts as a gateway between networks. A security vulnerability exists in NETGEAR devices that stems from the fact that some...
Tenda AC11 缓冲区错误漏洞
The Tenda AC11 is an AC1200 dual-band Gigabit WiFi router. A stack buffer overflow vulnerability exists in /gofrom/setwanType in the Tenda AC11 02.03.01.104CN and earlier firmware. An attacker can exploit this vulnerability to execute arbitrary code on the system via a specially crafted post...
CVE-2020-35814
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30,...
Certain NETGEAR devices Cross-Site Scripting Vulnerability
Netgear NETGEAR is a router from the American company Netgear. It is a hardware device that connects two or more networks and acts as a gateway between networks. A cross-site scripting vulnerability exists in Certain NETGEAR devices and affects the following products and versions: D7800 before...
CVE-2019-20717
Certain NETGEAR devices are affected by denial of service. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D7800 before 1.0.1.44, EX2700 before 1.0.1.52, EX6200v2 before 1.0.1.74, EX8000 before 1.0.1.180, R7500v2 before 1.0.3.38, R7800 before 1.0.2.58, RBK20 before 2.3.0.28, RBR20 befo...
TP-Link TL-WR886N Denial of Service Vulnerability
The TP-Link TL-WR886N is a wireless router product from China P&L TP-LINK. A security vulnerability exists in TP-Link TL-WR886N version 6.0 2.3.4 and 7.0 1.1.0. An attacker can exploit the vulnerability by sending a request with long JSON data to cause the router service to crash...
CVE-2017-2186
HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to bypass authentication to load malicious firmware via WebUI...
Dlink DIR Routers - Unauthenticated HNAP Login Stack Buffer Overflow (Metasploit) Exploit
Exploit for hardware platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' Payload working status: MIPS: - all valid payloads working the ones that we are able to send...