104 matches found
CVE-2012-2439
The default configuration of the NETGEAR ProSafe FVS318N firewall enables web-based administration on the WAN interface, which allows remote attackers to establish an HTTP connection and possibly have unspecified other impact via unknown vectors...
CVE-2024-6199
An unauthenticated attacker on the WAN interface, with the ability to intercept Dynamic DNS DDNS traffic between DDNS services and the modem, could manipulate specific responses to include code that forces a buffer overflow on the modem. Customers that have not enabled Dynamic DNS on their modem...
CVE-2024-6199
An unauthenticated attacker on the WAN interface, with the ability to intercept Dynamic DNS DDNS traffic between DDNS services and the modem, could manipulate specific responses to include code that forces a buffer overflow on the modem. Customers that have not enabled Dynamic DNS on their modem...
CVE-2024-6199
CVE-2024-6199 describes an unauthenticated remote code execution vector on the WAN interface via interception of Dynamic DNS (DDNS) traffic, enabling an attacker to inject responses that trigger a buffer overflow in the modem. Reported impact includes ability to execute code on affected devices, ...
PT-2025-17903 · Viasat · Eg1000 +4
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: An unauthenticated attacker on the WAN interface, with the ability to intercept Dynamic DNS DDNS traffic between DDNS services and the modem, could manipulate specific responses to include...
CVE-2024-41992
Wi-Fi Alliance wfadut in Wi-Fi Test Suite through 9.0.0 allows OS command injection via 802.11x frames because the system library function is used. For example, on Arcadyan FMIMG51AX000J devices, this leads to wfaTGSendPing remote code execution as root via traffic to TCP port 8000 or 8080 on a L...
CVE-2024-41992
Wi-Fi Alliance wfadut in Wi-Fi Test Suite through 9.0.0 allows OS command injection via 802.11x frames because the system library function is used. For example, on Arcadyan FMIMG51AX000J devices, this leads to wfaTGSendPing remote code execution as root via traffic to TCP port 8000 or 8080 on a L...
CVE-2024-41992
Wi-Fi Alliance wfadut in Wi-Fi Test Suite through 9.0.0 allows OS command injection via 802.11x frames because the system library function is used. For example, on Arcadyan FMIMG51AX000J devices, this leads to wfaTGSendPing remote code execution as root via traffic to TCP port 8000 or 8080 on a L...
CVE-2024-41992
The CVE-2024-41992 entry concerns the Wi‑Fi Alliance’s wfa_dut (Wi‑Fi Test Suite) up to version 9.0.0, where OS command injection is possible because the code uses the system() library function. Affected Arcadyan FMIMG51AX000J devices can achieve remote code execution as root (example: wfaTGSendP...
Zyxel IKE Packet Decoder - Unauthenticated Remote Code Execution (Metasploit)
Exploit Title: Zyxel IKE Packet Decoder Unauthenticated Remote Code Execution Date: 2023-03-31 Exploit Author: sf Vendor Homepage: https://www.zyxel.com/ Software Link: https://www.zyxel.com/ Version: ATP Firmware version 4.60 to 5.35 inclusive, USG FLEX Firmware version 4.60 to 5.35 inclusive, V...
CVE-2024-4173
A vulnerability in Brocade SANnav exposes Kafka in the wan interface. The vulnerability could allow an unauthenticated attacker to perform various attacks, including DOS against the Brocade SANnav...
CVE-2024-4173
A vulnerability in Brocade SANnav exposes Kafka in the wan interface. The vulnerability could allow an unauthenticated attacker to perform various attacks, including DOS against the Brocade SANnav...
CVE-2024-4173 SANnav versions exposes Kafka in the wan interface.
A vulnerability in Brocade SANnav exposes Kafka in the wan interface. The vulnerability could allow an unauthenticated attacker to perform various attacks, including DOS against the Brocade SANnav...
CVE-2024-4173
CVE-2024-4173 affects Brocade SANnav. Public docs show that Kafka is exposed on the WAN interface and, in SANnav versions prior to 2.2.0, the Kafka process runs as root with default credentials, enabling unauthenticated access that could lead to DOS among other attacks. The issue is documented by...
Broadcom Brocade SANnav 安全漏洞
Broadcom Brocade SANnav is a suite of SAN management platforms from Broadcom USA. A security vulnerability exists in Brocade SANnav versions prior to v2.2.0 that stems from exposing Kafka in the WAN interface, which could allow an unauthenticated attacker to perform various attacks...
Brocade SANnav exposes Kafka in the wan interface (CVE-2024-4173)
Brocade SANnav ports used by Kafka are open for the entire wan vs being limited to only the FabricOS switches discovered by the SANnav. Additionally, in Brocade SANnav versions priorto version v2.2.0, the Kafka process is started as a root user using defaultcredentials. The vulnerability could...
Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. (CVE-2024-29964)
Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. An unprivileged attacker who gains access to the server can read sensitive information from these files...
CVE-2023-31728
Teltonika RUT240 devices with firmware before 07.04.2, when bridge mode is used, sometimes make SSH and HTTP services available on the IPv6 WAN interface even though the UI shows that they are only available on the LAN interface...
CVE-2023-31808
Technicolor TG670 10.5.N.9 devices contain multiple accounts with hard-coded passwords. One account has administrative privileges, allowing for unrestricted access over the WAN interface if Remote Administration is enabled...
CVE-2023-31808
Technicolor TG670 10.5.N.9 devices contain multiple accounts with hard-coded passwords. One account has administrative privileges, allowing for unrestricted access over the WAN interface if Remote Administration is enabled...