CVE-2026-50224

CVE-2026-50224 describes that the web administration panel binds broadly to the public IPv6 space on port [::]:8080 with no default firewall limits, making internal API endpoints reachable over the WAN. The NVD entry cites a network attack vector with low exploit complexity and no user interactio...

CVE-2023-53881

ReyeeOS 1.204.1614 contains an unencrypted CWMP communication vulnerability that allows attackers to intercept and manipulate device communication through a man-in-the-middle attack. Attackers can create a fake CWMP server to inject and execute arbitrary commands on Ruijie Reyee Cloud devices by...

EUVD-2021-6816

Malicious code in bioql PyPI...

PT-2025-36367

Name of the Vulnerable Software and Affected Versions TP-Link AX10 versions prior to 1.2.1 TP-Link AX1500 versions prior to 1.3.11 Description A flaw exists in the CWMP CWMP/TR-069 binary of TP-Link AX10 and AX1500 routers that could allow an authenticated attacker to remotely execute arbitrary...

Cisco SD-WAN vManage 安全漏洞

Cisco SD-WAN vManage is a highly customizable dashboard from Cisco, Inc. that simplifies and automates the deployment, configuration, management, and operation of Cisco SD-WAN. An access control error vulnerability exists in Cisco SD-WAN vManage that stems from improperly enforced access control ...

CVE-2020-10209

Command Injection in the CPE WAN Management Protocol CWMP registration in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows man-in-the-middle attackers to execute arbitrary commands with root level privileges...

CVE-2020-10209

Command Injection in the CPE WAN Management Protocol CWMP registration in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows man-in-the-middle attackers to execute arbitrary commands with root level privileges...

NetGear WNDR Authentication Bypass / Information Disclosure

NetGear WNDR Authentication Bypass / Information Disclosure Discovered by: ---- Peter Adkins [email protected] Access: ---- Local network; unauthenticated access. Remote network; unauthenticated access. Tracking and identifiers: ---- CVE - Mitre contacted; not yet allocated. Platforms...

NetGear WNDR Authentication Bypass / Information Disclosure

A number of NetGear WNDR devices contain an embedded SOAP service that is seemingly for use with the NetGear Genie application. This service allows for viewing and setting of certain router parameters. This SOAP service is prone to an authentication bypass. SPDX-FileCopyrightText: 2015 Greenbone ...

TR-069 Auto Configuration Server Arbitrary Code Execution Vulnerability (CNVD-2015-00283)

TR-069 is the DSL Forum Technical Specification "CPE WAN Management Protocol CWMP", which defines the application layer protocol for remote management of end devices. An arbitrary code execution vulnerability exists in TR-069 Auto Configuration Server. A remote attacker can exploit this...