tplink-priv-zero

TP-Link TL-WR841N v14 — Authenticated OS Command Injection RC...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via inadequate enforcement of branch delete permissions after merging a pull request. An attacker can delete arbitrary branches. Remediation Upgrade github.com/go-gitea/gitea/routers/web/repo to version 1.22.5 or...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via inadequate enforcement of branch delete permissions after merging a pull request. An attacker can delete arbitrary branches. Remediation Upgrade code.gitea.io/gitea/routers/web/repo to version 1.22.5 or highe...

D-Link DIR-818L Injection Vulnerability

The D-Link DIR-818L is a WiFi router from the Chinese company AUO D-Link. The D-Link DIR-818L suffers from an injection vulnerability that originates from a misbehavior in the file /htdocs/cgibin, which can be exploited by an attacker to bypass authentication and access restricted data by injecti...

TOTOLINK A3002R 安全漏洞

The TOTOLINK A3002R is a wireless router manufactured by China's Gion Electronics TOTOLINK, whose main function is to provide wireless network connectivity for home or small office environments. The TOTOLINK A3002R suffers from a command injection vulnerability that stems from the bupload.html...

D-Link DIR-645 Command Injection Vulnerability

D-Link DIR-645 is a Gigabit wireless router for home and SMB users launched by D-Link in 2012. The D-Link DIR-645 suffers from a command injection vulnerability that stems from the failure of the file /htdocs/cgibin function ssdpcgimain in the component ssdpcgi to correctly filter constructed...

The vulnerability of the sys_login function in the /cgi-bin/login.cgi script of the WAVLINK QUANTUM D2G, QUANTUM D3G, WL-WN530G3A, WL-WN530HG3, WL-WN532A3, and WL-WN576K1 routers allows a hacker to execute arbitrary code.

The vulnerability of the syslogin function in the /cgi-bin/login.cgi script of the WAVLINK QUANTUM D2G, QUANTUM D3G, WL-WN530G3A, WL-WN530HG3, WL-WN532A3, and WL-WN576K1 routers is related to the copying of buffers without checking the size of the input data during the processing of the loginpage...

D-Link DIR-880L 安全漏洞

The D-Link DIR-880L is a dual-band Gigabit wireless router from China's AUO D-Link. The D-Link DIR-880L suffers from a command injection vulnerability, which arises from the failure of the file /htdocs/ssdpcgi in the component Request Header Handler to correctly filter the constructed command...

TOTOLINK LR1200GB UploadCustomModule function stack buffer overflow vulnerability

The TOTOLINK LR1200GB is a wireless dual-band 4GLTE router from China's Gion Electronics TOTOLINK that supports 2.4GHz and 5GHz dual-band networks, and is primarily used to provide mobile broadband connectivity and Wi-Fi coverage. The TOTOLINK LR1200GB suffers from a stack buffer overflow...

CVE-2023-50089

A Command Injection vulnerability exists in NETGEAR WNR2000v4 version 1.0.0.70. When using HTTP for SOAP authentication, command execution occurs during the process after successful authentication...

Tenda AX12 跨站请求伪造漏洞

Tenda AX12 is a dual-band Gigabit Wifi 6 wireless router from Tenda, China. A security vulnerability exists in Tenda AX12 version v22.03.01.21CN, which originates from a cross-site request forgery CSRF via /goform/SysToolRestoreSet...

Skipper 代码问题漏洞

Skipper is an HTTP router and reverse proxy for service portfolios. A security vulnerability exists in Zalando Skipper version v0.13.236 that stems from vulnerability to server-side request forgery SSRF attacks...

Malicious code in @eda.yandex/web-router (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5c5a6f22fa46a2434e58223fb9802f0f65d739408da3658b572c9746a8f8f07c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-225 Malicious code in @eda.yandex/web-router (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5c5a6f22fa46a2434e58223fb9802f0f65d739408da3658b572c9746a8f8f07c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...