16 matches found
CVE-2025-15256 Edimax BR-6208AC Web-based Configuration formStaDrvSetup command injection
A vulnerability was identified in Edimax BR-6208AC 1.02/1.03. Affected is the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component Web-based Configuration Interface. The manipulation of the argument rootAPmac leads to command injection. Remote exploitation of the attack i...
EUVD-2025-36506
The “Diagnostics Tools” page of the web-based configuration utility does not properly validate user-controlled input, allowing an authenticated user with high privileges to inject commands into the command shell of the TropOS 4th Gen device. The injected commands can be exploited to execute sever...
CVE-2025-1036
Command injection vulnerability exists in the “Logging” page of the web-based configuration utility. An authenticated user with low privileged network access for the configuration utility can execute arbitrary commands on the underlying OS to obtain root SSH access to the TropOS 4th Gen device...
EUVD-2007-3486
Malware in sbrugna...
SolaX Pocket WiFi Security Vulnerability
SolaX Power SolaX Pocket WiFi is a portable WiFi from SolaX Power. A security vulnerability exists in SolaX Pocket WiFi version 3 through 3.001.02, which stems from a WiFi network that provides a web-based configuration utility and an unauthenticated ModBus protocol interface...
CVE-2023-35835
The CVE-2023-35835 issue affects SolaX Pocket WiFi (versions 3–3.001.02) where the device exposes a WiFi access point for initial configuration that lacks network authentication and remains active after setup, paired with an unauthenticated ModBus interface and a web-based configuration utility. ...
Nagios XI SQL Injection Vulnerability (CNVD-2021-90908)
Nagios XI is a commercial monitoring solution built on Nagios Core, including dashboards, web-based configuration, advanced reporting, and rich data visualization.A SQL injection vulnerability exists in the bulk modification feature of Nagios XI versions prior to 5.8.5. An attacker could exploit...
Nagios XI file inclusion vulnerability
Nagios XI is a commercial monitoring solution built on Nagios Core, including dashboards, web-based configuration, advanced reporting, and rich data visualization.A local file inclusion vulnerability exists in versions of Nagios XI prior to 5.8.5. The vulnerability stems from an improper...
Command injection
The web-based configuration interface of the TP-Link M7350 V3 with firmware before 190531 is affected by a pre-authentication command injection vulnerability...
CVE-2019-12103
The CVE-2019-12103 issue affects TP-Link M7350 V3 with firmware before 190531. The web-based configuration interface is vulnerable to a pre-authentication command injection, enabling an attacker to execute commands without authentication. Red Hat and CNVD entries corroborate the same pre-auth vul...
Nagios XI < 2012R2.4 SQL Injection Vulnerability (deprecated)
Binary data 7138.pasl...
FreePBX 2.10.0, 2.9.0 Multiple Vulnerabilities
Exploit for php platform in category web applications Product: FreePBX Version: 2.10.0, 2.9.0 and perhaps earlier versions Type: Remote Command Execution, XSS Release Date: March 14, 2012 Vendor Notification Date: Jun 12, 2011 Author: Martin Tschirsich Overview: A remote command execution...
FreePBX 2.10.0 Remote Command Execution / XSS
Product: FreePBX Version: 2.10.0, 2.9.0 and perhaps earlier versions Type: Remote Command Execution, XSS Release Date: March 14, 2012 Vendor Notification Date: Jun 12, 2011 Author: Martin Tschirsich Overview: A remote command execution vulnerability and some XSS in current and earlier FreePBX...
Design/Logic Flaw
Uniden UIP1868P VoIP Telephone and Router has a default password of admin for the web-based configuration utility, which allows remote attackers to obtain sensitive information on the device such as telephone numbers called, and possibly connect to other hosts. NOTE: it is possible that this...
CVE-2001-1065
CVE-2001-1065 affects Cisco 600-series routers running CBOS 2.0.1–2.4.2ap, where the web-based configuration utility binds to port 80 even when web configuration services are disabled. This could leave the device accessible to an attacker via the web interface. Root cause: the process binds port ...
CBOS Web-based Configuration Utility Vulnerability
...