16812 matches found
CVE-2025-13399
A weakness in the web interface’s application layer encryption in VX800v v1.0 allows an adjacent attacker to brute force the weak AES key and decrypt intercepted traffic. Successful exploitation requires network proximity but no authentication, and may result in high impact to confidentiality,...
CVE-2026-1498 WatchGuard Firebox LDAP Injection
An LDAP Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from a connected LDAP authentication server through an exposed authentication or management web interface. This vulnerability may also allow a remote attacker to...
CVE-2025-69929
An issue in N3uron Web User Interface v.1.21.7-240207.1047 allows a remote attacker to escalate privileges via the password hashing on the client side using the MD5 algorithm over a predictable string format...
LocalSend cross-site scripting vulnerability
LocalSend is an open-source alternative to AirDrop developed by LocalSend. Versions of LocalSend 1.17.0 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from the Web interface client’s logic, which posed a risk of cross-site scripting attacks, potentially...
D-Link DSL-6641K has a code injection vulnerability
The D-Link DSL-6641K is a router produced by D-Link Corporation. The D-Link DSL-6641K N8.TR069.20131126 contains a code injection vulnerability. This vulnerability stems from incorrect handling of parameters named “Name” within the web interface components, which may lead to cross-site scripting...
PT-2026-5462
Name of the Vulnerable Software and Affected Versions D-Link DSL-6641K version N8.TR069.20131126 Description A flaw exists within the Web Interface component of the device, specifically in the ad virtual server vdsl function. Manipulating the Name argument can lead to cross site scripting. This...
CVE-2025-69929
An issue in N3uron Web User Interface v.1.21.7-240207.1047 allows a remote attacker to escalate privileges via the password hashing on the client side using the MD5 algorithm over a predictable string format...
CVE-2025-15548
Some VX800v v1.0 web interface endpoints transmit sensitive information over unencrypted HTTP due to missing application layer encryption, allowing a network adjacent attacker to intercept this traffic and compromise its confidentiality...
CVE-2025-13399
A weakness in the web interface’s application layer encryption in VX800v v1.0 allows an adjacent attacker to brute force the weak AES key and decrypt intercepted traffic. Successful exploitation requires network proximity but no authentication, and may result in high impact to confidentiality,...
CVE-2025-45160
A HTML injection vulnerability exists in the file upload functionality of Cacti " port port="80" protocol="tcp" accept' firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="" port port="443" protocol="tcp" accept' firewall-cmd --reload Replace with the actual IP address or...
CVE-2026-1601 Totolink A7000R cstecgi.cgi setUploadUserData command injection
A weakness has been identified in Totolink A7000R 4.1cu.4154. The impacted element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument FileName can lead to command injection. The attack can be launched remotely. The exploit has been made...
CVE-2025-15548 Missing Application-Layer Encryption in Web Interface Endpoints on TP-Link VX800v
Some VX800v v1.0 web interface endpoints transmit sensitive information over unencrypted HTTP due to missing application layer encryption, allowing a network adjacent attacker to intercept this traffic and compromise its confidentiality...
CVE-2025-15548 Missing Application-Layer Encryption in Web Interface Endpoints on TP-Link VX800v
Some VX800v v1.0 web interface endpoints transmit sensitive information over unencrypted HTTP due to missing application layer encryption, allowing a network adjacent attacker to intercept this traffic and compromise its confidentiality...
CVE-2025-13399
The CVE-2025-13399 entry covers a weakness in the VX800v v1.0 web interface where the application-layer encryption uses a weak AES key. An adjacent attacker can brute-force this key to decrypt intercepted traffic without authentication. Impact is described as high for confidentiality, integrity, ...
EUVD-2025-206515
A weakness in the web interface’s application layer encryption in VX800v v1.0 allows an adjacent attacker to brute force the weak AES key and decrypt intercepted traffic. Successful exploitation requires network proximity but no authentication, and may result in high impact to confidentiality,...
CVE-2025-13399 Insecure Encryption in Communication with the Web Interface on TP-Link VX800v
A weakness in the web interface’s application layer encryption in VX800v v1.0 allows an adjacent attacker to brute force the weak AES key and decrypt intercepted traffic. Successful exploitation requires network proximity but no authentication, and may result in high impact to confidentiality,...
CVE-2025-13399
A weakness in the web interface’s application layer encryption in VX800v v1.0 allows an adjacent attacker to brute force the weak AES key and decrypt intercepted traffic. Successful exploitation requires network proximity but no authentication, and may result in high impact to confidentiality,...
CVE-2025-69929
An issue in N3uron Web User Interface v.1.21.7-240207.1047 allows a remote attacker to escalate privileges via the password hashing on the client side using the MD5 algorithm over a predictable string format...
PT-2026-5319
A weakness in the web interface’s application layer encryption in VX800v v1.0 allows an adjacent attacker to brute force the weak AES key and decrypt intercepted traffic. Successful exploitation requires network proximity but no authentication, and may result in high impact to confidentiality,...
TP-Link VX800v security vulnerability
The TP-Link VX800v is a VoIP gateway produced by the TP-Link company. The TP-Link VX800v 1.0 version has a security vulnerability. This vulnerability stems from weaknesses in the Web interface’s application layer encryption. It could allow adjacent attackers to brute-force the weak AES key and...