16828 matches found
CVE-2025-40597
Summary: CVE-2025-40597 is a heap-based buffer overflow in the SonicWall SMA100 series web interface, allowing remote, unauthenticated attackers to cause DoS or potentially execute code. Affected software: SonicWall SMA100 series (web interface). Impact: Denial of Service and potential code execu...
CVE-2025-40597
A Heap-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service DoS or potentially results in code execution...
CVE-2025-40597
A Heap-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service DoS or potentially results in code execution...
CVE-2025-40596
A Stack-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service DoS or potentially results in code execution...
CVE-2025-40596
CVE-2025-40596 affects SonicWall SMA100 series Web Interface: a stack-based buffer overflow in the SMA100 web UI can be triggered remotely (no auth) and may cause DoS or, per the description, potentially enable code execution. The available sources confirm the vulnerability class and impact vecto...
CVE-2025-41684
An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the Main Web Interface endpoint tlsiotgensetting...
CVE-2025-41684
An authenticated remote attacker can execute arbitrary commands with root privileges via the tls_iotgen_setting endpoint in the Main Web Interface of affected Apache IoT devices. Root cause is improper sanitizing of user input, enabling command injection. Impact is full control of the device at r...
CVE-2025-41683 Weidmueller: Root Command Injection via Unsanitized Input in event_mail_test Endpoint
An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the Main Web Interface endpoint eventmailtest...
CVE-2025-46120
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where a path-traversal flaw in the web interface lets the server execute attacker-supplied EJS templates outside permitted directories, allowing a...
Weidmueller多款产品 操作系统命令注入漏洞
The Weidmueller IE-SR-2TX-WL, among others, is an industrial-grade security router from Weidmueller, Germany. An operating system command injection vulnerability exists in several Weidmueller products. The vulnerability stems from improper cleanup of user input in the main web interface, which...
The vulnerability of the System Time module in the D-LINK DIR-818LW router’s software management web interface allows a hacker to execute arbitrary commands.
The vulnerability of the System Time module in the D-LINK DIR-818LW router’s software management web interface is related to the lack of measures taken to neutralize special elements during the processing of the NTP Server parameter. Exploiting this vulnerability allows a remote attacker to execu...
PT-2025-30589
Name of the Vulnerable Software and Affected Versions SonicWall SMA100 series Description A stack-based buffer overflow vulnerability in the web interface allows a remote, unauthenticated attacker to cause a Denial of Service DoS or potentially achieve code execution. Recommendations At the momen...
The vulnerability in the web interface of the Wi-Fi router TP-Link Archer C1200 allows a hacker to compromise the integrity of the protected information.
The vulnerability of the web interface for managing microprogramming software on the TP-Link Archer C1200 Wi-Fi router is related to improper restrictions on the layers or frames displayed in the user interface. Exploiting this vulnerability allows a malicious actor to compromise the integrity of...
PT-2025-30593
Name of the Vulnerable Software and Affected Versions SMA100 series affected versions not specified Description A heap-based buffer overflow exists in the web interface. This allows a remote, unauthenticated attacker to cause a Denial of Service DoS or potentially achieve code execution...
CVE-2025-41425
DuraComm SPM-500 DP-10iN-100-MU is vulnerable to a cross-site scripting attack. This could allow an attacker to prevent legitimate users from accessing the web interface...
CVE-2025-41425
The CVE-2025-41425 entry concerns the DuraComm SPM-500 DP-10iN-100-MU device, with a cross-site scripting (XSS) vulnerability reported across multiple sources (NVD, RH, CVE list, security advisories). Affected component is the web interface; exploitation could prevent legitimate users from access...
CVE-2025-41425 DuraComm DP-10iN-100-MU Cross-site Scripting
DuraComm SPM-500 DP-10iN-100-MU is vulnerable to a cross-site scripting attack. This could allow an attacker to prevent legitimate users from accessing the web interface...
CVE-2025-7881
A vulnerability was found in Mercusys MW301R 1.0.2 Build 190726 Rel.59423n. It has been declared as problematic. This vulnerability affects unknown code of the component Web Interface. The manipulation of the argument code leads to weak password recovery. The attack can be initiated remotely. The...
ELECOM WRC-BE36QS-B和ELECOM WRC-W701-B 操作系统命令注入漏洞
The ELECOM WRC-BE36QS-B and ELECOM WRC-W701-B are both wireless routers from ELECOM Japan. The ELECOM WRC-BE36QS-B and ELECOM WRC-W701-B suffer from an operating system command injection vulnerability that originates from OS command injection in the WebGUI, which could lead to the execution of...
DuraComm SPM-500 DP-10iN-100-MU 跨站脚本漏洞
The DuraComm SPM-500 DP-10iN-100-MU is a DC power distribution panel from DuraComm USA. A cross-site scripting vulnerability exists in the DuraComm SPM-500 DP-10iN-100-MU, which stems from susceptibility to cross-site scripting attacks that could prevent a legitimate user from accessing the web...