CVE-2021-34861

This CVE affects D-Link DAP-2020 routers, specifically version 1.01rc001, where the webproc endpoint handling on TCP port 80 does improper length validation of user data, causing a stack-based overflow that can allow root-level code execution by network-adjacent attackers with no authentication. ...

D-Link DAP-2020 Stack Buffer Overflow Vulnerability (CNVD-2021-67522)

The D-Link DAP-2020 is a wireless N access point. A stack buffer overflow vulnerability exists in the D-Link DAP-2020, which is caused by a failure to properly boundary check in the webproc endpoint. An attacker could exploit the vulnerability to cause a buffer overflow and execute arbitrary code...

D-Link DAP-2020 Stack Buffer Overflow Vulnerability (CNVD-2021-67523)

The D-Link DAP-2020 is a wireless N access point. The D-Link DAP-2020 is vulnerable to a stack buffer overflow vulnerability caused by incorrect boundary checking of the var:menu parameter in the webproc endpoint, which could be exploited by an attacker to cause a buffer overflow and execute...

D-Link DAP-2020 Stack Buffer Overflow Vulnerability

The D-Link DAP-2020 is a wireless N access point. A stack buffer overflow vulnerability exists in the D-Link DAP-2020, which is caused by incorrect boundary checking of the var:page parameter in the webproc endpoint. An attacker could exploit the vulnerability to cause a buffer overflow and execu...

D-Link DAP-2020 安全漏洞

The D-Link DAP-2020 is a wireless N access point. A stack buffer overflow vulnerability exists in the D-Link DAP-2020, which is caused by a failure to properly boundary check in the webproc endpoint. An attacker could exploit the vulnerability to cause a buffer overflow and execute arbitrary code...

D-Link DAP-2020 安全漏洞

The D-Link DAP-2020 is a wireless N access point. The D-Link DAP-2020 is vulnerable to a stack buffer overflow vulnerability caused by incorrect boundary checking of the var:menu parameter in the webproc endpoint, which could be exploited by an attacker to cause a buffer overflow and execute...

D-Link DAP-2020 安全漏洞

The D-Link DAP-2020 is a wireless N access point. A stack buffer overflow vulnerability exists in the D-Link DAP-2020, which is caused by incorrect boundary checking of the var:page parameter in the webproc endpoint. An attacker could exploit the vulnerability to cause a buffer overflow and execu...

PT-2021-20708 · D Link · D-Link Dap-2020

Name of the Vulnerable Software and Affected Versions: D-Link DAP-2020 version 1.01rc001 Description: This issue allows network-adjacent attackers to disclose sensitive information on affected installations. Authentication is not required to exploit this issue. The specific flaw exists within the...

PT-2020-6512 · D Link · D-Link Dap-2020

Name of the Vulnerable Software and Affected Versions: D-Link DAP-2020 version 1.01rc001 Description: The issue is related to a stack-based buffer overflow when handling the var:menu parameter provided to the "webproc" endpoint. This occurs due to the lack of proper validation of the length of...

PT-2020-6504 · D Link · D-Link Dap-2020

Name of the Vulnerable Software and Affected Versions: D-Link DAP-2020 version 1.01rc001 Description: The issue is related to a stack-based buffer overflow when handling the var:page parameter provided to the "webproc" endpoint. This occurs due to the lack of proper validation of the length of...

PT-2020-6515 · D Link · D-Link Dap-2020

Name of the Vulnerable Software and Affected Versions: D-Link DAP-2020 version 1.01rc001 Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 routers. Authentication is not required to exploit this issue. The specific fla...

CVE-2016-11015

NETGEAR JNR1010 devices before 1.0.0.32 allow cgi-bin/webproc CSRF via the :InternetGatewayDevice.XTWSZ-COMURLFilter.BlackList.1.URL parameter...

CVE-2016-11016

NETGEAR JNR1010 devices before 1.0.0.32 allow webproc?getpage= XSS...

Cross site scripting

NETGEAR JNR1010 devices before 1.0.0.32 allow webproc?getpage= XSS...

Cross site request forgery (csrf)

NETGEAR JNR1010 devices before 1.0.0.32 allow cgi-bin/webproc CSRF via the :InternetGatewayDevice.XTWSZ-COMURLFilter.BlackList.1.URL parameter...

CVE-2016-11016

NETGEAR JNR1010 devices before 1.0.0.32 allow webproc?getpage= XSS...

PLC Wireless Router GPN2.4P21-C-CN Cross Site Request Forgery

Exploit Title: PLC Wireless Router GPN2.4P21-C-CN -Cross-Site Request Forgery CSRF Date: 14/01/2019 Exploit Author: Kumar Saurav Reference: https://0dayfindings.home.blog/2019/01/15/plc-wireless-router-gpn2-4p21-c-cn-cross-site-request-forgery-csrf/ Vendor: ChinaMobile Category: Hardware Version:...

PLC Wireless Router GPN2.4P21-C-CN Cross Site Request Forgery

Exploit Title: PLC Wireless Router GPN2.4P21-C-CN -Cross-Site Request Forgery CSRF Date: 15/01/2019 Exploit Author: Kumar Saurav Vendor: ChinaMobile Category: Hardware Version: GPN2.4P21-C-CN Firmware: W2001EN-00 Tested on: Windows CVE : CVE-2019-6282 Description: ChinaMobile PLC Wireless Router...

CVE-2018-20326

ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have XSS via the cgi-bin/webproc?getpage=html/index.html var:subpage parameter...

CVE-2018-20326

CVE-2018-20326 affects ChinaMobile PLC Wireless Router GPN2.4P21-C-CN running firmware W2001EN-00. The vulnerability is a Cross‑Site Scripting (XSS) issue exploitable via the CGI path cgi-bin/webproc?getpage=html/index.html with the var:subpage parameter (reflected/XSS). Public analyses and explo...