EUVD-2023-44204

Malicious code in bioql PyPI...

Tenda RX3 Buffer Overflow Vulnerability

Tenda RX3 is a dual-band WiFi 6 home wireless router from Tenda China. It is used for home network coverage and supports high-speed wireless connection. A buffer overflow vulnerability exists in Tenda RX3 version 16.03.13.11multiTDE01, which originates from the parameter list in the file...

CVE-2024-28729

An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M1.34ME allows a local attacker to execute arbitrary code via a crafted request...

Tenda RX2 Pro Information Disclosure Vulnerability

Tenda RX2 Pro is a high performance WiFi 6 signal amplifier from Tenda China. The Tenda RX2 Pro suffers from an information disclosure vulnerability that can be exploited by an attacker to collect credentials for authentication...

Tenda RX2 Pro Access Control Error Vulnerability

Tenda RX2 Pro is a high performance WiFi 6 signal amplifier from Tenda China. The Tenda RX2 Pro suffers from an access control error vulnerability that can be exploited by an attacker to enable ate management binary...

Tenda RX2 Pro ate Management Service Input Validation Error Vulnerability

Tenda RX2 Pro is a high performance WiFi 6 signal amplifier from Tenda China. The Tenda RX2 Pro suffers from an input validation error vulnerability that stems from a lack of input validation in the ate management service, no details of the vulnerability are provided at this time...

Tenda RX2 Pro Access Control Error Vulnerability

Tenda RX2 Pro is a high performance WiFi 6 signal amplifier from Tenda China. An Access Control Error vulnerability exists in Tenda RX2 Pro version 16.03.30.14, which stems from a lack of access control in the ate management binary, and can be exploited by an attacker to cause unauthorized...

Tenda RX2 Pro Information Disclosure Vulnerability

Tenda RX2 Pro is a high performance WiFi 6 signal amplifier from Tenda China. An information disclosure vulnerability exists in Tenda RX2 Pro version 16.03.30.14, which can be exploited by an attacker to potentially cause decryption of encrypted messages...

Tenda RX3 SetPptpServerCfg Buffer Overflow Vulnerability

Tenda RX3 is a dual-band WiFi 6 home wireless router from Tenda China. It is used for home network coverage and supports high-speed wireless connection. The Tenda RX3 suffers from a SetPptpServerCfg buffer overflow vulnerability, which originates from the startIp and endIp parameters in...

CVE-2024-53937

An issue was discovered on Victure RX1800 WiFi 6 Router software ENV1.0.0r12110933, hardware 1.0 devices. The TELNET service is enabled by default with admin/admin as default credentials and is exposed over the LAN. The allows attackers to execute arbitrary commands with root-level permissions...

CVE-2024-53939

An issue was discovered in Victure RX1800 WiFi 6 Router software ENV1.0.0r12110933, hardware 1.0 devices. The /cgi-bin/luci/admin/opsw/Dualfrequnapple endpoint is vulnerable to command injection through the 2.4 GHz and 5 GHz name parameters, allowing an attacker to execute arbitrary commands on t...

CVE-2024-53940

An issue was discovered in Victure RX1800 WiFi 6 Router software ENV1.0.0r12110933, hardware 1.0 devices. Certain /cgi-bin/luci/admin endpoints are vulnerable to command injection. Attackers can exploit this by sending crafted payloads through parameters intended for the ping utility, enabling...

CVE-2024-53938

An issue was discovered in Victure RX1800 WiFi 6 Router software ENV1.0.0r12110933, hardware 1.0 devices. The TELNET service is enabled by default and exposed over the LAN. The root account is accessible without a password, allowing attackers to achieve full control over the router remotely witho...

CVE-2024-53941

An issue was discovered in Victure RX1800 WiFi 6 Router software ENV1.0.0r12110933, hardware 1.0 devices. A remote attacker in proximity to a Wi-Fi network can derive the default Wi-Fi PSK value via the last 4 octets of the BSSID...

CVE-2024-53940

An issue was discovered in Victure RX1800 WiFi 6 Router software ENV1.0.0r12110933, hardware 1.0 devices. Certain /cgi-bin/luci/admin endpoints are vulnerable to command injection. Attackers can exploit this by sending crafted payloads through parameters intended for the ping utility, enabling...

CVE-2024-53939

An issue was discovered in Victure RX1800 WiFi 6 Router software ENV1.0.0r12110933, hardware 1.0 devices. The /cgi-bin/luci/admin/opsw/Dualfrequnapple endpoint is vulnerable to command injection through the 2.4 GHz and 5 GHz name parameters, allowing an attacker to execute arbitrary commands on t...

CVE-2024-53941

CVE-2024-53941 affects the Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0). The issue allows a nearby attacker to derive the default Wi‑Fi PSK value from the last 4 octets of the BSSID, enabling potential unauthenticated access to protected wireless networks. Impact is ...

CVE-2024-53938

CVE-2024-53938 affects Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0). The TELNET service is enabled by default and exposed on the LAN; the root account is accessible without a password, allowing attackers to gain full control remotely without authentication. This is d...

CVE-2024-53937

An issue was discovered on Victure RX1800 WiFi 6 Router software ENV1.0.0r12110933, hardware 1.0 devices. The TELNET service is enabled by default with admin/admin as default credentials and is exposed over the LAN. The allows attackers to execute arbitrary commands with root-level permissions...

CVE-2024-53941

An issue was discovered in Victure RX1800 WiFi 6 Router software ENV1.0.0r12110933, hardware 1.0 devices. A remote attacker in proximity to a Wi-Fi network can derive the default Wi-Fi PSK value via the last 4 octets of the BSSID...