776 matches found
CVE-2019-25719
Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors running software versions VG4.1.1, VG4.0.3, and lower contain network message handling vulnerabilities that allow network-adjacent attackers to spoof or tamper with data and cause denial-of-service conditions. Attacke...
CVE-2026-20452
In wlan AP driver, there is a possible memory corruption due to a heap buffer overflow. This could lead to remote proximal/adjacent code execution with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00480138; Issue ID: MSV-6295...
EUVD-2026-29942
Stored cross-site scripting vulnerability exists in ELECOM wireless LAN access point devices. If one of the administrators input malicious data, an arbitrary script may be executed in another administrative user's web browser...
EUVD-2026-29939
ELECOM wireless LAN access point devices contain an OS command injection vulnerability in processing of pingipaddr parameter. If processing a crafted request sent by a logged-in user, an arbitrary OS command may be executed...
EUVD-2026-29940
ELECOM wireless LAN access point devices do not require authentication to access some specific URLs. The affected product may be operated without authentication...
EUVD-2026-29941
ELECOM wireless LAN access point devices contain an OS command injection in processing of username parameter. If processing a crafted request, an arbitrary OS command may be executed. No authentication is required...
EUVD-2026-29935
ELECOM wireless LAN access point devices use a hard-coded cryptographic key when creating backups of configuration files. An attacker who knows the encryption key can tamper the configuration file of the product, and a victim administrator may be tricked to use a crafted configuration file...
CVE-2026-40621
ELECOM wireless LAN access point devices do not require authentication to access some specific URLs. The affected product may be operated without authentication...
CVE-2026-35506
ELECOM wireless LAN access point devices contain an OS command injection vulnerability in processing of pingipaddr parameter. If processing a crafted request sent by a logged-in user, an arbitrary OS command may be executed...
CVE-2026-42961
ELECOM wireless LAN access point devices implement CSRF protection mechanism, but with inadequate handling of CSRF tokens. If a user views a malicious page while logged in, the user may be tricked to do unintended operations...
CVE-2026-42950
ELECOM wireless LAN access point devices do not check if language parameter has an appropriate value. If a user views a malicious page while logged in, the admin page on the user's web browser may become broken...
CVE-2026-42062
ELECOM wireless LAN access point devices are affected by an OS command injection in the processing of the username parameter. A crafted request can execute arbitrary OS commands with no authentication required. Affected versions are not explicitly listed in the provided documents; CVSS metrics in...
CVE-2026-25107
ELECOM wireless LAN access point devices use a hard-coded cryptographic key when creating backups of configuration files. An attacker who knows the encryption key can tamper the configuration file of the product, and a victim administrator may be tricked to use a crafted configuration file...
CVE-2026-25107
ELECOM wireless LAN access point devices use a hard-coded cryptographic key when creating backups of configuration files. An attacker who knows the encryption key can tamper the configuration file of the product, and a victim administrator may be tricked to use a crafted configuration file...
ELECOM多款产品 跨站脚本漏洞
ELECOM WAB-MAT, among others, are products of the ELECOM company. ELECOM WAB-MAT is a management tool for enterprise access points. ELECOM WAB represents a series of wireless access points. ELECOM WAB-S300 is a wireless access point. Several ELECOM products have cross-site scripting...
PT-2026-40596
ELECOM wireless LAN access point devices contain an OS command injection vulnerability in processing of ping ip addr parameter. If processing a crafted request sent by a logged-in user, an arbitrary OS command may be executed...
PT-2026-40597
ELECOM wireless LAN access point devices do not require authentication to access some specific URLs. The affected product may be operated without authentication...
CVE-2026-20086
A vulnerability in the processing of Control and Provisioning of Wireless Access Points CAPWAP packets of Cisco IOS XE Wireless Controller Software for the Catalyst CW9800 Family could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This...
Cisco IOS XE Wireless Controller Software for the Catalyst CW9800 Family CAPWAP Denial of Service Vulnerability
A vulnerability in the processing of Control and Provisioning of Wireless Access Points CAPWAP packets of Cisco IOS XE Wireless Controller Software for the Catalyst CW9800 Family could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This...
EUVD-2026-10002
Stack-based buffer overflow vulnerability exists in ELECOM wireless LAN access point devices. A crafted packet may lead to arbitrary code execution...