59 matches found
EUVD-2024-28150
Malicious code in bioql PyPI...
EUVD-2024-28151
Malicious code in bioql PyPI...
EUVD-2023-41454
Malicious code in bioql PyPI...
JVN#39435597: Multiple vulnerabilities in ELECOM wireless LAN routers
Multiple wireless LAN routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Unrestricted upload of file with dangerous type CWE-434 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Base Score 5.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Base Score 4...
CVE-2024-21798
ELECOM wireless LAN routers contain a cross-site scripting vulnerability. Assume that a malicious administrative user configures the affected product with specially crafted content. When another administrative user logs in and operates the product, an arbitrary script may be executed on the web...
CVE-2023-37561
Open redirect vulnerability in ELECOM wireless LAN routers and ELECOM wireless LAN repeaters allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL. Affected products and versions are as follows: WRH-300WH-H v2.12...
CVE-2023-39455
OS command injection vulnerability in ELECOM wireless LAN routers allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WRC-600GHBK-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all...
CVE-2024-30219
Active debug code vulnerability exists in PLANEX COMMUNICATIONS wireless LAN routers. If a logged-in user who knows how to use the debug function accesses the device's management page, an unintended operation may be performed. Note that MZK-MF300N is no longer supported, therefore the update for...
CVE-2024-30220
Command injection vulnerability in PLANEX COMMUNICATIONS wireless LAN routers allows a network-adjacent unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port. Note that MZK-MF300N is no longer supported, therefore the update for this...
JVN#12824024: BUFFALO wireless LAN routers and wireless LAN repeaters vulnerable to OS command injection
Wireless LAN routers and wireless LAN repeaters provided by BUFFALO INC. contain an OS command injection vulnerability CWE-78. Impact If a user logs in to the management page and sends a specially crafted request to the affected product from the product's specific management page, an arbitrary OS...
CVE-2024-34021
Unrestricted upload of file with dangerous type vulnerability exists in ELECOM wireless LAN routers. A specially crafted file may be uploaded to the affected product by a logged-in user with an administrative privilege, resulting in an arbitrary OS command execution...
CVE-2024-40883
CVE-2024-40883 is a Cross-site request forgery vulnerability in ELECOM wireless LAN routers. The issue occurs when an administrator views a malicious page while logged into affected devices, which may cause unintended actions such as changing login credentials. Connected documents identify affect...
CVE-2024-40883
Cross-site request forgery vulnerability exists in ELECOM wireless LAN routers. Viewing a malicious page while logging in to the affected product with an administrative privilege, the user may be directed to perform unintended operations such as changing the login ID, login password, etc...
CVE-2024-39607
OS command injection vulnerability exists in ELECOM wireless LAN routers. A specially crafted request may be sent to the affected product by a logged-in user with an administrative privilege to execute an arbitrary OS command...
JVN#06672778: Multiple vulnerabilities in ELECOM wireless LAN routers
Multiple wireless LAN routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Unrestricted Upload of File with Dangerous Type CWE-434 CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 6.8 CVE-2024-34021 OS Command Injection CWE-78...
CVE-2024-26023
OS command injection vulnerability in BUFFALO wireless LAN routers allows a logged-in user to execute arbitrary OS commands...
CVE-2024-23486
Plaintext storage of a password issue exists in BUFFALO wireless LAN routers, which may allow a network-adjacent unauthenticated attacker with access to the product's login page may obtain configured credentials...
CVE-2024-26023
CVE-2024-26023 affects BUFFALO wireless LAN routers. Affected component: BUFFALO WLR/WSR/WCR series firmware; vulnerability allows a logged-in user to execute arbitrary OS commands (OS command injection). Root cause and impact are described as command execution with local access; CVSS v3.1 base s...
CVE-2024-23486
Plaintext storage of a password issue exists in BUFFALO wireless LAN routers, which may allow a network-adjacent unauthenticated attacker with access to the product's login page may obtain configured credentials...
PT-2024-21282 · Buffalo · Buffalo Wireless Lan Routers
Name of the Vulnerable Software and Affected Versions: BUFFALO wireless LAN routers affected versions not specified Description: The issue allows a logged-in user to execute arbitrary OS commands, which is an OS command injection vulnerability in BUFFALO wireless LAN routers. Recommendations: At...