191 matches found
CVE-2025-9119
The Netis WF2419 router (version 1.2.29433) contains a cross-site scripting vulnerability in the Wireless Settings Page (/index.htm). The vulnerability arises from unsafely handling the SSID parameter, allowing an attacker to inject payload such as to trigger XSS. The attack is remote and has a ...
Netis WF2419 代码注入漏洞
Netis WF2419 is a router from China Tiantan Netis. A code injection vulnerability exists in the Netis WF2419 version 1.2.29433, which originates from the Wireless Settings Page not filtering the SSID parameter, and can be exploited by a remote attacker to trigger a cross-site scripting attack...
PT-2025-33695 · Netis · Netis Wf2419
Name of the Vulnerable Software and Affected Versions: Netis WF2419 version 1.2.29433 Description: A cross-site scripting issue exists in the Wireless Settings Page component, specifically within the /index.htm file. Manipulation of the SSID argument with the input triggers the vulnerability...
CVE-2025-8834
A vulnerability has been found in JCG Link-net LW-N915R 17s.20.001.908. Affected is an unknown function of the file /wireless/basic.asp of the component Wireless Basic Settings Page. The manipulation of the argument Network Name leads to cross site scripting. It is possible to launch the attack...
CVE-2024-29419
There is a Cross-site scripting XSS vulnerability in the Wireless settings under the Easy Setup Page of TOTOLINK X2000R before v1.0.0-B20231213.1013...
CVE-2019-15393
The Asus ZenFone Live Android device with a build fingerprint of asus/WWPhone/ASUSX00LD3:7.1.1/NMF26F/14.0400.1806.203-20180720:user/release-keys contains a pre-installed app with a package name of com.asus.atd.smmitest app versionCode=1, versionName=1 that allows unauthorized wireless settings...
CVE-2019-15466
The Xiaomi Redmi 6 Pro Android device with a build fingerprint of xiaomi/sakuraindia/sakuraindia:8.1.0/OPM1.171019.019/V10.2.6.0.ODMMIXM:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app versionCode=1, versionName=QL1715201812191721 that allows...
CVE-2019-15394
The Asus ZenFone 5 Selfie Android device with a build fingerprint of asus/WWPhone/ASUSX017D1:7.1.1/NMF26F/14.0400.1810.061-20181107:user/release-keys contains a pre-installed app with a package name of com.asus.atd.smmitest app versionCode=1, versionName=1 that allows unauthorized wireless settin...
CVE-2019-19515
Ayision Ays-WR01 v28K.RPT.20161224 devices allow stored XSS in wireless settings...
CVE-2019-15426
The Xiaomi 5S Plus Android device with a build fingerprint of Xiaomi/natrium/natrium:6.0.1/MXB48T/7.1.5:user/release-keys contains a pre-installed app with a package name of com.miui.powerkeeper app versionCode=40000, versionName=4.0.00 that allows unauthorized wireless settings modification via ...
CVE-2019-15422
The Doogee Mix Android device with a build fingerprint of DOOGEE/MIX/MIX:7.0/NRD90M/1495809471:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app versionCode=1, versionName=1 that allows unauthorized wireless settings modification via a confused...
CVE-2019-15415
The Xiaomi Redmi 5 Android device with a build fingerprint of xiaomi/vince/vince:7.1.2/N2G47H/V9.5.4.0.NEGMIFA:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app versionCode=1, versionName=QL1711201803291645 that allows unauthorized wireless settings...
CVE-2019-15421
The Blackview BV7000Pro Android device with a build fingerprint of Blackview/BV7000Pro/BV7000Pro:7.0/NRD90M/1493011204:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app versionCode=1, versionName=1 that allows unauthorized wireless settings...
CVE-2019-15425
The Kata M4s Android device with a build fingerprint of alps/fullhct675066n/hct675066n:7.0/NRD90M/1495624556:user/test-keys contains a pre-installed app with a package name of com.mediatek.factorymode app versionCode=1, versionName=1 that allows unauthorized wireless settings modification via a...
CVE-2019-15424
The Doogee BL5000 Android device with a build fingerprint of DOOGEE/BL5000/BL5000:7.0/NRD90M/1497072355:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app versionCode=1, versionName=1 that allows unauthorized wireless settings modification via a...
CVE-2019-15427
The Xiaomi Mi Mix Android device with a build fingerprint of Xiaomi/lithium/lithium:6.0.1/MXB48T/7.1.5:user/release-keys contains a pre-installed app with a package name of com.miui.powerkeeper app versionCode=40000, versionName=4.0.00 that allows unauthorized wireless settings modification via a...
Bosch Rexroth ctrlX OS 安全漏洞
Bosch Rexroth ctrlX OS is a Linux-based real-time operating system from Bosch Rexroth, Germany, designed as an open control platform for industrial automation equipment. A security vulnerability exists in Bosch Rexroth ctrlX OS that originates from a specially crafted HTTP request in the web...
Tenda AC10 安全漏洞
The Tenda AC10 is a wireless router from the Chinese company Tenda. Tenda AC10 suffers from a buffer overflow vulnerability, which originates from the ssid parameter of formfastsettingwifiset contains a buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code...
PT-2025-3534 · D Link · D-Link 816
Name of the Vulnerable Software and Affected Versions: D-Link 816A2 FWv1.10CNB05 R1B011D88210 Description: An access control issue in the component form2WlanBasicSetup.cgi allows unauthenticated attackers to set the 2.4G and 5G wlan service of the device via a crafted POST request to the...
CVE-2023-37325 D-Link DAP-2622 DDP Set SSID List Missing Authentication Vulnerability
D-Link DAP-2622 DDP Set SSID List Missing Authentication Vulnerability. This vulnerability allows network-adjacent attackers to make unauthorized changes to device configuration on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The...