28 matches found
EUVD-2019-18539
Malware in sbrugna...
EUVD-2018-3874
Malware in sbrugna...
EUVD-2020-15810
Malware in sbrugna...
EUVD-2019-18538
Malware in sbrugna...
CVE-2020-23055
ANCOM WLAN Controller Wireless Series & Hotspot WLC-1000 & WLC-4006 was discovered to contain multiple cross-site scripting XSS vulnerabilities in the /authen/start/ module via the userid and password parameters...
CVE-2022-20769 Cisco Wireless LAN Controller AireOS Software FIPS Mode Denial of Service Vulnerability
A vulnerability in the authentication functionality of Cisco Wireless LAN Controller WLC AireOS Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient error validation. An attacker coul...
Authentication flaw
A vulnerability in the authentication functionality of Cisco Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker to bypass authentication controls and log in to the device through the management interface This vulnerability is due to the improper implementation of...
CVE-2020-23055
ANCOM WLAN Controller Wireless Series & Hotspot WLC-1000 & WLC-4006 was discovered to contain multiple cross-site scripting XSS vulnerabilities in the /authen/start/ module via the userid and password parameters...
Cross site scripting
ANCOM WLAN Controller Wireless Series & Hotspot WLC-1000 & WLC-4006 was discovered to contain multiple cross-site scripting XSS vulnerabilities in the /authen/start/ module via the userid and password parameters...
CVE-2020-23055
ANCOM WLAN Controller Wireless Series & Hotspot WLC-1000 & WLC-4006 was discovered to contain multiple cross-site scripting XSS vulnerabilities in the /authen/start/ module via the userid and password parameters...
CVE-2020-23055
CVE-2020-23055 affects ANCOM WLAN Controller models WLC-1000 and WLC-4006. The devices were found to contain multiple cross-site scripting (XSS) vulnerabilities in the /authen/start/ module, exploitable via the userid and password parameters. The issue is documented with CVSS metrics: CVSS v3.1 b...
LANCOM WLAN Controller Cross Site Scripting
Document Title: =============== LANCOM WLAN Controller - Multiple Cross Site Scripting Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2196 Vulnerability Magazine:...
DeepSync Sundray WLAN Controller Command Injection Vulnerability
Sundray WLAN Controller Sundray WAC is a set of wireless LAN controller software from China Sundray Network Technology Sundray. A security vulnerability exists in Sundray WAC 3.7.4.2 and previous versions of WAC. The vulnerability can be exploited by a remote attacker to read the...
Remote code execution
WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a Remote Code Execution issue allowing remote attackers to achieve full access to the system, because shell metacharacters in the nginxwebconsole.php Cookie header can be used to read an etc/config/wac/wnscfgadmindetail.xm...
CVE-2019-9161
WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a Remote Code Execution issue allowing remote attackers to achieve full access to the system, because shell metacharacters in the nginxwebconsole.php Cookie header can be used to read an etc/config/wac/wnscfgadmindetail.xm...
Design/Logic Flaw
WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a backdoor account allowing a remote attacker to login to the system via SSH on TCP port 22345 and escalate to root because the password for root is the WebUI admin password concatenated with a static string...
CVE-2019-9160
WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a backdoor account allowing a remote attacker to login to the system via SSH on TCP port 22345 and escalate to root because the password for root is the WebUI admin password concatenated with a static string...
CVE-2019-9161
WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a Remote Code Execution issue allowing remote attackers to achieve full access to the system, because shell metacharacters in the nginxwebconsole.php Cookie header can be used to read an etc/config/wac/wnscfgadmindetail.xm...
CVE-2019-9161
CVE-2019-9161 affects Sangfor Sundray WLAN Controller (WAC) versions 3.7.4.2 and earlier. The issue is a remote code execution vulnerability where shell metacharacters in the nginx_webconsole.php Cookie header allow an attacker to read /etc/config/wac/wns_cfg_admin_detail.xml, exposing the admin ...
CVE-2019-9160
The CVE-2019-9160 issue affects Sangfor Sundray/WAC, specifically version 3.7.4.2 and earlier. It enables a backdoor SSH login on TCP 22345, allowing remote access beyond the WebUI and enabling root escalation because the root password is the WebUI admin password concatenated with a static string...