50 matches found
CVE-2018-25151
Ecessa WANWorx WVR-30 versions before 10.7.4 contain a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can craft a malicious web page with a hidden form to create a new superuser account by tricking an...
CVE-2018-25151 Ecessa WANWorx WVR-30 < 10.7.4 Cross-Site Request Forgery via User Configuration
Ecessa WANWorx WVR-30 versions before 10.7.4 contain a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can craft a malicious web page with a hidden form to create a new superuser account by tricking an...
CVE-2018-25151 Ecessa WANWorx WVR-30 < 10.7.4 Cross-Site Request Forgery via User Configuration
Ecessa WANWorx WVR-30 versions before 10.7.4 contain a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can craft a malicious web page with a hidden form to create a new superuser account by tricking an...
Ecessa WANWorx WVR-30 跨站请求伪造漏洞
The Ecessa WANWorx WVR-30 is a software-defined WAN appliance from Ecessa Corporation, USA. A cross-site request forgery vulnerability exists in the Ecessa WANWorx WVR-30 versions prior to 10.7.4, which stems from susceptibility to a cross-site request forgery attack that could lead to the...
Ecessa WANWorx WVR-30 10.7.4 Add Superuser Cross Site Request Forgery
form action="https://127.0.0.1/cgi-bin/plweb.cgi/utilconfiglogi...
CVE-2017-15635
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the maxconn variable in the sessionlimits.lua file...
CVE-2017-15629
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-tunnelname variable in the pptpclient.lua file...
CVE-2017-15622
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-mppeencryption variable in the pptpclient.lua file...
CVE-2017-15613
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-interface variable in the cmxddns.lua file...
CVE-2017-15614
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-outif variable in the pptpclient.lua file...
Command injection
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-olmode variable in the pptpclient.lua file...
Command injection
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-interface variable in the phddns.lua file...
CVE-2017-15617
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the iface variable in the interfacewan.lua file...
CVE-2017-15625
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-olmode variable in the pptpclient.lua file...
Command injection
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the name variable in the wportal.lua file...
Command injection
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the lcpechointerval variable in the pptpserver.lua file...
CVE-2017-15625
CVE-2017-15625 affects TP-Link WVR, WAR and ER devices. The issue is a command injection in the pptp_client.lua file via the new-olmode variable, exploitable by remote authenticated administrators to execute arbitrary commands. The description indicates a high-severity impact with potential confi...
CVE-2017-15623
Technical details for CVE-2017-15623 are not publicly available in the provided documents. The initial description indicates a command-injection in TP-Link devices, but no verifiable specifics, affected products, or fixes are supplied here. Monitor for updates.
CVE-2017-15629
Technical details for CVE-2017-15629 are not publicly available in the provided documents. Monitor for updates; the connected EUVD entries reference malware but do not supply CVE specifics.
CVE-2017-15633
Technical details for CVE-2017-15633 are not provided in the connected documents. The available sources describe the vulnerability at a high level; monitor for updates regarding affected products, impact, or mitigations.