50 matches found
CVE-2018-25151
Ecessa WANWorx WVR-30 versions before 10.7.4 contain a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can craft a malicious web page with a hidden form to create a new superuser account by tricking an...
CVE-2018-25151 Ecessa WANWorx WVR-30 < 10.7.4 Cross-Site Request Forgery via User Configuration
Ecessa WANWorx WVR-30 versions before 10.7.4 contain a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can craft a malicious web page with a hidden form to create a new superuser account by tricking an...
CVE-2018-25151 Ecessa WANWorx WVR-30 < 10.7.4 Cross-Site Request Forgery via User Configuration
Ecessa WANWorx WVR-30 versions before 10.7.4 contain a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can craft a malicious web page with a hidden form to create a new superuser account by tricking an...
Ecessa WANWorx WVR-30 跨站请求伪造漏洞
The Ecessa WANWorx WVR-30 is a software-defined WAN appliance from Ecessa Corporation, USA. A cross-site request forgery vulnerability exists in the Ecessa WANWorx WVR-30 versions prior to 10.7.4, which stems from susceptibility to a cross-site request forgery attack that could lead to the...
Ecessa WANWorx WVR-30 10.7.4 Add Superuser Cross Site Request Forgery
form action="https://127.0.0.1/cgi-bin/plweb.cgi/utilconfiglogi...
CVE-2017-15629
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-tunnelname variable in the pptpclient.lua file...
CVE-2017-15635
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the maxconn variable in the sessionlimits.lua file...
Command injection
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the lcpechointerval variable in the pptpserver.lua file...
Command injection
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-interface variable in the phddns.lua file...
CVE-2017-15614
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-outif variable in the pptpclient.lua file...
Command injection
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the name variable in the wportal.lua file...
Command injection
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-olmode variable in the pptpclient.lua file...
CVE-2017-15622
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-mppeencryption variable in the pptpclient.lua file...
CVE-2017-15613
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-interface variable in the cmxddns.lua file...
CVE-2017-15625
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-olmode variable in the pptpclient.lua file...
CVE-2017-15617
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the iface variable in the interfacewan.lua file...
CVE-2017-15622
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-mppeencryption variable in the pptpclient.lua file...
CVE-2017-15613
Technical details for CVE-2017-15613 are not publicly available in the provided documents; monitor for updates.
CVE-2017-15635
Technical details for CVE-2017-15635 are not publicly provided in the supplied connected documents. Monitor for updates from official advisories; no affected product versions, exploitation status, or remediation are specified here.
CVE-2017-15620
CVE-2017-15620 concerns TP-Link WVR, WAR and ER devices. The issue is a command-injection vulnerability in the ipmac_import.lua file’s new-zone variable that can be exploited by remote authenticated administrators to execute arbitrary commands. This implies attackers with valid credentials and ac...