35 matches found
EUVD-2021-10341
Malware in sbrugna...
EUVD-2021-12693
Malware in sbrugna...
CVE-2021-25810
Cross site Scripting XSS vulnerability in MERCUSYS Mercury X18G 1.0.5 devices, via crafted values to the 'srcdportstart', 'srcdportend', and 'destport' parameters...
CVE-2021-25811
MERCUSYS Mercury X18G 1.0.5 devices allow Denial of service via a crafted value to the POST listenhttplan parameter. Upon subsequent device restarts after this vulnerability is exploted the device will not be able to access the webserver unless the listenhttplan parameter to uhttpd.json is manual...
CVE-2021-23241
MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ in conjunction with a loginLess or login.htm URI for authentication bypass to the web server, as demonstrated by the /loginLess/../../etc/passwd URI...
CVE-2021-23242
MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ to the UPnP server, as demonstrated by the /../../conf/template/uhttpd.json URI...
CVE-2021-25811
MERCUSYS Mercury X18G 1.0.5 devices allow Denial of service via a crafted value to the POST listenhttplan parameter. Upon subsequent device restarts after this vulnerability is exploted the device will not be able to access the webserver unless the listenhttplan parameter to uhttpd.json is manual...
CVE-2021-25810
Cross site Scripting XSS vulnerability in MERCUSYS Mercury X18G 1.0.5 devices, via crafted values to the 'srcdportstart', 'srcdportend', and 'destport' parameters...
CVE-2021-25810
Cross site Scripting XSS vulnerability in MERCUSYS Mercury X18G 1.0.5 devices, via crafted values to the 'srcdportstart', 'srcdportend', and 'destport' parameters...
CVE-2021-25811
MERCUSYS Mercury X18G 1.0.5 devices allow Denial of service via a crafted value to the POST listenhttplan parameter. Upon subsequent device restarts after this vulnerability is exploted the device will not be able to access the webserver unless the listenhttplan parameter to uhttpd.json is manual...
Cross site scripting
Cross site Scripting XSS vulnerability in MERCUSYS Mercury X18G 1.0.5 devices, via crafted values to the 'srcdportstart', 'srcdportend', and 'destport' parameters...
Code injection
MERCUSYS Mercury X18G 1.0.5 devices allow Denial of service via a crafted value to the POST listenhttplan parameter. Upon subsequent device restarts after this vulnerability is exploted the device will not be able to access the webserver unless the listenhttplan parameter to uhttpd.json is manual...
CVE-2021-25811
CVE-2021-25811 affects MERCUSYS Mercury X18G 1.0.5. A DoS can be triggered by a crafted value sent via POST to listen_http_lan, and after reboot the webserver may be inaccessible until the listen_http_lan value in uhttpd.json is corrected. No exploitation details are provided in the available doc...
CVE-2021-25811
MERCUSYS Mercury X18G 1.0.5 devices allow Denial of service via a crafted value to the POST listenhttplan parameter. Upon subsequent device restarts after this vulnerability is exploted the device will not be able to access the webserver unless the listenhttplan parameter to uhttpd.json is manual...
CVE-2021-25810
Cross site Scripting XSS vulnerability in MERCUSYS Mercury X18G 1.0.5 devices, via crafted values to the 'srcdportstart', 'srcdportend', and 'destport' parameters...
CVE-2021-25810
CVE-2021-25810 is a documented Cross-site Scripting (XSS) vulnerability affecting the MERCUSYS Mercury X18G 1.0.5 router. The issue arises when processing crafted input values to the src_dport_start , src_dport_end , and dest_port parameters. The connected documents confirm the vulnerability exis...
Mercusys Mercury X18G 跨站脚本漏洞
The Mercusys Mercury X18G is a router from the Chinese company Mercusys. A cross-site scripting vulnerability exists in MERCUSYS Mercury X18G 1.0.5 devices, which originates via manual values for the src dport start, src dport end, and dest port parameters...
MERCUSYS Mercury X18G 安全漏洞
The Mercusys Mercury X18G is a router from the Chinese company Mercusys. A security vulnerability exists in MERCUSYS Mercury X18G 1.0.5 that allows denial of service via a crafted value to POST to listen for http LAN parameters...
Mercusys Mercury X18G Path Traversal Vulnerability (CNVD-2021-02626)
The Mercusys Mercury X18G is a router from the Chinese company Mercusys. A security vulnerability exists in the Mercusys Mercury X18G that allows remote attackers to exploit the vulnerability by submitting a special /loginLess/ request that can read sensitive information...
Denial of Service Vulnerability in Mercuery X18G Routers
The business scope of Shenzhen Meike Star Communication Technology Co., Ltd. includes the technical development of computer wireless LAN products, computer hardware and software, communication equipment, electronic products and network security equipment. A denial of service vulnerability exists ...