Lucene search
K

2224 matches found

Talos
Talos
added 2022/01/18 12:0 a.m.35 views

Advantech DeviceOn/iService 1.1.7 Server installation privilege escalation vulnerability

Summary A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iService 1.1.7. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. Tested Versio...

8.8CVSS9.1AI score0.00365EPSS
Exploits1
Talos
Talos
added 2022/01/18 12:0 a.m.41 views

Advantech SQ Manager Server 1.0.6 privilege escalation vulnerability

Summary A privilege escalation vulnerability exists in Advantech SQ Manager Server 1.0.6. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions Advantech SQ...

8.8CVSS9.1AI score0.00365EPSS
Exploits1
Talos
Talos
added 2022/01/11 12:0 a.m.66 views

Adobe Acrobat Reader Javascript event.richValue use-after-free vulnerability

Summary A use-after-free vulnerability exists in the way certain events are handled in Adobe Acrobat Reader 21.007.20091. A specially-crafted javascript code can exploit a use-after-free vulnerability which can lead to arbitrary code execution. User would need to open a malicious file to trigger...

9.3CVSS7.9AI score0.11613EPSS
Exploits0
Talos
Talos
added 2022/01/11 12:0 a.m.37 views

Adobe Acrobat Reader DC annotation gestures integer overflow vulnerability

Summary An integer overflow vulnerability exists in the way Adobe Acrobat Reader DC 2021.007.20099 supports annotation interactions through JavaScript. A specially-crafted PDF document can trigger this vulnerability, which can lead to arbitrary code execution. A victim needs to open the malicious...

9.3CVSS7.9AI score0.09979EPSS
Exploits0
Talos
Talos
added 2022/01/10 12:0 a.m.64 views

AnyCubic Chitubox AnyCubic Plugin readDatHeadVec heap-based buffer overflow vulnerability

Summary A heap-based buffer overflow vulnerability exists in the readDatHeadVec functionality of AnyCubic Chitubox AnyCubic Plugin 1.0.0. A specially-crafted GF file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions AnyCubi...

7.8CVSS7.7AI score0.00766EPSS
Exploits1
Talos
Talos
added 2022/01/10 12:0 a.m.61 views

Google Chrome WebRTC RTPSenderVideoFrameTransformerDelegate memory corruption vulnerability

Summary A memory corruption vulnerability exists in the WebRTC functionality of Google Chrome 92.0.4515.159 Stable and 95.0.4623.0 Canary. A specially-crafted web page can trigger this vulnerability, which can cause a heap buffer overflow and result in remote code execution. Victim would need to...

8.8CVSS8.5AI score0.01711EPSS
Exploits1
Talos
Talos
added 2021/12/20 12:0 a.m.38 views

Garrett Metal Detectors iC Module CMA CLI getenv command directory traversal vulnerability

Summary A directory traversal vulnerability exists in the CMA CLI getenv command functionality of Garrett Metal Detectors’ iC Module CMA Version 5.0. A specially-crafted command line argument can lead to local file inclusion. An attacker can provide malicious input to trigger this vulnerability...

4.9CVSS6.7AI score0.01423EPSS
Exploits1
Talos
Talos
added 2021/12/20 12:0 a.m.41 views

Garrett Metal Detectors iC Module CMA check_udp_crc strcpy stack-based buffer overflow vulnerability

Summary A stack-based buffer overflow vulnerability exists in the CMA checkudpcrc function of Garrett Metal Detectors’ iC Module CMA Version 5.0. A specially-crafted packet can lead to a stack-based buffer overflow during a call to strcpy. An attacker can send a malicious packet to trigger this...

10CVSS9.6AI score0.0173EPSS
Exploits1
Talos
Talos
added 2021/12/20 12:0 a.m.60 views

Garrett Metal Detectors iC Module CMA CLI readfile stack-based buffer overflow vulnerabilities

Summary Two stack-based buffer overflow vulnerabilities exist in how the CMA readfile function of Garrett Metal Detectors iC Module CMA Version 5.0 is used at various locations. Convincing the system to call readfile on a specially-crafted file can lead to stack-based buffer overflows. An attacke...

8.5CVSS8.2AI score0.00953EPSS
Exploits1
Talos
Talos
added 2021/12/20 12:0 a.m.45 views

Blackmagic Design DaVinci Resolve R3D DPDecoder Service frame decoding heap-based buffer overflow vulnerability

Summary When parsing a file that is submitted to the DPDecoder service as a job, the service will use the combination of decoding parameters that were submitted with the job along with fields that were parsed for the submitted video by the R3D SDK to calculate the size of a heap buffer. Due to an...

9.8CVSS9.6AI score0.15684EPSS
Exploits1
Talos
Talos
added 2021/12/20 12:0 a.m.38 views

Garrett Metal Detectors iC Module CMA CLI del[env] command directory traversal vulnerabilities

Summary Directory traversal vulnerabilities exist in the CMA CLI del and delenv commands of Garrett Metal Detectors’ iC Module CMA Version 5.0. Specially-crafted command line arguments can lead to arbitrary file deletion. An attacker can provide malicious inputs to trigger these vulnerabilities...

8.1CVSS7.5AI score0.01441EPSS
Exploits2
Talos
Talos
added 2021/12/20 12:0 a.m.50 views

Blackmagic Design DaVinci Resolve R3D DPDecoder Service frame parsing uninitialized uuid object vulnerability

Summary When parsing a file that is submitted to the DPDecoder service as a job, the R3D SDK will mistakenly skip over the assignment of a property containing an object referring to a UUID that was parsed from a frame within the video container. Upon destruction of the object that owns it, the...

9.8CVSS9.6AI score0.17945EPSS
Exploits1
Talos
Talos
added 2021/12/20 12:0 a.m.31 views

Garrett Metal Detectors iC Module CMA check_udp_crc memcpy stack-based buffer overflow vulnerability

Summary A stack-based buffer overflow vulnerability exists in the CMA checkudpcrc function of Garrett Metal Detectors’ iC Module CMA Version 5.0. A specially-crafted packet can lead to a stack-based buffer overflow during a call to memcpy. An attacker can send a malicious packet to trigger this...

9.8CVSS8.9AI score0.01556EPSS
Exploits1
Talos
Talos
added 2021/12/20 12:0 a.m.37 views

Garrett Metal Detectors iC Module CMA run_server_6877 authentication bypass vulnerability

Summary An authentication bypass vulnerability exists in the CMA runserver6877 functionality of Garrett Metal Detectors iC Module CMA Version 5.0. A properly-timed network connection can lead to authentication bypass via session hijacking. An attacker can send a sequence of requests to trigger th...

9.3CVSS8.1AI score0.01723EPSS
Exploits1
Talos
Talos
added 2021/12/20 12:0 a.m.42 views

Garrett Metal Detectors iC Module CMA CLI setenv command directory traversal vulnerability

Summary A directory traversal vulnerability exists in the CMA CLI setenv command of Garrett Metal Detectors’ iC Module CMA Version 5.0. A specially-crafted command line argument can lead to arbitrary file overwrite. An attacker can provide malicious input to trigger this vulnerability. Tested...

9.1CVSS7.7AI score0.02817EPSS
Exploits1
Talos
Talos
added 2021/12/06 12:0 a.m.28 views

Gerbv RS-274X aperture macro outline primitive integer overflow vulnerability

Summary An integer overflow vulnerability exists in the RS-274X aperture macro outline primitive functionality of Gerbv 2.7.0 and dev commit b5f1eacd and the forked version of Gerbv commit 71493260. A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious fi...

10CVSS9.5AI score0.02916EPSS
Exploits1
Talos
Talos
added 2021/12/06 12:0 a.m.35 views

Gerbv RS-274X format aperture macro variables out-of-bounds write vulnerability

Summary An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev commit b5f1eacd and the forked version of Gerbv commit 71493260. A specially-crafted gerber file can lead to code execution. An attacker can provide a maliciou...

10CVSS9.6AI score0.03064EPSS
Exploits1
Talos
Talos
added 2021/12/06 12:0 a.m.50 views

Dream Report ODS Remote Connector privilege escalation vulnerability

Summary A privilege escalation vulnerability exists in the Remote Server functionality of Dream Report ODS Remote Connector 20.2.16900.0. A specially-crafted command injection can lead to elevated capabilities. An attacker can provide a malicious file to trigger this vulnerability. Tested Version...

8.8CVSS8AI score0.01244EPSS
Exploits1
Talos
Talos
added 2021/11/30 12:0 a.m.58 views

Google Chrome Blink setBaseAndExtent use after free vulnerability

Summary A use-after-free vulnerability exists in the Selection API of Blink rendering engine in Google Chrome 92.0.4515.131 Stable and 94.0.4597.1 Canary. A specially-crafted web page can trigger reuse of previously freed memory which can lead to arbitrary code execution. Victim would need to vis...

8.8CVSS9.2AI score0.10127EPSS
Exploits1
Talos
Talos
added 2021/11/29 12:0 a.m.43 views

Anker Eufy Homebase 2 home_security CMD_DEVICE_GET_RSA_KEY_REQUEST authentication bypass vulnerability

Talos Vulnerability Report TALOS-2021-1379 Anker Eufy Homebase 2 homesecurity CMDDEVICEGETRSAKEYREQUEST authentication bypass vulnerability November 29, 2021 CVE Number CVE-2021-21952 SUMMARY An authentication bypass vulnerability exists in the CMDDEVICEGETRSAKEYREQUEST functionality of the...

9.8CVSS9.6AI score0.01271EPSS
Exploits1
Talos
Talos
added 2021/11/29 12:0 a.m.56 views

Anker Eufy Homebase 2 home_security process_msg() authentication bypass vulnerability

Talos Vulnerability Report TALOS-2021-1380 Anker Eufy Homebase 2 homesecurity processmsg authentication bypass vulnerability November 29, 2021 CVE Number CVE-2021-21953 SUMMARY An authentication bypass vulnerability exists in the processmsg function of the homesecurity binary of Anker Eufy Homeba...

8.1CVSS8.1AI score0.00978EPSS
Exploits1
Talos
Talos
added 2021/11/29 12:0 a.m.40 views

Anker Eufy Homebase 2 home_security get_aes_key_info_by_packetid() authentication bypass vulnerability

Talos Vulnerability Report TALOS-2021-1382 Anker Eufy Homebase 2 homesecurity getaeskeyinfobypacketid authentication bypass vulnerability November 29, 2021 CVE Number CVE-2021-21955 SUMMARY An authentication bypass vulnerability exists in the getaeskeyinfobypacketid function of the homesecurity...

7.7CVSS7.9AI score0.00978EPSS
Exploits1
Talos
Talos
added 2021/11/29 12:0 a.m.42 views

Anker Eufy Homebase 2 home_security wifi_country_code_update command execution vulnerability

Talos Vulnerability Report TALOS-2021-1381 Anker Eufy Homebase 2 homesecurity wificountrycodeupdate command execution vulnerability November 29, 2021 CVE Number CVE-2021-21954 SUMMARY A command execution vulnerability exists in the wificountrycodeupdate functionality of the homesecurity binary of...

9.9CVSS10AI score0.02433EPSS
Exploits1
Talos
Talos
added 2021/11/29 12:0 a.m.47 views

Anker Eufy Homebase 2 home_security CMD_DEVICE_GET_SERVER_LIST_REQUEST out-of-bounds write vulnerability

Talos Vulnerability Report TALOS-2021-1378 Anker Eufy Homebase 2 homesecurity CMDDEVICEGETSERVERLISTREQUEST out-of-bounds write vulnerability November 29, 2021 CVE Number CVE-2021-21950,CVE-2021-21951 SUMMARY An out-of-bounds write vulnerability exists in the CMDDEVICEGETSERVERLISTREQUEST...

10CVSS9.2AI score0.02405EPSS
Exploits2
Talos
Talos
added 2021/11/22 12:0 a.m.51 views

Advantech R-SeeNet application multiple SQL injection vulnerabilities in the 'company_list' page

Summary Multiple exploitable SQL injection vulnerabilities exist in the ‘companylist’ page of the Advantech R-SeeNet 2.4.15 30.07.2021. A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. However, the high...

7.7CVSS6.1AI score0.01134EPSS
Exploits2
Talos
Talos
added 2021/11/22 12:0 a.m.42 views

Advantech R-SeeNet application multiple SQL injection vulnerabilities in the 'user_list' page

Summary Multiple exploitable SQL injection vulnerabilities exist in the ‘userlist’ page of the Advantech R-SeeNet 2.4.15 30.07.2021. A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities with the administrativ...

7.7CVSS6.1AI score0.01134EPSS
Exploits2
Talos
Talos
added 2021/11/22 12:0 a.m.40 views

Advantech R-SeeNet application multiple SQL injection vulnerabilities in the 'device_list' page

Summary Multiple exploitable SQL injection vulnerabilities exist in the ‘devicelist’ page of the Advantech R-SeeNet 2.4.15 30.07.2021. A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as...

7.3AI score
Exploits0
Talos
Talos
added 2021/11/22 12:0 a.m.49 views

Advantech R-SeeNet installation privilege escalation vulnerability

Summary A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 30.07.2021. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to...

8.8CVSS8.1AI score0.00378EPSS
Exploits3
Talos
Talos
added 2021/11/22 12:0 a.m.71 views

CloudLinux Inc Imunify360 Ai-Bolit php unserialize vulnerability

Summary A php unserialize vulnerability exists in the Ai-Bolit functionality of CloudLinux Inc Imunify360 5.8 and 5.9. A specially-crafted malformed file can lead to potential arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions...

8.3AI score
Exploits0
Talos
Talos
added 2021/11/22 12:0 a.m.29 views

Advantech R-SeeNet application multiple SQL injection vulnerabilities in the 'group_list' page

Summary Multiple exploitable SQL injection vulnerabilities exist in the ‘grouplist’ page of the Advantech R-SeeNet 2.4.15 30.07.2021. A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as...

8.8CVSS8.6AI score0.0138EPSS
Exploits2
Talos
Talos
added 2021/11/17 12:0 a.m.31 views

LibreCad libdxfrw dwgCompressor::copyCompBytes21 heap-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2021-1350 LibreCad libdxfrw dwgCompressor::copyCompBytes21 heap-based buffer overflow vulnerability November 17, 2021 CVE Number CVE-2021-21899 SUMMARY A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw...

8.8CVSS8.7AI score0.02686EPSS
Exploits1
Talos
Talos
added 2021/11/17 12:0 a.m.39 views

LibreCad libdxfrw dxfRW::processLType() use-after-free vulnerability

Talos Vulnerability Report TALOS-2021-1351 LibreCad libdxfrw dxfRW::processLType use-after-free vulnerability November 17, 2021 CVE Number CVE-2021-21900 SUMMARY A code execution vulnerability exists in the dxfRW::processLType functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A...

8.8CVSS8.8AI score0.02465EPSS
Exploits1
Talos
Talos
added 2021/11/17 12:0 a.m.37 views

LibreCad libdxfrw dwgCompressor::decompress18() out-of-bounds write vulnerability

Talos Vulnerability Report TALOS-2021-1349 LibreCad libdxfrw dwgCompressor::decompress18 out-of-bounds write vulnerability November 17, 2021 CVE Number CVE-2021-21898 SUMMARY A code execution vulnerability exists in the dwgCompressor::decompress18 functionality of LibreCad libdxfrw...

8.8CVSS8.7AI score0.02515EPSS
Exploits1
Talos
Talos
added 2021/11/16 12:0 a.m.48 views

Google Chrome WebRTC addIceCandidate use after free vulnerability

Summary A use after free vulnerability exists in the WebRTC functionality of Google Chrome 91.0.4472.114 Stable and 93.0.4575.0 Canary. A specially-crafted web page can trigger reuse of previously freed memory which can lead to arbitrary code execution. Victim would need to visit a malicious...

8.8CVSS8.8AI score0.02118EPSS
Exploits1
Talos
Talos
added 2021/11/15 12:0 a.m.32 views

Lantronix PremierWave 2050 Web Manager SslGenerateCertificate OS command injection vulnerability

Talos Vulnerability Report TALOS-2021-1332 Lantronix PremierWave 2050 Web Manager SslGenerateCertificate OS command injection vulnerability November 15, 2021 CVE Number CVE-2021-21888 Summary An OS command injection vulnerability exists in the Web Manager SslGenerateCertificate functionality of...

9.1CVSS9.2AI score0.03886EPSS
Exploits1
Talos
Talos
added 2021/11/15 12:0 a.m.38 views

Lantronix PremierWave 2050 Web Manager FsUnmount OS command injection vulnerability

Summary An OS command injection vulnerability exists in the Web Manager FsUnmount functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. Test...

9.9CVSS9.1AI score0.06061EPSS
Exploits1
Talos
Talos
added 2021/11/15 12:0 a.m.58 views

Lantronix PremierWave 2050 Web Manager FsTFtp directory traversal vulnerability

Summary A directory traversal vulnerability exists in the Web Manager FsTFtp functionality of Lantronix PremierWave 2050 8.9.0.0R4 in QEMU. A specially crafted HTTP request can lead to arbitrary file overwrite and arbitrary file disclosure. An attacker can make an authenticated HTTP request to...

9.1CVSS8AI score0.02399EPSS
Exploits2
Talos
Talos
added 2021/11/15 12:0 a.m.35 views

Lantronix PremierWave 2050 Web Manager File Upload directory traversal vulnerability

Summary A directory traversal vulnerability exists in the Web Manager File Upload functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary file overwrite. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested...

9.9CVSS8.6AI score0.03656EPSS
Exploits1
Talos
Talos
added 2021/11/15 12:0 a.m.42 views

Lantronix PremierWave 2050 Web Manager FsCopyFile directory traversal vulnerability

Summary A directory traversal vulnerability exists in the Web Manager FsCopyFile functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to local file inclusion. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested...

7.2CVSS6.8AI score0.02386EPSS
Exploits1
Talos
Talos
added 2021/11/15 12:0 a.m.37 views

Lantronix PremierWave 2050 Web Manager SslGenerateCSR stack-based buffer overflow vulnerability

Summary A stack-based buffer overflow vulnerability exists in the Web Manager SslGenerateCSR functionality of Lantronix PremierWave 2050 8.9.0.0R4 in QEMU. A specially crafted HTTP request can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this...

9.1CVSS9.6AI score0.02989EPSS
Exploits1
Talos
Talos
added 2021/11/15 12:0 a.m.33 views

Lantronix PremierWave 2050 Web Manager FsMove directory traversal vulnerability

Summary A directory traversal vulnerability exists in the Web Manager FsMove functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially crafted HTTP request can lead to local file inclusion. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested Versions...

7.2CVSS6.8AI score0.02386EPSS
Exploits1
Talos
Talos
added 2021/11/15 12:0 a.m.31 views

Lantronix PremierWave 2050 Web Manager Diagnostics: Ping OS command injection vulnerability

Summary An OS command injection vulnerability exists in the Web Manager Diagnostics: Ping functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this...

9.9CVSS9.9AI score0.06061EPSS
Exploits1
Talos
Talos
added 2021/11/15 12:0 a.m.76 views

Lantronix PremierWave 2050 Web Manager FsBrowseClean directory traversal vulnerability

Summary A directory traversal vulnerability exists in the Web Manager FsBrowseClean functionality of Lantronix PremierWave 2050 8.9.0.0R4 in QEMU. A specially crafted HTTP request can lead to arbitrary file deletion. An attacker can make an authenticated HTTP request to trigger this vulnerability...

6.5CVSS5.7AI score0.02157EPSS
Exploits1
Talos
Talos
added 2021/11/15 12:0 a.m.41 views

Lantronix PremierWave 2050 Web Manager FsUnmount stack-based buffer overflow vulnerability

Summary A stack-based buffer overflow vulnerability exists in the Web Manager FsUnmount functionality of Lantronix PremierWave 2050 8.9.0.0R4 in QEMU. A specially crafted HTTP request can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this...

9.9CVSS9.8AI score0.30436EPSS
Exploits1
Talos
Talos
added 2021/11/15 12:0 a.m.48 views

Lantronix PremierWave 2050 Web Manager FsTFtp OS command injection vulnerabilities

Summary Multiple OS command injection vulnerabilities exists in the Web Manager FsTFtp functionality of Lantronix PremierWave 2050 8.9.0.0R4. Specially-crafted HTTP requests can lead to arbitrary command execution. An attacker can make authenticated HTTP requests to trigger these vulnerabilities...

9.1CVSS9.7AI score0.02694EPSS
Exploits1
Talos
Talos
added 2021/11/15 12:0 a.m.36 views

Lantronix PremierWave 2050 Web Manager SslGenerateCSR OS command injection vulnerability

Summary An OS command injection vulnerability exists in the Web Manager SslGenerateCSR functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

9.1CVSS9.3AI score0.05271EPSS
Exploits1
Talos
Talos
added 2021/11/15 12:0 a.m.40 views

Lantronix PremierWave 2050 Web Manager FSBrowsePage directory traversal vulnerability

Summary A directory traversal vulnerability exists in the Web Manager FSBrowsePage functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially crafted HTTP request can lead to information disclosure. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested...

4.3CVSS4.2AI score0.01876EPSS
Exploits1
Talos
Talos
added 2021/11/15 12:0 a.m.43 views

Lantronix PremierWave 2050 Web Manager Applications and FsBrowse local file inclusion vulnerability

Summary A local file inclusion vulnerability exists in the Web Manager Applications and FsBrowse functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted series of HTTP requests can lead to local file inclusion. An attacker can make a series of authenticated HTTP requests to...

6.8CVSS5.3AI score0.01203EPSS
Exploits1
Talos
Talos
added 2021/11/15 12:0 a.m.57 views

Lantronix PremierWave 2050 Web Manager Wireless Network Scanner OS command injection vulnerability

Summary An OS command injection vulnerability exists in the Web Manager Wireless Network Scanner functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

9.9CVSS9.6AI score0.37064EPSS
Exploits1
Talos
Talos
added 2021/11/15 12:0 a.m.38 views

Lantronix PremierWave 2050 Web Manager Ping stack-based buffer overflow vulnerability

Summary A stack-based buffer overflow vulnerability exists in the Web Manager Ping functionality of Lantronix PremierWave 2050 8.9.0.0R4 in QEMU. A specially crafted HTTP request can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

9.9CVSS9.7AI score0.02845EPSS
Exploits1
Total number of security vulnerabilities2224