2218 matches found
Wavlink AC3000 openvpn.cgi openvpn_server_setup() Configuration Control Vulnerabilities
Talos Vulnerability Report TALOS-2024-2050 Wavlink AC3000 openvpn.cgi openvpnserversetup Configuration Control Vulnerabilities January 14, 2025 CVE Number CVE-2024-39798,CVE-2024-39800,CVE-2024-39799 SUMMARY Multiple external config control vulnerabilities exists in the openvpn.cgi...
Wavlink AC3000 wireless.cgi set_wifi_basic_mesh() buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-2042 Wavlink AC3000 wireless.cgi setwifibasicmesh buffer overflow vulnerability January 14, 2025 CVE Number CVE-2024-39603 SUMMARY A stack-based buffer overflow vulnerability exists in the wireless.cgi setwifibasicmesh functionality of Wavlink AC3000...
Wavlink AC3000 wireless.cgi SetName() buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-2039 Wavlink AC3000 wireless.cgi SetName buffer overflow vulnerability January 14, 2025 CVE Number CVE-2024-39357 SUMMARY A stack-based buffer overflow vulnerability exists in the wireless.cgi SetName functionality of Wavlink AC3000 M33A8.V5030.210505. A...
Wavlink AC3000 update_filter_url.sh argument injection vulnerability
Talos Vulnerability Report TALOS-2024-2038 Wavlink AC3000 updatefilterurl.sh argument injection vulnerability January 14, 2025 CVE Number CVE-2024-39604 SUMMARY A command execution vulnerability exists in the updatefilterurl.sh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially craft...
Wavlink AC3000 wireless.cgi AddMac() buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-2043 Wavlink AC3000 wireless.cgi AddMac buffer overflow vulnerability January 14, 2025 CVE Number CVE-2024-39757 SUMMARY A stack-based buffer overflow vulnerability exists in the wireless.cgi AddMac functionality of Wavlink AC3000 M33A8.V5030.210505. A...
Wavlink AC3000 wireless.cgi DeleteMac() buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-2040 Wavlink AC3000 wireless.cgi DeleteMac buffer overflow vulnerability January 14, 2025 CVE Number CVE-2024-39359 SUMMARY A stack-based buffer overflow vulnerability exists in the wireless.cgi DeleteMac functionality of Wavlink AC3000 M33A8.V5030.210505. A...
Wavlink AC3000 touchlist_sync.cgi touchlistsync() buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-2046 Wavlink AC3000 touchlistsync.cgi touchlistsync buffer overflow vulnerability January 14, 2025 CVE Number CVE-2024-36258 SUMMARY A stack-based buffer overflow vulnerability exists in the touchlistsync.cgi touchlistsync functionality of Wavlink AC3000...
Wavlink AC3000 nas.cgi set_ftp_cfg() Configuration Control Vulnerabilities
Talos Vulnerability Report TALOS-2024-2056 Wavlink AC3000 nas.cgi setftpcfg Configuration Control Vulnerabilities January 14, 2025 CVE Number CVE-2024-39788,CVE-2024-39790,CVE-2024-39789 SUMMARY Multiple external config control vulnerabilities exist in the nas.cgi setftpcfg functionality of Wavli...
Wavlink AC3000 qos.cgi qos_sta() command injection vulnerability
Talos Vulnerability Report TALOS-2024-2047 Wavlink AC3000 qos.cgi qossta command injection vulnerability January 14, 2025 CVE Number CVE-2024-36295 SUMMARY A command execution vulnerability exists in the qos.cgi qossta functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP...
Wavlink AC3000 nas.cgi remove_dir() Command Injection Vulnerability
Talos Vulnerability Report TALOS-2024-2054 Wavlink AC3000 nas.cgi removedir Command Injection Vulnerability January 14, 2025 CVE Number CVE-2024-39360 SUMMARY An os command injection vulnerability exists in the nas.cgi removedir functionality of Wavlink AC3000 M33A8.V5030.210505. A specially...
Wavlink AC3000 adm.cgi set_ledonoff() OS command injection vulnerability
Talos Vulnerability Report TALOS-2024-2032 Wavlink AC3000 adm.cgi setledonoff OS command injection vulnerability January 14, 2025 CVE Number CVE-2024-37186 SUMMARY An os command injection vulnerability exists in the adm.cgi setledonoff functionality of Wavlink AC3000 M33A8.V5030.210505. A special...
Wavlink AC3000 nas.cgi set_nas() samba Configuration Control Vulnerability
Talos Vulnerability Report TALOS-2024-2052 Wavlink AC3000 nas.cgi setnas samba Configuration Control Vulnerability January 14, 2025 CVE Number CVE-2024-39602 SUMMARY An external config control vulnerability exists in the nas.cgi setnas functionality of Wavlink AC3000 M33A8.V5030.210505. A special...
Wavlink AC3000 qos.cgi qos_settings() buffer overflow vulnerabilities
Talos Vulnerability Report TALOS-2024-2049 Wavlink AC3000 qos.cgi qossettings buffer overflow vulnerabilities January 14, 2025 CVE Number CVE-2024-39803,CVE-2024-39801,CVE-2024-39802 SUMMARY Multiple buffer overflow vulnerabilities exist in the qos.cgi qossettings functionality of Wavlink AC3000...
Wavlink AC3000 usbip.cgi set_info() buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-2045 Wavlink AC3000 usbip.cgi setinfo buffer overflow vulnerability January 14, 2025 CVE Number CVE-2024-36272 SUMMARY A buffer overflow vulnerability exists in the usbip.cgi setinfo functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP...
Wavlink AC3000 login.cgi set_lang_CountryCode() Persistent XSS vulnerability
Talos Vulnerability Report TALOS-2024-2017 Wavlink AC3000 login.cgi setlangCountryCode Persistent XSS vulnerability January 14, 2025 CVE Number CVE-2024-39363 SUMMARY A cross-site scripting xss vulnerability exists in the login.cgi setlangCountryCode functionality of Wavlink AC3000...
Wavlink AC3000 qos.cgi qos_sta_settings() buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-2048 Wavlink AC3000 qos.cgi qosstasettings buffer overflow vulnerability January 14, 2025 CVE Number CVE-2024-39299 SUMMARY A buffer overflow vulnerability exists in the qos.cgi qosstasettings functionality of Wavlink AC3000 M33A8.V5030.210505. A specially...
Wavlink AC3000 wireless.cgi AddMac() command injection vulnerability
Talos Vulnerability Report TALOS-2024-2044 Wavlink AC3000 wireless.cgi AddMac command injection vulnerability January 14, 2025 CVE Number CVE-2024-34544 SUMMARY A command injection vulnerability exists in the wireless.cgi AddMac functionality of Wavlink AC3000 M33A8.V5030.210505. A specially...
Wavlink AC3000 internet.cgi set_qos() buffer overflow vulnerabilities
Talos Vulnerability Report TALOS-2024-2022 Wavlink AC3000 internet.cgi setqos buffer overflow vulnerabilities January 14, 2025 CVE Number CVE-2024-39768,CVE-2024-39770,CVE-2024-39769 SUMMARY Multiple buffer overflow vulnerabilities exist in the internet.cgi setqos functionality of Wavlink AC3000...
Wavlink AC3000 login.cgi Unauthenticated Firmware Upload vulnerability
Talos Vulnerability Report TALOS-2024-2036 Wavlink AC3000 login.cgi Unauthenticated Firmware Upload vulnerability January 14, 2025 CVE Number CVE-2024-39608 SUMMARY A firmware update vulnerability exists in the login.cgi functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP...
OFFIS DCMTK nowindow improper array index validation vulnerability
Talos Vulnerability Report TALOS-2024-2122 OFFIS DCMTK nowindow improper array index validation vulnerability January 13, 2025 CVE Number CVE-2024-47796 SUMMARY An improper array index validation vulnerability exists in the nowindow functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM fi...
OFFIS DCMTK determineMinMax improper array index validation vulnerability
Talos Vulnerability Report TALOS-2024-2121 OFFIS DCMTK determineMinMax improper array index validation vulnerability January 13, 2025 CVE Number CVE-2024-52333 SUMMARY An improper array index validation vulnerability exists in the determineMinMax functionality of OFFIS DCMTK 3.6.8. A specially...
Progress WhatsUp Gold SnmpExtendedActiveMonitor path traversal vulnerability
Talos Vulnerability Report TALOS-2024-2089 Progress WhatsUp Gold SnmpExtendedActiveMonitor path traversal vulnerability January 8, 2025 CVE Number CVE-2024-12105 SUMMARY A path traversal vulnerability exists in the handling of SnmpExtendedActiveMonitor requests in Progress WhatsUp Gold 24.0.1 Bui...
Foxit Reader 3D Page Object Use-After-Free Vulnerability
Talos Vulnerability Report TALOS-2024-2094 Foxit Reader 3D Page Object Use-After-Free Vulnerability December 18, 2024 CVE Number CVE-2024-47810 SUMMARY A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a 3D page object. A specially crafted Javascript code inside...
Foxit Reader Checkbox Calculate CBF_Widget Use-After-Free Vulnerability
Talos Vulnerability Report TALOS-2024-2093 Foxit Reader Checkbox Calculate CBFWidget Use-After-Free Vulnerability December 18, 2024 CVE Number CVE-2024-49576 SUMMARY A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a checkbox CBFWidget object. A specially craft...
Adobe Acrobat Reader Font Program Function Definition Out-Of-Bounds Read Vulnerability
Talos Vulnerability Report TALOS-2024-2076 Adobe Acrobat Reader Font Program Function Definition Out-Of-Bounds Read Vulnerability December 11, 2024 CVE Number CVE-2024-49534 SUMMARY An out-of-bounds read vulnerability exists in font handling code of Adobe Acrobat Reader 2024.002.21005. A font fil...
Adobe Acrobat Reader Font gvar per-tuple-variation-table Out-Of-Bounds Read Vulnerability
Talos Vulnerability Report TALOS-2024-2064 Adobe Acrobat Reader Font gvar per-tuple-variation-table Out-Of-Bounds Read Vulnerability December 11, 2024 CVE Number CVE-2024-49532 SUMMARY An out-of-bounds read vulnerability exists in font handling code of Adobe Acrobat Reader 2024.002.21005. A...
Adobe Acrobat Reader Font Private Point Numbers Out-Of-Bounds Read Vulnerability
Talos Vulnerability Report TALOS-2024-2070 Adobe Acrobat Reader Font Private Point Numbers Out-Of-Bounds Read Vulnerability December 11, 2024 CVE Number CVE-2024-49533 SUMMARY An out-of-bounds read vulnerability exists in font handling code of Adobe Acrobat Reader 2024.002.21005. A font file with...
GoCast NAT parameter OS command injection vulnerability
Talos Vulnerability Report TALOS-2024-1961 GoCast NAT parameter OS command injection vulnerability November 21, 2024 CVE Number CVE-2024-29224 SUMMARY An OS command injection vulnerability exists in the NAT parameter of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command...
MC Technologies MC LR Router web interface configuration upload OS command injection vulnerability
Talos Vulnerability Report TALOS-2024-1954 MC Technologies MC LR Router web interface configuration upload OS command injection vulnerability November 21, 2024 CVE Number CVE-2024-21786 SUMMARY An OS command injection vulnerability exists in the web interface configuration upload functionality of...
GoCast name parameter OS command injection vulnerability
Talos Vulnerability Report TALOS-2024-1960 GoCast name parameter OS command injection vulnerability November 21, 2024 CVE Number CVE-2024-28892 SUMMARY An OS command injection vulnerability exists in the name parameter of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary comman...
MC Technologies MC LR Router web interface I/O configuration OS command injection vulnerabilities
Talos Vulnerability Report TALOS-2024-1953 MC Technologies MC LR Router web interface I/O configuration OS command injection vulnerabilities November 21, 2024 CVE Number CVE-2024-28027,CVE-2024-28025,CVE-2024-28026 SUMMARY Three OS command injection vulnerabilities exist in the web interface I/O...
GoCast HTTP API lack of authentication vulnerability
Talos Vulnerability Report TALOS-2024-1962 GoCast HTTP API lack of authentication vulnerability November 21, 2024 CVE Number CVE-2024-21855 SUMMARY A lack of authentication vulnerability exists in the HTTP API functionality of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary...
LevelOne WBR-6012 Web and FTP cleartext transmission vulnerability
Talos Vulnerability Report TALOS-2024-1983 LevelOne WBR-6012 Web and FTP cleartext transmission vulnerability October 30, 2024 CVE Number CVE-2024-32946 SUMMARY A vulnerability in the LevelOne WBR-6012 router’s firmware version R0.40e6 allows sensitive information to be transmitted in cleartext v...
LevelOne WBR-6012 Web Application authentication bypass vulnerability
Talos Vulnerability Report TALOS-2024-1996 LevelOne WBR-6012 Web Application authentication bypass vulnerability October 30, 2024 CVE Number CVE-2024-23309 SUMMARY The LevelOne WBR-6012 router with firmware R0.40e6 has an authentication bypass vulnerability in its web application due to reliance ...
LevelOne WBR-6012 Web Application denial of service vulnerability
Talos Vulnerability Report TALOS-2024-2001 LevelOne WBR-6012 Web Application denial of service vulnerability October 30, 2024 CVE Number CVE-2024-33623 SUMMARY A denial of service vulnerability exists in the Web Application functionality of LevelOne WBR-6012 R0.40e6. A specially crafted HTTP...
LevelOne WBR-6012 Web Application information disclosure vulnerability
Talos Vulnerability Report TALOS-2024-1985 LevelOne WBR-6012 Web Application information disclosure vulnerability October 30, 2024 CVE Number CVE-2024-33603 SUMMARY The LevelOne WBR-6012 router has an information disclosure vulnerability in its web application, which allows unauthenticated users ...
LevelOne WBR-6012 Web Application buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-1997 LevelOne WBR-6012 Web Application buffer overflow vulnerability October 30, 2024 CVE Number CVE-2024-28052 SUMMARY The WBR-6012 is a wireless SOHO router. It is a low-cost device which functions as an internet gateway for homes and small offices while...
LevelOne WBR-6012 FTP improper input validation vulnerability
Talos Vulnerability Report TALOS-2024-1998 LevelOne WBR-6012 FTP improper input validation vulnerability October 30, 2024 CVE Number CVE-2024-33700 SUMMARY The LevelOne WBR-6012 router firmware R0.40e6 suffers from an input validation vulnerability within its FTP functionality, enabling attackers...
LevelOne WBR-6012 Web Application information disclosure vulnerability
Talos Vulnerability Report TALOS-2024-1986 LevelOne WBR-6012 Web Application information disclosure vulnerability October 30, 2024 CVE Number CVE-2024-33626 SUMMARY The LevelOne WBR-6012 router contains a vulnerability within its web application that allows unauthenticated disclosure of sensitive...
LevelOne WBR-6012 Web Application cross-site request forgery (CSRF) vulnerability
Talos Vulnerability Report TALOS-2024-1981 LevelOne WBR-6012 Web Application cross-site request forgery CSRF vulnerability October 30, 2024 CVE Number CVE-2024-24777 SUMMARY A cross-site request forgery CSRF vulnerability exists in the Web Application functionality of the LevelOne WBR-6012 R0.40e...
LevelOne WBR-6012 hard-coded password vulnerability
Talos Vulnerability Report TALOS-2024-1979 LevelOne WBR-6012 hard-coded password vulnerability October 30, 2024 CVE Number CVE-2024-28875,CVE-2024-31151 SUMMARY A security flaw involving hard-coded credentials in LevelOne WBR-6012’s web services allows attackers to gain unauthorized access during...
LevelOne WBR-6012 Web Application weak authentication vulnerability
Talos Vulnerability Report TALOS-2024-1984 LevelOne WBR-6012 Web Application weak authentication vulnerability October 30, 2024 CVE Number CVE-2024-33699 SUMMARY The LevelOne WBR-6012 router’s web application has a vulnerability in its firmware version R0.40e6, allowing attackers to change the...
LevelOne WBR-6012 Web Application improper resource allocation vulnerability
Talos Vulnerability Report TALOS-2024-1982 LevelOne WBR-6012 Web Application improper resource allocation vulnerability October 30, 2024 CVE Number CVE-2024-31152 SUMMARY The LevelOne WBR-6012 router with firmware R0.40e6 is vulnerable to improper resource allocation within its web application,...
NVIDIA D3D10 Driver Shader Functionality STORE_STRUCTURED instruction out-of-bounds read vulnerability
Talos Vulnerability Report TALOS-2024-2014 NVIDIA D3D10 Driver Shader Functionality STORESTRUCTURED instruction out-of-bounds read vulnerability October 23, 2024 CVE Number CVE-2024-0120 SUMMARY An out-of-bounds read vulnerability exists in the Shader Functionality functionality of NVIDIA D3D10...
NVIDIA D3D10 Driver Shader Functionality out-of-bounds read vulnerability due to excessive loop iteration
Talos Vulnerability Report TALOS-2024-2013 NVIDIA D3D10 Driver Shader Functionality out-of-bounds read vulnerability due to excessive loop iteration October 23, 2024 CVE Number CVE-2024-0118 SUMMARY An out-of-bounds read vulnerability exists in the Shader Functionality functionality of NVIDIA D3D...
NVIDIA D3D10 Driver Shader Functionality MOV instruction out-of-bounds read vulnerability
Talos Vulnerability Report TALOS-2024-2015 NVIDIA D3D10 Driver Shader Functionality MOV instruction out-of-bounds read vulnerability October 23, 2024 CVE Number CVE-2024-0119 SUMMARY An out-of-bounds read vulnerability exists in the Shader Functionality functionality of NVIDIA D3D10 Driver 555.99...
NVIDIA D3D10 Driver Shader Functionality SAMPLE out-of-bounds read vulnerability
Talos Vulnerability Report TALOS-2024-1955 NVIDIA D3D10 Driver Shader Functionality SAMPLE out-of-bounds read vulnerability October 23, 2024 CVE Number CVE-2024-0121 SUMMARY An out-of-bounds read vulnerability exists in the Shader Functionality SAMPLE instruction of NVIDIA D3D10 Driver NVIDIA D3D...
NVIDIA D3D10 Driver Shader Functionality LD instruction out-of-bounds read vulnerability
Talos Vulnerability Report TALOS-2024-2012 NVIDIA D3D10 Driver Shader Functionality LD instruction out-of-bounds read vulnerability October 23, 2024 CVE Number CVE-2024-0117 SUMMARY An out-of-bounds read vulnerability exists in the Shader Functionality functionality of NVIDIA D3D10 Driver 555.99,...
Veertu Anka Build node agent update privilege escalation vulnerability
Talos Vulnerability Report TALOS-2024-2060 Veertu Anka Build node agent update privilege escalation vulnerability October 3, 2024 CVE Number CVE-2024-39755 SUMMARY A privilege escalation vulnerability exists in the node update functionality of Veertu Anka Build 1.42.0. A specially crafted PKG fil...
Veertu Anka Build registry log files directory traversal vulnerability
Talos Vulnerability Report TALOS-2024-2061 Veertu Anka Build registry log files directory traversal vulnerability October 3, 2024 CVE Number CVE-2024-41922 SUMMARY A directory traversal vulnerability exists in the log files download functionality of Veertu Anka Build 1.42.0. A specially crafted...