Total
57 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-21827 | 2024-11-21 | 7.2 High | ||
| A leftover debug code vulnerability exists in the cli_server debug functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.4.1 Build 20240117 Rel.57421. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. | ||||
| CVE-2023-4227 | 1 Moxa | 3 Iologik 4000 Series, Iologik E4200, Iologik E4200 Firmware | 2024-11-21 | 5.3 Medium |
| A vulnerability has been identified in the ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, which can be exploited by malicious actors to potentially gain unauthorized access to the product. This could lead to security breaches, data theft, and unauthorized manipulation of sensitive information. The vulnerability is attributed to the presence of an unauthorized service, which could potentially enable unauthorized access to the. device. | ||||
| CVE-2023-49593 | 1 Level1 | 2 Wbr-6013, Wbr-6013 Firmware | 2024-11-21 | 7.2 High |
| Leftover debug code exists in the boa formSysCmd functionality of LevelOne WBR-6013 RER4_A_v3411b_2T2R_LEV_09_170623. A specially crafted network request can lead to arbitrary command execution. | ||||
| CVE-2023-34346 | 1 Yifanwireless | 2 Yf325, Yf325 Firmware | 2024-11-21 | 9.8 Critical |
| A stack-based buffer overflow vulnerability exists in the httpd gwcfg.cgi get functionality of Yifan YF325 v1.0_20221108. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability. | ||||
| CVE-2023-32645 | 1 Yifanwireless | 2 Yf325, Yf325 Firmware | 2024-11-21 | 9.8 Critical |
| A leftover debug code vulnerability exists in the httpd debug credentials functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to authentication bypass. An attacker can send a network request to trigger this vulnerability. | ||||
| CVE-2022-46156 | 1 Grafana | 1 Synthetic Monitoring Agent | 2024-11-21 | 7.2 High |
| The Synthetic Monitoring Agent for Grafana's Synthetic Monitoring application provides probe functionality and executes network checks for monitoring remote targets. Users running the Synthetic Monitoring agent prior to version 0.12.0 in their local network are impacted. The authentication token used to communicate with the Synthetic Monitoring API is exposed through a debugging endpoint. This token can be used to retrieve the Synthetic Monitoring checks created by the user and assigned to the agent identified with that token. The Synthetic Monitoring API will reject connections from already-connected agents, so access to the token does not guarantee access to the checks. Version 0.12.0 contains a fix. Users are advised to rotate the agent tokens. After upgrading to version v0.12.0 or later, it's recommended that users of distribution packages review the configuration stored in `/etc/synthetic-monitoring/synthetic-monitoring-agent.conf`, specifically the `API_TOKEN` variable which has been renamed to `SM_AGENT_API_TOKEN`. As a workaround for previous versions, it's recommended that users review the agent settings and set the HTTP listening address in a manner that limits the exposure, for example, localhost or a non-routed network, by using the command line parameter `-listen-address`, e.g. `-listen-address localhost:4050`. | ||||
| CVE-2022-38715 | 1 Siretta | 2 Quartz-gold, Quartz-gold Firmware | 2024-11-21 | 8.8 High |
| A leftover debug code vulnerability exists in the httpd shell.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2022-38453 | 1 Contechealth | 2 Cms8000, Cms8000 Firmware | 2024-11-21 | 3 Low |
| Multiple binary application files on the CMS8000 device are compiled with 'not stripped' and 'debug_info' compilation settings. These compiler settings greatly decrease the level of effort for a threat actor to reverse engineer sensitive code and identify additional vulnerabilities. | ||||
| CVE-2022-32760 | 1 Goabode | 2 Iota All-in-one Security Kit, Iota All-in-one Security Kit Firmware | 2024-11-21 | 7.5 High |
| A denial of service vulnerability exists in the XCMD doDebug functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to denial of service. An attacker can send a malicious XML payload to trigger this vulnerability. | ||||
| CVE-2022-32585 | 1 Robustel | 2 R1510, R1510 Firmware | 2024-11-21 | 9.8 Critical |
| A command execution vulnerability exists in the clish art2 functionality of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. | ||||
| CVE-2022-30543 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2024-11-21 | 8.8 High |
| A leftover debug code vulnerability exists in the console infct functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to execution of privileged operations. An attacker can send a sequence of requests to trigger this vulnerability. | ||||
| CVE-2022-29888 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2024-11-21 | 8.1 High |
| A leftover debug code vulnerability exists in the httpd port 4444 upload.cgi functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted HTTP request can lead to arbitrary file deletion. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2022-29520 | 1 Goabode | 2 Iota All-in-one Security Kit, Iota All-in-one Security Kit Firmware | 2024-11-21 | 9.8 Critical |
| An OS command injection vulnerability exists in the console_main_loop :sys functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send an XML payload to trigger this vulnerability. | ||||
| CVE-2022-29481 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2024-11-21 | 6.5 Medium |
| A leftover debug code vulnerability exists in the console nvram functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability. | ||||
| CVE-2022-28689 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2024-11-21 | 8.8 High |
| A leftover debug code vulnerability exists in the console support functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. | ||||
| CVE-2022-26023 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2024-11-21 | 6.5 Medium |
| A leftover debug code vulnerability exists in the console verify functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability. | ||||
| CVE-2022-25995 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2024-11-21 | 8.8 High |
| A command execution vulnerability exists in the console inhand functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. | ||||
| CVE-2021-40419 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2024-11-21 | 7.5 High |
| A firmware update vulnerability exists in the 'factory' binary of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted series of network requests can lead to arbitrary firmware update. An attacker can send a sequence of requests to trigger this vulnerability. | ||||
| CVE-2021-3972 | 1 Lenovo | 210 Ideapad 3-14ada05, Ideapad 3-14ada05 Firmware, Ideapad 3-14ada6 and 207 more | 2024-11-21 | 6.7 Medium |
| A potential vulnerability by a driver used during manufacturing process on some consumer Lenovo Notebook devices' BIOS that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable. | ||||
| CVE-2021-3971 | 1 Lenovo | 146 Ideapad 3-14ada05, Ideapad 3-14ada05 Firmware, Ideapad 3-14ada6 and 143 more | 2024-11-21 | 6.7 Medium |
| A potential vulnerability by a driver used during older manufacturing processes on some consumer Lenovo Notebook devices that was mistakenly included in the BIOS image could allow an attacker with elevated privileges to modify firmware protection region by modifying an NVRAM variable. | ||||