CVSS: 8.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-42851
https://notcve.org/view.php?id=CVE-2024-42851
Buffer Overflow vulnerability in open source exiftags v.1.01 allows a local attacker to execute arbitrary code via the paresetag function. • https://github.com/T1anyang/fuzzing/blob/main/exiftags/crash.md https://github.com/T1anyang/fuzzing/tree/main/exiftags • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-44340
https://notcve.org/view.php?id=CVE-2024-44340
D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via keys smartqos_express_devices and smartqos_normal_devices in SetSmartQoSSettings. • http://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DIR-846W https://github.com/yali-1002/some-poc/blob/main/CVE-2024-44340 https://www.dlink.com/en/security-bulletin • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-41622
https://notcve.org/view.php?id=CVE-2024-41622
D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the tomography_ping_address parameter in /HNAP1/ interface. • http://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DIR-846W https://github.com/yali-1002/some-poc/blob/main/CVE-2024-41622 https://www.dlink.com/en/security-bulletin • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0CVE-2022-39996
https://notcve.org/view.php?id=CVE-2022-39996
Cross Site Scripting vulnerability in Teldats Router RS123, RS123w allows attacker to execute arbitrary code via the cmdcookie parameter to the upgrade/query.php page. • https://github.com/uyhacked/Teldat-s-Router/blob/main/Teldat https://github.com/uyhacked/Teldat-s-Router/blob/main/Teldat%27s%20Router%20Vulnerability.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-44341
https://notcve.org/view.php?id=CVE-2024-44341
D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the lan(0)_dhcps_staticlist parameter. • http://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DIR-846W https://github.com/yali-1002/some-poc/blob/main/CVE-2024-44341 https://www.dlink.com/en/security-bulletin • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •