Page 117 of 35163 results (0.084 seconds)

CVSS: 8.0EPSS: 0%CPEs: -EXPL: 0

TP-LINK TL-WDR5620 v2.3 was discovered to contain a remote code execution (RCE) vulnerability via the httpProcDataSrv function. • https://github.com/fishykz/TP-POC https://yuhehe88.github.io/2024/09/04/TL-WDR5620-Gigabit-Edition-v2-3 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0

This can be exploited to overwrite the flash program memory that holds the web server's main interfaces and execute arbitrary code. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-277-01 • CWE-306: Missing Authentication for Critical Function •

CVSS: 9.2EPSS: 0%CPEs: 1EXPL: 0

This flaw allows an attacker to trigger remote code execution by using the special "java-class" attribute. • https://lists.apache.org/thread/c2v7mhqnmq0jmbwxqq3r5jbj1xg43h5x https://access.redhat.com/security/cve/CVE-2024-47561 https://bugzilla.redhat.com/show_bug.cgi?id=2316116 • CWE-502: Deserialization of Untrusted Data •

CVSS: 8.0EPSS: 0%CPEs: -EXPL: 0

A stack-based Buffer Overflow vulnerability in DrayTek Vigor310 devices through 4.3.2.6 allows a remote attacker to execute arbitrary code via a long query string to the cgi-bin/ipfedr.cgi component. • https://www.forescout.com/resources/draybreak-draytek-research https://www.forescout.com/resources/draytek14-vulnerabilities • CWE-121: Stack-based Buffer Overflow •

CVSS: -EPSS: 0%CPEs: -EXPL: 0

DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to execute arbitrary code via the function ft_payload_dns(), because a byte sign-extension operation occurs for the length argument of a _memcpy call, leading to a heap-based Buffer Overflow. • https://www.forescout.com/resources/draybreak-draytek-research https://www.forescout.com/resources/draytek14-vulnerabilities •