CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-27077
https://notcve.org/view.php?id=CVE-2023-27077
Stack Overflow vulnerability found in 360 D901 allows a remote attacker to cause a Distributed Denial of Service (DDOS) via a crafted HTTP package. • https://github.com/B2eFly/Router/blob/main/360/360D901.md • CWE-787: Out-of-bounds Write •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4392 – iPanorama 360 WordPress Virtual Tour Builder <= 1.6.29 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2022-4392
The iPanorama 360 WordPress Virtual Tour Builder plugin through 1.6.29 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. The iPanorama 360 WordPress Virtual Tour Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in versions up to, and including, 1.6.29 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://wpscan.com/vulnerability/c298e3dc-09a7-40bb-a361-f49af4bce77e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-3405
https://notcve.org/view.php?id=CVE-2019-3405
In the 3.1.3.64296 and lower version of 360F5, the third party can trigger the device to send a deauth frame by constructing and sending a specific illegal 802.11 Null Data Frame, which will cause other wireless terminals connected to disconnect from the wireless, so as to attack the router wireless by DoS. At present, the vulnerability has been effectively handled, and users can fix the vulnerability after updating the firmware version. En la versión 3.1.3.64296 y versión inferior de 360F5, los terceros pueden activar el dispositivo para enviar una trama de autenticación mediante la construcción y el envío de un 802.11 Null Data Frame ilegal específico, lo que causará que otros terminales inalámbricos conectados se desconecten de la red inalámbrica, que es atacar el enrutador inalámbrico mediante una DoS. En la actualidad, la vulnerabilidad se ha manejado de manera eficaz y los usuarios pueden corregirla después de actualizar la versión del firmware • https://security.360.cn/News/news/id/246 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-24158
https://notcve.org/view.php?id=CVE-2020-24158
360 Speed Browser 12.0.1247.0 has a DLL hijacking vulnerability, which can be exploited by attackers to execute malicious code. It is a dual-core browser owned by Beijing Qihoo Technology. 360 Speed ??Browser versión 12.0.1247.0, presenta una vulnerabilidad de secuestro de DLL, que puede ser explotada por los atacantes para ejecutar código malicioso. Es un navegador de dual-core propiedad de Beijing Qihoo Technology • https://www.cnvd.org.cn/flaw/show/2105401 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-3404
https://notcve.org/view.php?id=CVE-2019-3404
By adding some special fields to the uri ofrouter app function, the user could abuse background app cgi functions withoutauthentication. This affects 360 router P0 and F5C. Al agregar algunos campos especiales en la función de uri ofrouter app, el usuario podría abusar de las funciones cgi de la aplicación en segundo plano sin necesidad de autenticación. Esto afecta a los enrutadores P0 y F5C de 360. • https://security.360.cn/News/news/id/218.html •