CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 2CVE-2018-8072
https://notcve.org/view.php?id=CVE-2018-8072
An issue was discovered on EDIMAX IC-3140W through 3.06, IC-5150W through 3.09, and IC-6220DC through 3.06 devices. The ipcam_cgi binary contains a stack-based buffer overflow that is possible to trigger from a remote unauthenticated /camera-cgi/public/getsysyeminfo.cgi?action=VALUE_HERE HTTP request: if the VALUE_HERE length is more than 0x400 (1024), it is possible to overwrite other values located on the stack due to an incorrect use of the strcpy() function. Se ha descubierto una vulnerabilidad en los dispositivos EDIMAX IC-3140W hasta la versión 3.06, IC-5150W hasta la 3.09 e IC-6220DC hasta la 3.06. El binario ipcam_cgi contiene un desbordamiento de búfer basado en pila que es posible desencadenar desde una petición HTTP remota no autenticada /camera-cgi/public/getsysyeminfo.cgi? • https://gitlab.com/nemux/CVE-2018-8072/blob/master/CVE-2018-8072_PoC.txt https://gitlab.com/nemux/CVE-2018-8072/blob/master/nemux_codemotion_Rome18_cover.pdf https://www.edimax.com/edimax/download/download/data/edimax/uk/download/for_home/home_network_cameras/home_network_cameras_indoor_fixed/ic-3140w https://www.nemux.org/2018/04/24/cve-2018-8072 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 14EXPL: 0CVE-2011-4502
https://notcve.org/view.php?id=CVE-2011-4502
The UPnP IGD implementation in Edimax EdiLinux on the Edimax BR-6104K with firmware before 3.25, Edimax 6114Wg, Canyon-Tech CN-WF512 with firmware 1.83, Canyon-Tech CN-WF514 with firmware 2.08, Sitecom WL-153 with firmware before 1.39, and Sweex LB000021 with firmware 3.15 allows remote attackers to execute arbitrary commands via shell metacharacters. La implementación de UPnP IGD en Edimax EdiLinux en el Edimax BR-6104K con firmware anterior a v3.25 Edimax 6114Wg, Canyon-Tech CN-WF512 con firmware anterior a v1.83, Canyon-Tech CN-WF514 con firmware anterior a v2.08, Sitecom WL-153 con firmware anterior a v1.39, y Sweex LB000021 con firmware anterior a v3.15, permite a atacantes remotos ejecutar comandos de su elección a través de metacaracteres shell. • http://www.kb.cert.org/vuls/id/357851 http://www.upnp-hacks.org/devices.html http://www.upnp-hacks.org/suspect.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 14EXPL: 0CVE-2011-4501
https://notcve.org/view.php?id=CVE-2011-4501
The UPnP IGD implementation in Edimax EdiLinux on the Edimax BR-6104K with firmware before 3.25, Edimax 6114Wg, Canyon-Tech CN-WF512 with firmware 1.83, Canyon-Tech CN-WF514 with firmware 2.08, Sitecom WL-153 with firmware before 1.39, and Sweex LB000021 with firmware 3.15 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability. La implementación de UPnP IGD en Edimax EdiLinux en el Edimax BR-6104K con firmware anterior a v3.25 Edimax 6114Wg, Canyon-Tech CN-WF512 con firmware anterior a v1.83, Canyon-Tech CN-WF514 con firmware anterior a v2.08, Sitecom WL-153 con firmware anterior a v1.39, y Sweex LB000021 con firmware anterior a v3.15, permite a atacantes remotos establecer mapeos de puertos de su elección enviando una acción UPnP AddPortMapping en una petición SOAP al interfaz WAN, relacionado con una vulnerabilidad "external forwarding". • http://www.kb.cert.org/vuls/id/357851 http://www.upnp-hacks.org/devices.html http://www.upnp-hacks.org/suspect.html • CWE-16: Configuration •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2006-2561
https://notcve.org/view.php?id=CVE-2006-2561
Edimax BR-6104K router allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter (possibly within NewInternalClient), which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic. • http://secunia.com/advisories/20169 http://www.securityview.org/dutch-student-finds-a-bug-in-upnp.html http://www.securityview.org/how-does-the-upnp-flaw-works.html http://www.vupen.com/english/advisories/2006/1911 https://exchange.xforce.ibmcloud.com/vulnerabilities/26709 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2004-1791
https://notcve.org/view.php?id=CVE-2004-1791
The web management interface in Edimax AR-6004 ADSL Routers uses a default administrator name and password, which also appear as the default login text for the management interface, which allows remote attackers to gain access. • http://securitytracker.com/id?1008643 http://www.osvdb.org/3511 http://www.securityfocus.com/archive/1/349089 •