Page 8 of 364 results (0.019 seconds)

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

06 Sep 2023 — Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504' allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands. Las versiones de firmware de Archer A10 anteriores a 'Archer A10(JP)_V2_230504' permiten que un atacante no autenticado adyacente a la red ejecute comandos arbitrarios del sistema operativo. • https://jvn.jp/en/vu/JVNVU99392903 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0

06 Sep 2023 — Archer C3150 firmware versions prior to 'Archer C3150(JP)_V2_230511' allows a network-adjacent authenticated attacker to execute arbitrary OS commands. Las versiones de firmware de Archer C3150 anteriores a 'Archer C3150(JP)_V2_230511' permiten que un atacante autenticado adyacente a la red ejecute comandos arbitrarios del sistema operativo. • https://jvn.jp/en/vu/JVNVU99392903 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0

06 Sep 2023 — Archer C5 firmware all versions and Archer C7 firmware versions prior to 'Archer C7(JP)_V2_230602' allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Note that Archer C5 is no longer supported, therefore the update for this product is not provided. Todas las versiones del firmware Archer C5 y las versiones del firmware Archer C7 anteriores a 'Archer C7(JP)_V2_230602' permiten que un atacante autenticado adyacente a la red ejecute comandos arbitrarios del sistema operativo. Ten... • https://jvn.jp/en/vu/JVNVU99392903 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0

06 Sep 2023 — Archer C5400 firmware versions prior to 'Archer C5400(JP)_V2_230506' allows a network-adjacent authenticated attacker to execute arbitrary OS commands. Las versiones de firmware de Archer C5400 anteriores a 'Archer C5400(JP)_V2_230506' permiten que un atacante autenticado adyacente a la red ejecute comandos arbitrarios del sistema operativo. • https://jvn.jp/en/vu/JVNVU99392903 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0

06 Sep 2023 — Deco M4 firmware versions prior to 'Deco M4(JP)_V2_1.5.8 Build 20230619' allows a network-adjacent authenticated attacker to execute arbitrary OS commands. Las versiones de firmware Deco M4 anteriores a 'Deco M4(JP)_V2_1.5.8 Build 20230619' permiten a un atacante autenticado adyacente a la red ejecutar comandos arbitrarios del sistema operativo. • https://jvn.jp/en/vu/JVNVU99392903 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 8.0EPSS: 0%CPEs: 8EXPL: 0

06 Sep 2023 — Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX50 firmware versions prior to 'Archer AX50(JP)_V1_230529', Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504', Archer AX10 firmware versions prior to 'Archer AX10(JP)_V1.2_230508', and Archer AX11000 firmware versions prior to 'Archer AX11000(JP)_V1_230523'. Múltiples productos TP-LINK permiten que un atacante autenticado adyacente a la... • https://jvn.jp/en/vu/JVNVU99392903 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0

06 Sep 2023 — Archer AX6000 firmware versions prior to 'Archer AX6000(JP)_V1_1.3.0 Build 20221208' allows a network-adjacent authenticated attacker to execute arbitrary OS commands. Las versiones de firmware de Archer AX6000 anteriores a 'Archer AX6000(JP)_V1_1.3.0 Build 20221208' permiten a un atacante autenticado adyacente a la red ejecutar comandos arbitrarios del sistema operativo. • https://jvn.jp/en/vu/JVNVU99392903 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

22 Aug 2023 — An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the TSKEP authentication function. Un problema en TPLink Smart bulb Tapo series L530 v.1.0.0 y la aplicación Tapo v.2.8.14 permite a un atacante remoto obtener información confidencial a través de la función de autenticación TSKEP. • https://arxiv.org/abs/2308.09019 •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1

22 Aug 2023 — An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the IV component in the AES128-CBC function. un problema en TPLink Smart bulb Tapo series L530 v.1.0.0 y Tapo Application v.2.8.14 permite a un atacante remoto obtener información sensible a través del componente IV en la función AES128-CBC. • https://arxiv.org/abs/2308.09019 •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

21 Aug 2023 — An issue in TPLink Smart Bulb Tapo series L530 1.1.9, L510E 1.0.8, L630 1.0.3, P100 1.4.9, Smart Camera Tapo series C200 1.1.18, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the authentication code for the UDP message. Un problema en la bombilla inteligente TP Link Tapo serie L530 v.1.0.0 y la aplicación Tapo v.2.8.14 permite a un atacante remoto obtener información confidencial a través del código de autenticación para el mensaje UDP. • https://arxiv.org/abs/2308.09019 •