CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-52564
https://notcve.org/view.php?id=CVE-2024-52564
05 Dec 2024 — Inclusion of undocumented features or chicken bits issue exists in UD-LT1 firmware Ver.2.1.8 and earlier and UD-LT1/EX firmware Ver.2.1.8 and earlier. A remote attacker may disable the firewall function of the affected products. As a result, an arbitrary OS command may be executed and/or configuration settings of the device may be altered. • https://jvn.jp/en/jp/JVN46615026 • CWE-1242: Inclusion of Undocumented Features or Chicken Bits •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-47133
https://notcve.org/view.php?id=CVE-2024-47133
05 Dec 2024 — UD-LT1 firmware Ver.2.1.8 and earlier and UD-LT1/EX firmware Ver.2.1.8 and earlier allow a remote authenticated attacker with an administrative account to execute arbitrary OS commands. UD-LT1 firmware Ver.2.1.9 and earlier and UD-LT1/EX firmware Ver.2.1.9 and earlier allow a remote authenticated attacker with an administrative account to execute arbitrary OS commands. • https://jvn.jp/en/jp/JVN46615026 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 1CVE-2023-29804
https://notcve.org/view.php?id=CVE-2023-29804
14 Apr 2023 — WFS-SR03 v1.0.3 was discovered to contain a command injection vulnerability via the sys_smb_pwdmod function. • https://sore-pail-31b.notion.site/command-injection-WFS-SR03-7cddf0ac85e54f8ba81d9b26b00ca5cd • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 1CVE-2023-29805
https://notcve.org/view.php?id=CVE-2023-29805
14 Apr 2023 — WFS-SR03 v1.0.3 was discovered to contain a command injection vulnerability via the pro_stor_canceltrans_handler_part_19 function. • https://sore-pail-31b.notion.site/Command-Injection-2-WFS-SR03-436d09790c2f4e31b197c39711e17775 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 2%CPEs: 36EXPL: 3CVE-2019-19822 – Realtek SDK Information Disclosure / Code Execution
https://notcve.org/view.php?id=CVE-2019-19822
24 Jan 2020 — A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) allows remote attackers to retrieve the configuration, including sensitive data (usernames and passwords). This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0; Rutek RTK 11N AP through 2019-12-12; Sapido GR297n through 2019-12-12; CIK TELECOM MESH ROUTER through 201... • http://opensource.actiontec.com/sourcecode/wcb3000x/wecb3000n_gpl_0.16.8.4.tgz • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 1%CPEs: 36EXPL: 3CVE-2019-19823 – Realtek SDK Information Disclosure / Code Execution
https://notcve.org/view.php?id=CVE-2019-19823
24 Jan 2020 — A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) stores cleartext administrative passwords in flash memory and in a file. This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0; Rutek RTK 11N AP through 2019-12-12; Sapido GR297n through 2019-12-12; CIK TELECOM MESH ROUTER through 2019-12-12; KCTVJEJU Wireless AP thro... • http://opensource.actiontec.com/sourcecode/wcb3000x/wecb3000n_gpl_0.16.8.4.tgz • CWE-522: Insufficiently Protected Credentials •
CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 0CVE-2018-0663
https://notcve.org/view.php?id=CVE-2018-0663
07 Sep 2018 — Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) use hardcoded credentials which may allow an remote authenticated attacker to execute arbitrary OS commands on the device via unspecified vector. Múltiples productos de cámaras web I-O DATA (TS-WRLP firmware Ver.1.09.04 y anteriores, TS-WRLA firmware Ver.1.09.04 y anteriores, TS-WRLP/E firmware Ver.1.09.04 y anteriores) emplean credenciale... • http://jvn.jp/en/jp/JVN83701666/index.html • CWE-798: Use of Hard-coded Credentials •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-0661
https://notcve.org/view.php?id=CVE-2018-0661
07 Sep 2018 — Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) allow an attacker on the same network segment to bypass access restriction to add files on a specific directory that may result in executing arbitrary OS commands/code or information including credentials leakage or alteration. Múltiples productos de cámaras web I-O DATA (TS-WRLP firmware Ver.1.09.04 y anteriores, TS-WRLA firmware Ver.1.09... • http://jvn.jp/en/jp/JVN83701666/index.html •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2018-0662
https://notcve.org/view.php?id=CVE-2018-0662
07 Sep 2018 — Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) allow an attacker on the same network segment to add malicious files on the device and execute arbitrary code. Múltiples productos de cámaras web I-O DATA (TS-WRLP firmware Ver.1.09.04 y anteriores, TS-WRLA firmware Ver.1.09.04 y anteriores, TS-WRLP/E firmware Ver.1.09.04 y anteriores) permiten que un atacante en el mismo segmento de red a... • http://jvn.jp/en/jp/JVN83701666/index.html •
CVSS: 7.7EPSS: 0%CPEs: 90EXPL: 0CVE-2018-0512
https://notcve.org/view.php?id=CVE-2018-0512
08 Feb 2018 — Devices with IP address setting tool "MagicalFinder" provided by I-O DATA DEVICE, INC. allow authenticated attackers to execute arbitrary OS commands via unspecified vectors. Los dispositivos con la herramienta de configuración de direcciones IP MagicalFinder proporcionada por I-O DATA DEVICE, INC. permiten que atacantes autenticados ejecuten comandos arbitrarios del sistema operativo mediante vectores sin especificar. • http://www.iodata.jp/support/information/2018/magicalfinder • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •