Total
2592 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-8579 | 1 Totolink | 2 T8, T8 Firmware | 2024-09-10 | 9.0 HIGH | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220. This affects the function setWiFiRepeaterCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-8573 | 1 Totolink | 4 T10, T10 Firmware, T8 and 1 more | 2024-09-10 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability, which was classified as critical, was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. This affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-8576 | 1 Totolink | 4 T10, T10 Firmware, T8 and 1 more | 2024-09-09 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. It has been classified as critical. Affected is the function setIpPortFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-8577 | 1 Totolink | 4 T10, T10 Firmware, T8 and 1 more | 2024-09-09 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. It has been declared as critical. Affected by this vulnerability is the function setStaticDhcpRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-8575 | 1 Totolink | 2 T8, T8 Firmware | 2024-09-09 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220 and classified as critical. This issue affects the function setWiFiScheduleCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-8578 | 1 Totolink | 2 T8, T8 Firmware | 2024-09-09 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220. It has been rated as critical. Affected by this issue is the function setWiFiMeshName of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument device_name leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-5412 | 1 Zyxel | 100 Ax7501-b0, Ax7501-b0 Firmware, Ax7501-b1 and 97 more | 2024-09-06 | N/A | 7.5 HIGH |
| A buffer overflow vulnerability in the library "libclinkc" of the Zyxel VMG8825-T50K firmware version 5.50(ABOM.8)C0 could allow an unauthenticated attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device. | |||||
| CVE-2024-6343 | 1 Zyxel | 16 Atp100, Atp100w, Atp200 and 13 more | 2024-09-05 | N/A | 4.9 MEDIUM |
| A buffer overflow vulnerability in the CGI program of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an authenticated attacker with administrator privileges to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device. | |||||
| CVE-2024-33052 | 1 Qualcomm | 406 205 Mobile, 205 Mobile Firmware, 215 Mobile and 403 more | 2024-09-04 | N/A | 7.8 HIGH |
| Memory corruption when user provides data for FM HCI command control operations. | |||||
| CVE-2024-33042 | 1 Qualcomm | 406 205, 205 Firmware, 215 and 403 more | 2024-09-04 | N/A | 7.8 HIGH |
| Memory corruption when Alternative Frequency offset value is set to 255. | |||||
| CVE-2024-33054 | 1 Qualcomm | 66 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6900 and 63 more | 2024-09-04 | N/A | 7.8 HIGH |
| Memory corruption during the handshake between the Primary Virtual Machine and Trusted Virtual Machine. | |||||
| CVE-2024-41435 | 2024-09-03 | N/A | 7.5 HIGH | ||
| YugabyteDB v2.21.1.0 was discovered to contain a buffer overflow via the "insert into" parameter. | |||||
| CVE-2024-41436 | 2024-09-03 | N/A | 7.5 HIGH | ||
| ClickHouse v24.3.3.102 was discovered to contain a buffer overflow via the component DB::evaluateConstantExpressionImpl. | |||||
| CVE-2024-8078 | 1 Totolink | 2 Ac1200 T8, T8 Firmware | 2024-08-29 | 9.0 HIGH | 9.8 CRITICAL |
| A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been declared as critical. This vulnerability affects the function setTracerouteCfg. The manipulation leads to buffer overflow. The attack can be initiated remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-8079 | 1 Totolink | 2 Ac1200 T8, T8 Firmware | 2024-08-29 | 9.0 HIGH | 9.8 CRITICAL |
| A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been rated as critical. This issue affects the function exportOvpn. The manipulation leads to buffer overflow. The attack may be initiated remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-8076 | 1 Totolink | 2 Ac1200 T8, T8 Firmware | 2024-08-29 | 9.0 HIGH | 9.8 CRITICAL |
| A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228 and classified as critical. Affected by this issue is the function setDiagnosisCfg. The manipulation leads to buffer overflow. The attack may be launched remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-34198 | 2024-08-29 | N/A | 9.8 CRITICAL | ||
| TOTOLINK AC1200 Wireless Router A3002RU V2.1.1-B20230720.1011 is vulnerable to Buffer Overflow. The formWlEncrypt CGI handler in the boa program fails to limit the length of the wlan_ssid field from user input. This allows attackers to craft malicious HTTP requests by supplying an excessively long value for the wlan_ssid field, leading to a stack overflow. This can be further exploited to execute arbitrary commands or launch denial-of-service attacks. | |||||
| CVE-2024-41285 | 1 Fastcom | 2 Fw300r, Fw300r Firmware | 2024-08-27 | N/A | 9.8 CRITICAL |
| A stack overflow in FAST FW300R v1.3.13 Build 141023 Rel.61347n allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via a crafted file path. | |||||
| CVE-2024-45237 | 1 Nicmx | 1 Fort-validator | 2024-08-27 | N/A | 9.8 CRITICAL |
| An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a resource certificate containing a Key Usage extension composed of more than two bytes of data. Fort writes this string into a 2-byte buffer without properly sanitizing its length, leading to a buffer overflow. | |||||
| CVE-2024-44555 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2024-08-27 | N/A | 9.8 CRITICAL |
| Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function setIptvInfo. | |||||