‼ CVE-2021-44246 ‼
📖 Read
via "National Vulnerability Database".
Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B20191112, and A720R v4.1.5cu.470_B20200911 were discovered to contain a stack overflow in the function setNoticeCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the IpTo parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45734 ‼
📖 Read
via "National Vulnerability Database".
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setUrlFilterRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via the url parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44881 ‼
📖 Read
via "National Vulnerability Database".
D-Link device DIR_882 DIR_882_FW1.30B06_Hotfix_02 was discovered to contain a command injection vulnerability in the twsystem function. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46231 ‼
📖 Read
via "National Vulnerability Database".
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function urlrd_opt.asp. This vulnerability allows attackers to execute arbitrary commands via the url_en parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24151 ‼
📖 Read
via "National Vulnerability Database".
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetWifiGusetBasic. This vulnerability allows attackers to cause a Denial of Service (DoS) via the shareSpeed parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24171 ‼
📖 Read
via "National Vulnerability Database".
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetPppoeServer. This vulnerability allows attackers to execute arbitrary commands via the pppoeServerIP, pppoeServerStartIP, and pppoeServerEndIP parameters.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24160 ‼
📖 Read
via "National Vulnerability Database".
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetDeviceName. This vulnerability allows attackers to cause a Denial of Service (DoS) via the devName parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45736 ‼
📖 Read
via "National Vulnerability Database".
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setL2tpServerCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the eip, sip, server parameters.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24159 ‼
📖 Read
via "National Vulnerability Database".
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetPPTPServer. This vulnerability allows attackers to cause a Denial of Service (DoS) via the startIp and endIp parameters.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24165 ‼
📖 Read
via "National Vulnerability Database".
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetQvlanList. This vulnerability allows attackers to execute arbitrary commands via the qvlanIP parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45992 ‼
📖 Read
via "National Vulnerability Database".
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetQvlanList. This vulnerability allows attackers to cause a Denial of Service (DoS) via the qvlanName parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24155 ‼
📖 Read
via "National Vulnerability Database".
Tenda AX3 v16.03.12.10_CN was discovered to contain a heap overflow in the function setSchedWifi. This vulnerability allows attackers to cause a Denial of Service (DoS) via the schedStartTime and schedEndTime parameters.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45986 ‼
📖 Read
via "National Vulnerability Database".
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetUSBShareInfo. This vulnerability allows attackers to execute arbitrary commands via the usbOrdinaryUserName parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45991 ‼
📖 Read
via "National Vulnerability Database".
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formAddVpnUsers. This vulnerability allows attackers to cause a Denial of Service (DoS) via the vpnUsers parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46228 ‼
📖 Read
via "National Vulnerability Database".
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function httpd_debug.asp. This vulnerability allows attackers to execute arbitrary commands via the time parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46232 ‼
📖 Read
via "National Vulnerability Database".
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function version_upgrade.asp. This vulnerability allows attackers to execute arbitrary commands via the path parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45742 ‼
📖 Read
via "National Vulnerability Database".
TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24170 ‼
📖 Read
via "National Vulnerability Database".
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetIpSecTunnel. This vulnerability allows attackers to execute arbitrary commands via the IPsecLocalNet and IPsecRemoteNet parameters.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45998 ‼
📖 Read
via "National Vulnerability Database".
D-Link device DIR_882 DIR_882_FW1.30B06_Hotfix_02 was discovered to contain a command injection vulnerability in the LocalIPAddress parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44247 ‼
📖 Read
via "National Vulnerability Database".
Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B20191112, and A720R v4.1.5cu.470_B20200911 were discovered to contain command injection vulnerability in the function setNoticeCfg. This vulnerability allows attackers to execute arbitrary commands via the IpFrom parameter.📖 Read
via "National Vulnerability Database".
🗓️ Open Source Security Foundation launches new initiative to stem the tide of software supply chain attacks 🗓️
📖 Read
via "The Daily Swig".
Alpha-Omega Project aims to improve software supply chain security for 10,000 OSS projects📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Open Source Security Foundation launches new initiative to stem the tide of software supply chain attacks
Alpha-Omega Project aims to improve software supply chain security for 10,000 OSS projects