CVE Notify
19.3K subscribers
4 photos
203K links
Alert on the latest CVEs

Partner channel: @malwr
Download Telegram
๐Ÿšจ CVE-2024-57471
H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the 2.4G wireless network processing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2024-57479
H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the mac address update function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2024-57480
H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the AP configuration function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2024-57482
H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the 5G wireless network processing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2024-42911
ECOVACS Robotics Deebot T20 OMNI and T20e OMNI before 1.24.0 was discovered to contain a WiFi Remote Code Execution vulnerability.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2024-57473
H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the mac address editing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2024-57483
Tenda i24 V2.0.0.5 is vulnerable to Buffer Overflow in the addWifiMacFilter function.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2025-22904
RE11S v1.11 was discovered to contain a stack overflow via the pptpUserName parameter in the setWAN function.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2025-22906
RE11S v1.11 was discovered to contain a command injection vulnerability via the L2TPUserName parameter at /goform/setWAN.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2025-22907
RE11S v1.11 was discovered to contain a stack overflow via the selSSID parameter in the formWlSiteSurvey function.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2025-22912
RE11S v1.11 was discovered to contain a command injection vulnerability via the component /goform/formAccept.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2025-22916
RE11S v1.11 was discovered to contain a stack overflow via the pppUserName parameter in the formPPPoESetup function.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2024-24442
A NULL pointer dereference in the ngap_app::handle_receive routine of OpenAirInterface CN5G AMF (oai-cn5g-amf) up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a crafted NGAP message.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2024-24444
Improper file descriptor handling for closed connections in OpenAirInterface CN5G AMF (oai-cn5g-amf) up to v2.0.0 allows attackers to cause a Denial of Service (DoS) by repeatedly establishing SCTP connections with the N2 interface.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2024-24445
OpenAirInterface CN5G AMF (oai-cn5g-amf) <= 2.0.0 contains a null dereference in its handling of unsupported NGAP protocol messages which allows an attacker with network-adjacent access to the AMF to carry out denial of service. When a procedure code/presence field tuple is received that is unsupported, OAI indexes into a null function pointer and subsequently dereferences it.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2024-24451
A stack overflow in the sctp_server::sctp_receiver_thread component of OpenAirInterface CN5G AMF (oai-cn5g-amf) up to v2.0.0 allows attackers to cause a Denial of Service (DoS) by repeatedly establishing SCTP connections with the N2 interface.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2024-24443
An uninitialized pointer dereference in the ngap_handle_pdu_session_resource_setup_response routine of OpenAirInterface CN5G AMF (oai-cn5g-amf) up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDU Session Resource Setup Response.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2023-36998
The NextEPC MME <= 1.0.1 (fixed in commit a8492c9c5bc0a66c6999cb5a263545b32a4109df) contains a stack-based buffer overflow vulnerability in the Emergency Number List decoding method. An attacker may send a NAS message containing an oversized Emergency Number List value to the MME to overwrite the stack with arbitrary bytes. An attacker with a cellphone connection to any base station managed by the MME may exploit this vulnerability without having to authenticate with the LTE core.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2024-57041
A persistent cross-site scripting (XSS) vulnerability in NodeBB v3.11.0 allows remote attackers to store arbitrary code in the 'about me' section of their profile.

๐ŸŽ–@cveNotify