CVE Notify
19.3K subscribers
4 photos
203K links
Alert on the latest CVEs

Partner channel: @malwr
Download Telegram
๐Ÿšจ CVE-2024-57483
Tenda i24 V2.0.0.5 is vulnerable to Buffer Overflow in the addWifiMacFilter function.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2025-22904
RE11S v1.11 was discovered to contain a stack overflow via the pptpUserName parameter in the setWAN function.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2025-22906
RE11S v1.11 was discovered to contain a command injection vulnerability via the L2TPUserName parameter at /goform/setWAN.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2025-22907
RE11S v1.11 was discovered to contain a stack overflow via the selSSID parameter in the formWlSiteSurvey function.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2025-22912
RE11S v1.11 was discovered to contain a command injection vulnerability via the component /goform/formAccept.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2025-22916
RE11S v1.11 was discovered to contain a stack overflow via the pppUserName parameter in the formPPPoESetup function.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2024-24442
A NULL pointer dereference in the ngap_app::handle_receive routine of OpenAirInterface CN5G AMF (oai-cn5g-amf) up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a crafted NGAP message.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2024-24444
Improper file descriptor handling for closed connections in OpenAirInterface CN5G AMF (oai-cn5g-amf) up to v2.0.0 allows attackers to cause a Denial of Service (DoS) by repeatedly establishing SCTP connections with the N2 interface.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2024-24445
OpenAirInterface CN5G AMF (oai-cn5g-amf) <= 2.0.0 contains a null dereference in its handling of unsupported NGAP protocol messages which allows an attacker with network-adjacent access to the AMF to carry out denial of service. When a procedure code/presence field tuple is received that is unsupported, OAI indexes into a null function pointer and subsequently dereferences it.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2024-24451
A stack overflow in the sctp_server::sctp_receiver_thread component of OpenAirInterface CN5G AMF (oai-cn5g-amf) up to v2.0.0 allows attackers to cause a Denial of Service (DoS) by repeatedly establishing SCTP connections with the N2 interface.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2024-24443
An uninitialized pointer dereference in the ngap_handle_pdu_session_resource_setup_response routine of OpenAirInterface CN5G AMF (oai-cn5g-amf) up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDU Session Resource Setup Response.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2023-36998
The NextEPC MME <= 1.0.1 (fixed in commit a8492c9c5bc0a66c6999cb5a263545b32a4109df) contains a stack-based buffer overflow vulnerability in the Emergency Number List decoding method. An attacker may send a NAS message containing an oversized Emergency Number List value to the MME to overwrite the stack with arbitrary bytes. An attacker with a cellphone connection to any base station managed by the MME may exploit this vulnerability without having to authenticate with the LTE core.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2024-57041
A persistent cross-site scripting (XSS) vulnerability in NodeBB v3.11.0 allows remote attackers to store arbitrary code in the 'about me' section of their profile.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2024-48417
Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable to Cross Site Scripting (XSS) in : /bin/goahead via /goform/setStaticRoute, /goform/fromSetFilterUrlFilter, and /goform/fromSetFilterClientFilter.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2024-48418
In Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06, the request /goform/fromSetDDNS does not properly handle special characters in any of user provided parameters, allowing an attacker with access to the web interface to inject and execute arbitrary shell commands.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2024-48419
Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 suffers from Command Injection issues in /bin/goahead. Specifically, these issues can be triggered through /goform/tracerouteDiagnosis, /goform/pingDiagnosis, and /goform/fromSysToolPingCmd Each of these issues allows an attacker with access to the web interface to inject and execute arbitrary shell commands, with "root" privileges.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2024-34896
An issue in Nedis SmartLife Video Doorbell (WIFICDP10GY), Nedis SmartLife IOS v1.4.0 causes users who are disconnected from a previous peer-to-peer connection with the device to still have access to live video feed.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2024-34897
Nedis SmartLife android app v1.4.0 was discovered to contain an API key disclosure vulnerability.

๐ŸŽ–@cveNotify