Show filters
192 Total Results
Displaying 191-192 of 192
Sort by:
Attacker Value
Unknown

CVE-2021-23242

Disclosure Date: January 07, 2021 (last updated February 22, 2025)
MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ to the UPnP server, as demonstrated by the /../../conf/template/uhttpd.json URI.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-23241

Disclosure Date: January 07, 2021 (last updated February 22, 2025)
MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ in conjunction with a loginLess or login.htm URI (for authentication bypass) to the web server, as demonstrated by the /loginLess/../../etc/passwd URI.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
View More Topics  < Previous