Show filters
772 Total Results
Displaying 31-40 of 772
Sort by:
Attacker Value
Unknown
CVE-2020-3431
Disclosure Date: November 18, 2024 (last updated November 19, 2024)
A vulnerability in the web-based management interface of Cisco Small Business RV042 Dual WAN VPN Routers and Cisco Small Business RV042G Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.
The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
0
Attacker Value
Unknown
CVE-2020-26071
Disclosure Date: November 18, 2024 (last updated November 19, 2024)
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to create or overwrite arbitrary files on an affected device, which could result in a denial of service (DoS) condition.
The vulnerability is due to insufficient input validation for specific commands. An attacker could exploit this vulnerability by including crafted arguments to those specific commands. A successful exploit could allow the attacker to create or overwrite arbitrary files on the affected device, which could result in a DoS condition.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
0
Attacker Value
Unknown
CVE-2022-20655
Disclosure Date: November 15, 2024 (last updated January 06, 2025)
A vulnerability in the implementation of the CLI on a device that is running ConfD could allow an authenticated, local attacker to perform a command injection attack.
The vulnerability is due to insufficient validation of a process argument on an affected device. An attacker could exploit this vulnerability by injecting commands during the execution of this process. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privilege level of ConfD, which is commonly root.
0
Attacker Value
Unknown
CVE-2024-47799
Disclosure Date: November 12, 2024 (last updated November 12, 2024)
Exposure of sensitive system information to an unauthorized control sphere issue exists in Mesh Wi-Fi router RP562B firmware version v1.0.2 and earlier. If this vulnerability is exploited, a network-adjacent authenticated attacker may obtain information of the other devices connected through the Wi-Fi.
0
Attacker Value
Unknown
CVE-2024-45827
Disclosure Date: November 12, 2024 (last updated November 12, 2024)
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in Mesh Wi-Fi router RP562B firmware version v1.0.2 and earlier. If this vulnerability is exploited, a network-adjacent authenticated attacker may execute an arbitrary OS command.
0
Attacker Value
Unknown
CVE-2024-29075
Disclosure Date: November 12, 2024 (last updated November 12, 2024)
Active debug code vulnerability exists in Mesh Wi-Fi router RP562B firmware version v1.0.2 and earlier. If this vulnerability is exploited, a network-adjacent authenticated attacker may obtain or alter the settings of the device .
0
Attacker Value
Unknown
CVE-2024-9787
Disclosure Date: October 10, 2024 (last updated January 05, 2025)
A vulnerability, which was classified as problematic, was found in Contemporary Control System BASrouter BACnet BASRT-B 2.7.2. This affects an unknown part of the component UDP Packet Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
0
Attacker Value
Unknown
CVE-2024-20470
Disclosure Date: October 02, 2024 (last updated October 10, 2024)
A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. In order to exploit this vulnerability, the attacker must have valid admin credentials.
This vulnerability exists because the web-based management interface does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system.
0
Attacker Value
Unknown
CVE-2024-20393
Disclosure Date: October 02, 2024 (last updated October 09, 2024)
A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to elevate privileges on an affected device.
This vulnerability exists because the web-based management interface discloses sensitive information. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow an attacker to elevate privileges from guest to admin.
0
Attacker Value
Unknown
CVE-2024-47044
Disclosure Date: September 26, 2024 (last updated September 26, 2024)
Multiple Home GateWay/Hikari Denwa routers provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION are vulnerable to insufficient access restrictions for Device Setting pages. If this vulnerability is exploited, an attacker who identified WAN-side IPv6 address may access the product's Device Setting page via WAN-side. Note that, the same products are also provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION, but the vulnerability only affects products subscribed and used in NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION areas.
0