Total
9527 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-0537 | 1 Tenda | 2 W9, W9 Firmware | 2024-04-11 | 9.0 HIGH | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in Tenda W9 1.0.0.7(4456). This affects the function setWrlBasicInfo of the component httpd. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250707. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-0536 | 1 Tenda | 2 W9, W9 Firmware | 2024-04-11 | 9.0 HIGH | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in Tenda W9 1.0.0.7(4456). Affected by this issue is the function setWrlAccessList of the component httpd. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250706 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-0534 | 1 Tenda | 2 A15, A15 Firmware | 2024-04-11 | 8.3 HIGH | 7.2 HIGH |
| A vulnerability classified as critical has been found in Tenda A15 15.13.07.13. Affected is an unknown function of the file /goform/SetOnlineDevName of the component Web-based Management Interface. The manipulation of the argument mac leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250704. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-0533 | 1 Tenda | 2 A15, A15 Firmware | 2024-04-11 | 8.3 HIGH | 7.2 HIGH |
| A vulnerability was found in Tenda A15 15.13.07.13. It has been rated as critical. This issue affects some unknown processing of the file /goform/SetOnlineDevName of the component Web-based Management Interface. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250703. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-0532 | 1 Tenda | 2 A15, A15 Firmware | 2024-04-11 | 8.3 HIGH | 7.2 HIGH |
| A vulnerability was found in Tenda A15 15.13.07.13. It has been declared as critical. This vulnerability affects unknown code of the file /goform/WifiExtraSet of the component Web-based Management Interface. The manipulation of the argument wpapsk_crypto2_4g leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250702 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-0531 | 1 Tenda | 2 A15, A15 Firmware | 2024-04-11 | 8.3 HIGH | 7.2 HIGH |
| A vulnerability was found in Tenda A15 15.13.07.13. It has been classified as critical. This affects an unknown part of the file /goform/setBlackRule of the component Web-based Management Interface. The manipulation of the argument deviceList leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250701 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-7222 | 1 Totolink | 2 X2000r, X2000r Firmware | 2024-04-11 | 8.3 HIGH | 9.8 CRITICAL |
| A vulnerability was found in Totolink X2000R 1.0.0-B20221212.1452. It has been declared as critical. This vulnerability affects the function formTmultiAP of the file /bin/boa of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249856. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-7214 | 1 Totolink | 2 N350rt, N350rt Firmware | 2024-04-11 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability, which was classified as critical, has been found in Totolink N350RT 9.3.5u.6139_B20201216. Affected by this issue is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument v8 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249770 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-7213 | 1 Totolink | 2 N350rt, N350rt Firmware | 2024-04-11 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability classified as critical was found in Totolink N350RT 9.3.5u.6139_B20201216. Affected by this vulnerability is the function main of the file /cgi-bin/cstecgi.cgi?action=login&flag=1 of the component HTTP POST Request Handler. The manipulation of the argument v33 leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249769 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-7208 | 1 Totolink | 2 X2000r, X2000r Firmware | 2024-04-11 | 7.7 HIGH | 9.8 CRITICAL |
| A vulnerability classified as critical was found in Totolink X2000R_V2 2.0.0-B20230727.10434. This vulnerability affects the function formTmultiAP of the file /bin/boa. The manipulation leads to buffer overflow. VDB-249742 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-7158 | 1 Micropython | 1 Micropython | 2024-04-11 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability was found in MicroPython up to 1.21.0. It has been classified as critical. Affected is the function slice_indices of the file objslice.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.22.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-249180. | |||||
| CVE-2023-6888 | 1 Phz76 | 1 Rtspserver | 2024-04-11 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability classified as critical was found in PHZ76 RtspServer 1.0.0. This vulnerability affects the function ParseRequestLine of the file RtspMesaage.cpp. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248248. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-5944 | 1 Deltaww | 1 Dopsoft | 2024-04-11 | N/A | 7.8 HIGH |
| Delta Electronics DOPSoft is vulnerable to a stack-based buffer overflow, which may allow for arbitrary code execution if an attacker can lead a legitimate user to execute a specially crafted file. | |||||
| CVE-2023-4744 | 1 Tenda | 2 Ac8, Ac8 Firmware | 2024-04-11 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability was found in Tenda AC8 16.03.34.06_cn_TDC01. It has been declared as critical. Affected by this vulnerability is the function formSetDeviceName. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-238633 was assigned to this vulnerability. | |||||
| CVE-2023-45225 | 1 Zavio | 22 B8220, B8220 Firmware, B8520 and 19 more | 2024-04-11 | N/A | 9.8 CRITICAL |
| Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to multiple instances of stack-based overflows. While parsing certain XML elements from incoming network requests, the product does not sufficiently check or validate allocated buffer size. This may lead to remote code execution. | |||||
| CVE-2023-43755 | 1 Zavio | 22 B8220, B8220 Firmware, B8520 and 19 more | 2024-04-11 | N/A | 9.8 CRITICAL |
| Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to multiple instances of stack-based overflows. During the processing and parsing of certain fields in XML elements from incoming network requests, the product does not sufficiently check or validate allocated buffer size. This may lead to remote code execution. | |||||
| CVE-2023-3959 | 1 Zavio | 22 B8220, B8220 Firmware, B8520 and 19 more | 2024-04-11 | N/A | 9.8 CRITICAL |
| Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to multiple instances of stack-based overflows. While processing XML elements from incoming network requests, the product does not sufficiently check or validate allocated buffer size. This may lead to remote code execution. | |||||
| CVE-2023-3495 | 1 Hitachi | 1 Eh-view | 2024-04-11 | N/A | 7.8 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** Out-of-bounds Write vulnerability in Hitachi EH-VIEW (KeypadDesigner) allows local attackers to potentially execute arbitray code on affected EH-VIEW installations. User interaction is required to exploit the vulnerabilities in that the user must open a malicious file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2023-39985 | 1 Hitachi | 1 Eh-view | 2024-04-11 | N/A | 7.8 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** Out-of-bounds Write vulnerability in Hitachi EH-VIEW (Designer) allows local attackers to potentially execute arbitray code on affected EH-VIEW installations. User interaction is required to exploit the vulnerabilities in that the user must open a malicious file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2023-39435 | 1 Zavio | 22 B8220, B8220 Firmware, B8520 and 19 more | 2024-04-11 | N/A | 9.8 CRITICAL |
| Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to stack-based overflows. During the process of updating certain settings sent from incoming network requests, the product does not sufficiently check or validate allocated buffer size. This may lead to remote code execution. | |||||