Filtered by CWE-120
Filtered by vendor Subscriptions
Total 3133 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-20454 1 Cisco 22 Spa 301 1 Line Ip Phone, Spa 301 Firmware, Spa 303 3 Line Ip Phone and 19 more 2024-08-25 9.8 Critical
Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system with root privileges. These vulnerabilities exist because incoming HTTP packets are not properly checked for errors, which could result in a buffer overflow. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to overflow an internal buffer and execute arbitrary commands at the root privilege level.
CVE-2024-20450 1 Cisco 23 Small Business Ip Phone Firmware, Spa 301 1 Line Ip Phone, Spa 301 Firmware and 20 more 2024-08-23 9.8 Critical
Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system with root privileges. These vulnerabilities exist because incoming HTTP packets are not properly checked for errors, which could result in a buffer overflow. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to overflow an internal buffer and execute arbitrary commands at the root privilege level.
CVE-2024-20451 1 Cisco 22 Spa 301 1 Line Ip Phone, Spa 301 Firmware, Spa 303 3 Line Ip Phone and 19 more 2024-08-23 7.5 High
Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly. These vulnerabilities exist because HTTP packets are not properly checked for errors. An attacker could exploit this vulnerability by sending a crafted HTTP packet to the remote interface of an affected device. A successful exploit could allow the attacker to cause a DoS condition on the device.
CVE-2024-7613 1 Tenda 2 Fh1206, Fh1206 Firmware 2024-08-21 8.8 High
A vulnerability was found in Tenda FH1206 1.2.0.8(8155) and classified as critical. This issue affects the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer. The manipulation of the argument dips leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-42813 1 Trendnet 1 Tew-752dru Firmware 2024-08-20 9.8 Critical
In TRENDnet TEW-752DRU FW1.03B01, there is a buffer overflow vulnerability due to the lack of length verification for the service field in gena.cgi. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands.
CVE-2024-7831 1 Dlink 40 Dnr-202l, Dnr-202l Firmware, Dnr-322l and 37 more 2024-08-19 8.8 High
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814 and classified as critical. Affected by this vulnerability is the function cgi_get_cooliris of the file /cgi-bin/photocenter_mgr.cgi. The manipulation of the argument path leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.
CVE-2024-7830 1 Dlink 40 Dnr-202l, Dnr-202l Firmware, Dnr-322l and 37 more 2024-08-19 8.8 High
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. Affected is the function cgi_move_photo of the file /cgi-bin/photocenter_mgr.cgi. The manipulation of the argument photo_name leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.
CVE-2024-7829 1 Dlink 40 Dnr-202l, Dnr-202l Firmware, Dnr-322l and 37 more 2024-08-19 8.8 High
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. This issue affects the function cgi_del_photo of the file /cgi-bin/photocenter_mgr.cgi. The manipulation of the argument current_path leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.
CVE-2024-7828 1 Dlink 40 Dnr-202l, Dnr-202l Firmware, Dnr-322l and 37 more 2024-08-19 8.8 High
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. This vulnerability affects the function cgi_set_cover of the file /cgi-bin/photocenter_mgr.cgi. The manipulation of the argument album_name leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.
CVE-2024-7832 1 Dlink 40 Dnr-202l, Dnr-202l Firmware, Dnr-322l and 37 more 2024-08-19 8.8 High
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814 and classified as critical. Affected by this issue is the function cgi_get_fullscreen_photos of the file /cgi-bin/photocenter_mgr.cgi. The manipulation of the argument user leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.
CVE-2024-7849 1 Dlink 20 Dnr-202l Firmware, Dnr-322l Firmware, Dnr-326 Firmware and 17 more 2024-08-19 8.8 High
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. This affects the function cgi_create_album of the file /cgi-bin/photocenter_mgr.cgi. The manipulation of the argument current_path leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.
CVE-2022-23817 1 Amd 128 Athlon 3000g Firmware, Athlon Gold 3150ge Firmware, Athlon Gold Pro 3150g Firmware and 125 more 2024-08-17 7 High
Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to read/write to the ASP Secure OS kernel virtual address space, potentially leading to privilege escalation.
CVE-2024-42546 1 Totolink 2 A3100r, A3100r Firmware 2024-08-15 9.8 Critical
TOTOLINK A3100R V4.1.2cu.5050_B20200504 has a buffer overflow vulnerability in the password parameter in the loginauth function.
CVE-2024-7462 1 Totolink 2 N350rt, N350rt Firmware 2024-08-15 8.8 High
A vulnerability classified as critical has been found in TOTOLINK N350RT 9.3.5u.6139_B20201216. This affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273555. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-7463 1 Totolink 2 Cp900, Cp900 Firmware 2024-08-15 8.8 High
A vulnerability classified as critical was found in TOTOLINK CP900 6.3c.566. This vulnerability affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273556. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-7465 1 Totolink 2 Cp450, Cp450 Firmware 2024-08-15 8.8 High
A vulnerability, which was classified as critical, was found in TOTOLINK CP450 4.1.0cu.747_B20191224. Affected is the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-273558 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-42543 1 Totolink 2 A3700r, A3700r Firmware 2024-08-13 8.8 High
TOTOLINK A3700R v9.1.2u.5822_B20200513 has a buffer overflow vulnerability in the http_host parameter in the loginauth function.
CVE-2024-42547 1 Totolink 2 A3100r, A3100r Firmware 2024-08-13 9.8 Critical
TOTOLINK A3100R V4.1.2cu.5050_B20200504 has a buffer overflow vulnerability in the http_host parameter in the loginauth function.
CVE-2024-42545 1 Totolink 2 A3700r, A3700r Firmware 2024-08-13 9.8 Critical
TOTOLINK A3700R v9.1.2u.5822_B20200513 has a buffer overflow vulnerability in the ssid parameter in setWizardCfg function.
CVE-2024-42520 1 Totolink 2 A3002r, A3002r Firmware 2024-08-13 9.8 Critical
TOTOLINK A3002R v4.0.0-B20230531.1404 contains a buffer overflow vulnerability in /bin/boa via formParentControl.