| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A security vulnerability has been identified that allows remote attackers to perform unauthorized file system access through a path traversal issue. The vulnerability may lead to remote code execution. |
| During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain admin control. This is limited to the setup phase, before any jobs have been configured. |
| A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk. |
| Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the wifiTimeClose parameter in goform/setWifi. |
| Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the onlineList parameter in goform/setParentControl. |
| Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow. via the macFilterList parameter in goform/setNAT. |
| Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the QosList parameter in goform/setQoS. |
| Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the portList parameter in /goform/setNAT. |
| Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the String parameter in the formDeleteMeshNode function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. |
| Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the rules parameter in the dns_forward_rule_store function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. |
| Use of Default Cryptographic Key (CWE-1394) |
| OS Command ('OS Command Injection') vulnerability in Calix GigaCenter ONT (Quantenna SoC modules) allows authenticated attackers with 'super' user credentials to execute arbitrary OS commands through improper input validation, potentially leading to full system compromise.This issue affects GigaCenter ONT: 844E, 844G, 844GE, 854GE. |
| Halo prior to 2.20.13 allows bypassing file type detection and uploading malicious files such as .exe and .html files. Specifically, .html files can trigger stored XSS vulnerabilities. This vulnerability is fixed in 2.20.13 |
| Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to gain unauthorized access with privileges of the compromised account. |
| Dell PowerProtect Data Manager, Hyper-V, version(s) 19.19 and 19.20, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access. |
| Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. |
| Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Path Traversal: '.../...//' vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacker. |
| Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution. |
| Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution. |
| Dell PowerProtect Data Manager, Generic Application Agent, version(s) 19.19 and 19.20, contain(s) an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. |
