CVE-2021-25810
Cross site Scripting (XSS) vulnerability in MERCUSYS Mercury X18G 1.0.5 devices, via crafted values to the ‘src_dport_start’, ‘src_dport_end’, and ‘dest_port’ parameters.
Source: CVE-2021-25810
[월:] 2021년 04월
CVE-2021-30219
CVE-2021-30219
samurai 1.2 has a NULL pointer dereference in printstatus() function in build.c via a crafted build file.
Source: CVE-2021-30219
CVE-2021-30218
CVE-2021-30218
samurai 1.2 has a NULL pointer dereference in writefile() in util.c via a crafted build file.
Source: CVE-2021-30218
CVE-2021-30027
CVE-2021-30027
md_analyze_line in md4c.c in md4c 0.4.7 allows attackers to trigger use of uninitialized memory, and cause a denial of service via a malformed Markdown document.
Source: CVE-2021-30027
CVE-2021-30224
CVE-2021-30224
Cross Site Request Forgery (CSRF) in Rukovoditel v2.8.3 allows attackers to create an admin user with an arbitrary credentials.
Source: CVE-2021-30224
CVE-2020-21997
CVE-2020-21997
Smartwares HOME easy <=1.0.9 is vulnerable to an unauthenticated database backup download and information disclosure vulnerability. An attacker could disclose sensitive and clear-text information resulting in authentication bypass, session hijacking and full system control.
Source: CVE-2020-21997
CVE-2021-20090
CVE-2021-20090
A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthenticated remote attackers to bypass authentication.
Source: CVE-2021-20090
CVE-2020-21995
CVE-2020-21995
Inim Electronics Smartliving SmartLAN/G/SI <=6.x uses default hardcoded credentials. An attacker could exploit this to gain Telnet, SSH and FTP access to the system.
Source: CVE-2020-21995
CVE-2020-21992
CVE-2020-21992
Inim Electronics SmartLiving SmartLAN/G/SI <=6.x suffers from an authenticated remote command injection vulnerability. The issue exist due to the ‘par’ POST parameter not being sanitized when called with the ‘testemail’ module through web.cgi binary. The vulnerable CGI binary (ELF 32-bit LSB executable, ARM) is calling the ‘sh’ executable via the system() function to issue a command using the mailx service and its vulnerable string format parameter allowing for OS command injection with root privileges. An attacker can remotely execute system commands as the root user using default credentials and bypass access controls in place.
Source: CVE-2020-21992
CVE-2021-20091
CVE-2021-20091
The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 do not properly sanitize user input. An authenticated remote attacker could leverage this vulnerability to alter device configuration, potentially gaining remote code execution.
Source: CVE-2021-20091