CVE-2022-37842
In TOTOLINK A860R V4.1.2cu.5182_B20201027, the parameters in infostat.cgi are not filtered, causing a buffer overflow vulnerability.
Source: CVE-2022-37842
[월:] 2022년 09월
CVE-2022-37840
CVE-2022-37840
In TOTOLINK A860R V4.1.2cu.5182_B20201027, the main function in downloadfile.cgi has a buffer overflow vulnerability.
Source: CVE-2022-37840
CVE-2022-36584
CVE-2022-36584
In Tenda G3 US_G3V3.0br_V15.11.0.6(7663)_EN_TDE, the getsinglepppuser function has a buffer overflow caused by sscanf.
Source: CVE-2022-36584
CVE-2022-37839
CVE-2022-37839
TOTOLINK A860R V4.1.2cu.5182_B20201027 is vulnerable to Buffer Overflow via Cstecgi.cgi.
Source: CVE-2022-37839
CVE-2022-40112
CVE-2022-40112
TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable Buffer Overflow via the hostname parameter in binary /bin/boa.
Source: CVE-2022-40112
CVE-2022-37841
CVE-2022-37841
In TOTOLINK A860R V4.1.2cu.5182_B20201027 there is a hard coded password for root in /etc/shadow.sample.
Source: CVE-2022-37841
CVE-2022-40111
CVE-2022-40111
In TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 in the shadow.sample file, root is hardcoded in the firmware.
Source: CVE-2022-40111
CVE-2022-40109
CVE-2022-40109
TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable to Insecure Permissions via binary /bin/boa.
Source: CVE-2022-40109
CVE-2022-40110
CVE-2022-40110
TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable to Buffer Overflow via /bin/boa.
Source: CVE-2022-40110
CVE-2021-43080
CVE-2021-43080
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS version 7.2.0, version 6.4.0 through 6.4.9, version 7.0.0 through 7.0.5 may allow an authenticated attacker to perform a stored cross site scripting (XSS) attack through the URI parameter via the Threat Feed IP address section of the Security Fabric External connectors.
Source: CVE-2021-43080