» 2023 » 8월

CVE-2023-40840

Posted on 2023년 8월 31일2023년 8월 31일 by admin

CVE-2023-40840

Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function "fromGetWirelessRepeat."

Source: CVE-2023-40840

CVE-2023-40595

Posted on 2023년 8월 31일2023년 8월 31일 by admin

CVE-2023-40595

In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can execute a specially crafted query that they can then use to serialize untrusted data. The attacker can use the query to execute arbitrary code.

Source: CVE-2023-40595

CVE-2023-40847

Posted on 2023년 8월 31일2023년 8월 31일 by admin

CVE-2023-40847

Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via the function "initIpAddrInfo." In the function, it reads in a user-provided parameter, and the variable is passed to the function without any length check.

Source: CVE-2023-40847

CVE-2023-40596

Posted on 2023년 8월 31일2023년 8월 31일 by admin

CVE-2023-40596

In Splunk Enterprise versions earlier than 8.2.12, 9.0.6, and 9.1.1, a dynamic link library (DLL) that ships with Splunk Enterprise references an insecure path for the OPENSSLDIR build definition. An attacker can abuse this reference and subsequently install malicious code to achieve privilege escalation on the Windows machine.

Source: CVE-2023-40596

CVE-2023-40848

Posted on 2023년 8월 31일2023년 8월 31일 by admin

CVE-2023-40848

Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via the function "sub_7D858."

Source: CVE-2023-40848

CVE-2023-40843

Posted on 2023년 8월 31일2023년 8월 31일 by admin

CVE-2023-40843

Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function "sub_73004."

Source: CVE-2023-40843

CVE-2023-40837

Posted on 2023년 8월 31일2023년 8월 31일 by admin

CVE-2023-40837

Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function ‘sub_ADD50’ contains a command execution vulnerability. In the "formSetIptv" function, obtaining the "list" and "vlanId" fields, unfiltered passing these two fields as parameters to the "sub_ADD50" function to execute commands.

Source: CVE-2023-40837

CVE-2023-40598

Posted on 2023년 8월 31일2023년 8월 31일 by admin

CVE-2023-40598

In Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1, an attacker can create an external lookup that calls a legacy internal function. The attacker can use this internal function to insert code into the Splunk platform installation directory. From there, a user can execute arbitrary code on the Splunk platform Instance.

Source: CVE-2023-40598

CVE-2023-40839

Posted on 2023년 8월 31일2023년 8월 31일 by admin

CVE-2023-40839

Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function ‘sub_ADF3C’ contains a command execution vulnerability. In the "formSetIptv" function, obtaining the "list" and "vlanId" fields, unfiltered passing these two fields as parameters to the "sub_ADF3C" function to execute commands.

Source: CVE-2023-40839

CVE-2023-40838

Posted on 2023년 8월 31일2023년 8월 31일 by admin

CVE-2023-40838

Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function ‘sub_3A1D0’ contains a command execution vulnerability.

Source: CVE-2023-40838