Security Vulnerabilities, CVEs

CVE-2023-51099

Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formexeCommand .
Max CVSS
9.8
Published
2023-12-26
Updated
2023-12-30
EPSS
0.13%

CVE-2023-51098

Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formSetDiagnoseInfo .
Max CVSS
9.8
Published
2023-12-26
Updated
2023-12-30
EPSS
0.13%

CVE-2023-51097

Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a stack overflow via the function formSetAutoPing.
Max CVSS
9.8
Published
2023-12-26
Updated
2023-12-30
EPSS
0.09%

CVE-2023-51095

Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function formDelWlRfPolicy.
Max CVSS
9.8
Published
2023-12-26
Updated
2023-12-30
EPSS
0.09%

CVE-2023-51094

Tenda M3 V1.0.0.12(4856) was discovered to contain a Command Execution vulnerability via the function TendaTelnet.
Max CVSS
9.8
Published
2023-12-26
Updated
2023-12-30
EPSS
0.17%

CVE-2023-51093

Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function fromSetLocalVlanInfo.
Max CVSS
9.8
Published
2023-12-26
Updated
2023-12-30
EPSS
0.09%

CVE-2023-51092

Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function upgrade.
Max CVSS
9.8
Published
2023-12-26
Updated
2023-12-30
EPSS
0.09%

CVE-2023-51091

Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function R7WebsSecurityHandler.
Max CVSS
9.8
Published
2023-12-26
Updated
2023-12-30
EPSS
0.09%

CVE-2023-51090

Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function formGetWeiXinConfig.
Max CVSS
9.8
Published
2023-12-26
Updated
2023-12-30
EPSS
0.09%

CVE-2023-51084

hyavijava v6.0.07.1 was discovered to contain a stack overflow via the ResultConverter.convert2Xml method.
Max CVSS
0.0
Published
2023-12-27
Updated
2023-12-27
EPSS
0.06%

CVE-2023-51080

The NumberUtil.toBigDecimal method in hutool-core v5.8.23 was discovered to contain a stack overflow.
Max CVSS
0.0
Published
2023-12-27
Updated
2023-12-27
EPSS
0.06%

CVE-2023-51079

A TimeOut error exists in the ParseTools.subCompileExpression method in mvel2 v2.5.0 Final.
Max CVSS
0.0
Published
2023-12-27
Updated
2023-12-27
EPSS
0.04%

CVE-2023-51075

hutool-core v5.8.23 was discovered to contain an infinite loop in the StrSplitter.splitByRegex function. This vulnerability allows attackers to cause a Denial of Service (DoS) via manipulation of the first two parameters.
Max CVSS
0.0
Published
2023-12-27
Updated
2023-12-27
EPSS
0.04%

CVE-2023-51074

json-path v2.8.0 was discovered to contain a stack overflow via the Criteria.parse() method.
Max CVSS
0.0
Published
2023-12-27
Updated
2023-12-27
EPSS
0.06%

CVE-2023-51052

S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_formauth parameter at /admin/ajax.php.
Max CVSS
9.8
Published
2023-12-21
Updated
2023-12-29
EPSS
0.08%

CVE-2023-51051

S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_textauth parameter at /admin/ajax.php.
Max CVSS
9.8
Published
2023-12-21
Updated
2023-12-29
EPSS
0.08%

CVE-2023-51050

S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_productauth parameter at /admin/ajax.php.
Max CVSS
9.8
Published
2023-12-21
Updated
2023-12-27
EPSS
0.08%

CVE-2023-51049

S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_bbsauth parameter at /admin/ajax.php.
Max CVSS
9.8
Published
2023-12-21
Updated
2023-12-27
EPSS
0.08%

CVE-2023-51048

S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_newsauth parameter at /admin/ajax.php.
Max CVSS
9.8
Published
2023-12-21
Updated
2023-12-27
EPSS
0.08%

CVE-2023-51035

TOTOLINK EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution on the cstecgi.cgi NTPSyncWithHost interface.
Max CVSS
0.0
Published
2023-12-22
Updated
2023-12-22
EPSS
0.04%

CVE-2023-51034

TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi UploadFirmwareFile interface.
Max CVSS
0.0
Published
2023-12-22
Updated
2023-12-22
EPSS
0.04%

CVE-2023-51033

TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi setOpModeCfg interface.
Max CVSS
9.8
Published
2023-12-22
Updated
2023-12-29
EPSS
0.19%

CVE-2023-51028

TOTOLINK EX1800T 9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the apcliChannel parameter of the setWiFiExtenderConfig interface of the cstecgi.cgi.
Max CVSS
9.8
Published
2023-12-22
Updated
2023-12-29
EPSS
0.19%

CVE-2023-51027

TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘apcliAuthMode’ parameter of the setWiFiExtenderConfig interface of the cstecgi .cgi.
Max CVSS
9.8
Published
2023-12-22
Updated
2023-12-27
EPSS
0.19%

CVE-2023-51026

TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘hour’ parameter of the setRebootScheCfg interface of the cstecgi .cgi.
Max CVSS
9.8
Published
2023-12-22
Updated
2023-12-27
EPSS
0.19%
50 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 ...... 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50