B2eFly/Router

GitHub

github.com

Unavailable

This project is no longer available (or publicly accessible) from GitHub

Releases0

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-27076 ↗	Apr 10, 2023Monday, 10 April 2023, 21:15	9.8 CRITICAL	—
Command injection vulnerability found in Tenda G103 v.1.0.0.5 allows attacker to execute arbitrary code via a the language parameter.
CVE-2022-28495 ↗	Mar 24, 2023Friday, 24 March 2023, 14:15	9.8 CRITICAL	—
TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2022-28496 ↗	Mar 23, 2023Thursday, 23 March 2023, 17:15	9.8 CRITICAL	—
TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 discovered to contain a command injection vulnerability in the setPasswordCfg function via the adminuser and adminpassparameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2022-28497 ↗	Mar 23, 2023Thursday, 23 March 2023, 16:15	9.8 CRITICAL	—
TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the mtd_write_bootloader function via the filename parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2023-27077 ↗	Mar 23, 2023Thursday, 23 March 2023, 15:15	7.5 HIGH	—
Stack Overflow vulnerability found in 360 D901 allows a remote attacker to cause a Distributed Denial of Service (DDOS) via a crafted HTTP package.
CVE-2023-27078 ↗	Mar 23, 2023Thursday, 23 March 2023, 15:15	9.8 CRITICAL	—
A command injection issue was found in TP-Link MR3020 v.1_150921 that allows a remote attacker to execute arbitrary commands via a crafted request to the tftp endpoint.
CVE-2022-28491 ↗	Mar 23, 2023Thursday, 23 March 2023, 15:15	9.8 CRITICAL	—
TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 contains a command injection vulnerability in the NTPSyncWithHost function via the host_name parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2022-28493 ↗	Mar 23, 2023Thursday, 23 March 2023, 15:15	9.8 CRITICAL	—
A vulnerability in TOTOLINK CP900 V6.3c.566 allows attackers to start the Telnet service,
CVE-2023-27079 ↗	Mar 23, 2023Thursday, 23 March 2023, 14:15	7.5 HIGH	—
Command Injection vulnerability found in Tenda G103 v.1.0.05 allows an attacker to obtain sensitive information via a crafted package
CVE-2022-28492 ↗	Mar 23, 2023Thursday, 23 March 2023, 14:15	9.8 CRITICAL	—
TOTOLINK Technology CPE with firmware V6.3c.566 ,allows remote attackers to bypass Login.
CVE-2022-28494 ↗	Mar 23, 2023Thursday, 23 March 2023, 01:15	9.8 CRITICAL	—
TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the setUpgradeFW function via the filename parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.