D2y6p/CVE

GitHub

github.com

Releases0

Stars22

CVE

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-39780 ↗	Sep 11, 2023Monday, 11 September 2023, 19:15	8.8 HIGH	—
On ASUS RT-AX55 3.0.0.4.386.51598 devices, authenticated attackers can perform OS command injection via the /start_apply.htm qos_bw_rulelist parameter. NOTE: for the similar "token-generated module" issue, see CVE-2023-41345; for the similar "token-refresh module" issue, see CVE-2023-41346; for the similar "check token module" issue, see CVE-2023-41347; and for the similar "code-authentication module" issue, see CVE-2023-41348.
CVE-2023-34563 ↗	Jun 20, 2023Tuesday, 20 June 2023, 21:15	9.8 CRITICAL	—
netgear R6250 Firmware Version 1.0.4.48 is vulnerable to Buffer Overflow after authentication.
CVE-2023-31746 ↗	Jun 14, 2023Wednesday, 14 June 2023, 21:15	9.8 CRITICAL	—
There is a command injection vulnerability in the adslr VW2100 router with firmware version M1DV1.0. An unauthenticated attacker can exploit the vulnerability to execute system commands as the root user.
CVE-2023-33532 ↗	Jun 6, 2023Tuesday, 6 June 2023, 14:15	9.8 CRITICAL	—
There is a command injection vulnerability in the Netgear R6250 router with Firmware Version 1.0.4.48. If an attacker gains web management privileges, they can inject commands into the post request parameters, thereby gaining shell privileges.
CVE-2023-33533 ↗	Jun 6, 2023Tuesday, 6 June 2023, 14:15	8.8 HIGH	—
Netgear D6220 with Firmware Version 1.0.0.80, D8500 with Firmware Version 1.0.3.60, R6700 with Firmware Version 1.0.2.26, and R6900 with Firmware Version 1.0.2.26 are vulnerable to Command Injection. If an attacker gains web management privileges, they can inject commands into the post request parameters, gaining shell privileges.
CVE-2023-33530 ↗	Jun 6, 2023Tuesday, 6 June 2023, 13:15	8.8 HIGH	—
There is a command injection vulnerability in the Tenda G103 Gigabit GPON Terminal with firmware version V1.0.0.5. If an attacker gains web management privileges, they can inject commands gaining shell privileges.
CVE-2023-31740 ↗	May 23, 2023Tuesday, 23 May 2023, 01:15	7.2 HIGH	—
There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. If an attacker gains web management privileges, they can inject commands into the post request parameters WL_atten_bb, WL_atten_radio, and WL_atten_ctl in the apply.cgi interface, thereby gaining shell privileges.
CVE-2023-31741 ↗	May 23, 2023Tuesday, 23 May 2023, 01:15	7.2 HIGH	—
There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. If an attacker gains web management privileges, they can inject commands into the post request parameters wl_ssid, wl_ant, wl_rate, WL_atten_ctl, ttcp_num, ttcp_size in the httpd s Start_EPI() function, thereby gaining shell privileges.
CVE-2023-31742 ↗	May 22, 2023Monday, 22 May 2023, 17:15	7.2 HIGH	—
There is a command injection vulnerability in the Linksys WRT54GL router with firmware version 4.30.18.006. If an attacker gains web management privileges, they can inject commands into the post request parameters wl_ant, wl_rate, WL_atten_ctl, ttcp_num, ttcp_size in the httpd s Start_EPI() function, thereby gaining shell privileges.
CVE-2023-31729 ↗	May 18, 2023Thursday, 18 May 2023, 02:15	9.8 CRITICAL	—
TOTOLINK A3300R v17.0.0cu.557 is vulnerable to Command Injection via /cgi-bin/cstecgi.cgi.