GroundCTL2MajorTom/pocs

Releases0

Stars4

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-48288 ↗	Nov 21, 2024Thursday, 21 November 2024, 18:15	8 HIGH	—
TP-Link TL-IPC42C V4.0_20211227_1.0.16 is vulnerable to command injection due to the lack of malicious code verification on both the frontend and backend.
CVE-2024-48286 ↗	Nov 21, 2024Thursday, 21 November 2024, 18:15	8 HIGH	—
Linksys E3000 1.0.06.002_US is vulnerable to command injection via the diag_ping_start function.
CVE-2024-44383 ↗	Sep 4, 2024Wednesday, 4 September 2024, 13:15	6.8 MEDIUM	—
WAYOS FBM-291W v19.09.11 is vulnerable to Command Execution via msp_info_htm.
CVE-2024-8234 ↗	Aug 30, 2024Friday, 30 August 2024, 01:15	7.5 HIGH	—
UNSUPPORTED WHEN ASSIGNED A command injection vulnerability in the functions formSysCmd(), formUpgradeCert(), and formDelcert() in the Zyxel NWA1100-N firmware version 1.00(AACE.1)C0 could allow an unauthenticated attacker to execute some OS commands to access system files on an affected device.
CVE-2024-44387 ↗	Aug 23, 2024Friday, 23 August 2024, 17:15	6.5 MEDIUM	—
Tenda FH1206 V1.2.0.8(8155)_EN contains a Buffer Overflow vulnerability via the functino formWrlExtraGet.
CVE-2024-44390 ↗	Aug 23, 2024Friday, 23 August 2024, 17:15	8.8 HIGH	—
Tenda FH1206 V1.2.0.8(8155)_EN contains a Buffer Overflow vulnerability via the function formWrlsafeset.
CVE-2024-44381 ↗	Aug 23, 2024Friday, 23 August 2024, 16:15	9.8 CRITICAL	—
D-Link DI_8004W 16.07.26A1 contains a command execution vulnerability in jhttpd msp_info_htm function.
CVE-2024-44382 ↗	Aug 23, 2024Friday, 23 August 2024, 16:15	9.8 CRITICAL	—
D-Link DI_8004W 16.07.26A1 contains a command execution vulnerability in the jhttpd upgrade_filter_asp function.
CVE-2024-44386 ↗	Aug 23, 2024Friday, 23 August 2024, 16:15	7.3 HIGH	—
Tenda FH1206 V1.2.0.8(8155)_EN contains a Buffer Overflow vulnerability via the function fromSetIpBind.