PAGalaxyLab/VulInfo

GitHub

github.com

Releases0

Stars151

These are the vulnerabilities discovered by Galaxy Lab.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2019-10039 ↗	Mar 25, 2019Monday, 25 March 2019, 19:29	—	5 MEDIUM
The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/setSysAdm to edit the web or system account without authentication.
CVE-2019-10042 ↗	Mar 25, 2019Monday, 25 March 2019, 19:29	—	7.8 HIGH
The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/LoadDefaultSettings to reset the router without authentication.
CVE-2019-10041 ↗	Mar 25, 2019Monday, 25 March 2019, 19:29	—	5 MEDIUM
The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/form2userconfig.cgi to edit the system account without authentication.
CVE-2019-10040 ↗	Mar 25, 2019Monday, 25 March 2019, 19:29	—	10 HIGH
The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use a hidden API URL /goform/SystemCommand to execute a system command without authentication.
CVE-2019-9146 ↗	Feb 25, 2019Monday, 25 February 2019, 18:29	—	7.9 HIGH
Jamf Self Service 10.9.0 allows man-in-the-middle attackers to obtain a root shell by leveraging the "publish Bash shell scripts" feature to insert "/Applications/Utilities/Terminal app/Contents/MacOS/Terminal" into the TCP data stream.
CVE-2018-19528 ↗	Nov 26, 2018Monday, 26 November 2018, 02:29	—	10 HIGH
TP-Link TL-WR886N 7.0 1.1.0 devices allow remote attackers to cause a denial of service (Tlb Load Exception) via crafted DNS packets to port 53/udp.
CVE-2018-17127 ↗	Sep 17, 2018Monday, 17 September 2018, 04:29	—	7.8 HIGH
blocking_request.cgi on ASUS GT-AC5300 devices through 3.0.0.4.384_32738 allows remote attackers to cause a denial of service (NULL pointer dereference and device crash) via a request that lacks a timestap parameter.
CVE-2018-17063 ↗	Sep 15, 2018Saturday, 15 September 2018, 21:29	—	10 HIGH
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/NTPSyncWithHost route. This could lead to command injection via shell metacharacters.
CVE-2018-17068 ↗	Sep 15, 2018Saturday, 15 September 2018, 21:29	—	10 HIGH
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/Diagnosis route. This could lead to command injection via shell metacharacters in the sendNum parameter.
CVE-2018-17067 ↗	Sep 15, 2018Saturday, 15 September 2018, 21:29	—	10 HIGH
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. A very long password to /goform/formLogin could lead to a stack-based buffer overflow and overwrite the return address.
CVE-2018-17066 ↗	Sep 15, 2018Saturday, 15 September 2018, 21:29	—	10 HIGH
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/form2systime.cgi route. This could lead to command injection via shell metacharacters in the datetime parameter.
CVE-2018-17065 ↗	Sep 15, 2018Saturday, 15 September 2018, 21:29	—	10 HIGH
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. Within the handler function of the /goform/DDNS route, a very long password could lead to a stack-based buffer overflow and overwrite the return address.
CVE-2018-17064 ↗	Sep 15, 2018Saturday, 15 September 2018, 21:29	—	10 HIGH
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/sylogapply route. This could lead to command injection via the syslogIp parameter after /goform/clearlog is invoked.
CVE-2018-17020 ↗	Sep 13, 2018Thursday, 13 September 2018, 19:29	—	7.8 HIGH
ASUS GT-AC5300 devices with firmware through 3.0.0.4.384_32738 allow remote attackers to cause a denial of service via a single "GET / HTTP/1.1\r\n" line.
CVE-2018-17021 ↗	Sep 13, 2018Thursday, 13 September 2018, 19:29	—	4.3 MEDIUM
Cross-site scripting (XSS) vulnerability on ASUS GT-AC5300 devices with firmware through 3.0.0.4.384_32738 allows remote attackers to inject arbitrary web script or HTML via the appGet.cgi hook parameter.
CVE-2018-17023 ↗	Sep 13, 2018Thursday, 13 September 2018, 19:29	—	6.8 MEDIUM
Cross-site request forgery (CSRF) vulnerability on ASUS GT-AC5300 routers with firmware through 3.0.0.4.384_32738 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request to start_apply.htm.
CVE-2018-17022 ↗	Sep 13, 2018Thursday, 13 September 2018, 19:29	—	8 HIGH
Stack-based buffer overflow on the ASUS GT-AC5300 router through 3.0.0.4.384_32738 allows remote attackers to cause a denial of service (device crash) or possibly have unspecified other impact by setting a long sh_path0 value and then sending an appGet.cgi?hook=select_list("Storage_x_SharedPath") request, because ej_select_list in router/httpd/web.c uses strcpy.
CVE-2018-17014 ↗	Sep 13, 2018Thursday, 13 September 2018, 18:29	—	4 MEDIUM
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for ip_mac_bind name.
CVE-2018-17012 ↗	Sep 13, 2018Thursday, 13 September 2018, 18:29	—	4 MEDIUM
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for hosts_info set_block_flag up_limit.
CVE-2018-17018 ↗	Sep 13, 2018Thursday, 13 September 2018, 18:29	—	4 MEDIUM
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for time_switch name.
CVE-2018-17016 ↗	Sep 13, 2018Thursday, 13 September 2018, 18:29	—	4 MEDIUM
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for reboot_timer name.
CVE-2018-17015 ↗	Sep 13, 2018Thursday, 13 September 2018, 18:29	—	4 MEDIUM
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for ddns phddns username.
CVE-2018-17017 ↗	Sep 13, 2018Thursday, 13 September 2018, 18:29	—	4 MEDIUM
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for dhcpd udhcpd enable.
CVE-2018-17013 ↗	Sep 13, 2018Thursday, 13 September 2018, 18:29	—	4 MEDIUM
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for protocol wan wan_rate.
CVE-2018-17010 ↗	Sep 13, 2018Thursday, 13 September 2018, 18:29	—	4 MEDIUM
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wireless wlan_host_2g bandwidth.
CVE-2018-17011 ↗	Sep 13, 2018Thursday, 13 September 2018, 18:29	—	4 MEDIUM
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for hosts_info para sun.
CVE-2018-17009 ↗	Sep 13, 2018Thursday, 13 September 2018, 18:29	—	4 MEDIUM
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wireless wlan_host_2g isolate.
CVE-2018-17008 ↗	Sep 13, 2018Thursday, 13 September 2018, 18:29	—	4 MEDIUM
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wireless wlan_host_2g power.
CVE-2018-17007 ↗	Sep 13, 2018Thursday, 13 September 2018, 18:29	—	4 MEDIUM
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wireless wlan_wds_2g ssid.
CVE-2018-17006 ↗	Sep 13, 2018Thursday, 13 September 2018, 18:29	—	4 MEDIUM
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for firewall lan_manage mac2.
CVE-2018-17005 ↗	Sep 13, 2018Thursday, 13 September 2018, 18:29	—	4 MEDIUM
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for firewall dmz enable.
CVE-2018-17004 ↗	Sep 13, 2018Thursday, 13 September 2018, 18:29	—	4 MEDIUM
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wlan_access name.
CVE-2018-16408 ↗	Sep 3, 2018Monday, 3 September 2018, 19:29	—	9 HIGH
D-Link DIR-846 devices with firmware 100.26 allow remote attackers to execute arbitrary code as root via a SetNetworkTomographySettings request by leveraging admin access.