SpikeReply/advisories

GitHub

github.com

www.reply.com

Releases0

Stars1

Advisories from Spike Reply Cybersecurity team

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-64052 ↗	Dec 5, 2025Friday, 5 December 2025, 16:15	5.1 MEDIUM	—
An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local network to execute arbitrary system commands.
CVE-2025-64053 ↗	Dec 5, 2025Friday, 5 December 2025, 16:15	7.5 HIGH	—
A Buffer overflow vulnerability on Fanvil x210 2.12.20 devices allows attackers to cause a denial of service or potentially execute arbitrary commands via crafted POST request to the /cgi-bin/webconfig?page=upload&action=submit endpoint.
CVE-2025-64054 ↗	Dec 5, 2025Friday, 5 December 2025, 16:15	9.6 CRITICAL	—
A reflected Cross Site Scripting (XSS) vulnerability on Fanvil x210 2.12.20 devices allows attackers to cause a denial of service or potentially execute arbitrary commands via crafted POST request to the /cgi-bin/webconfig?page=upload&action=submit endpoint.
CVE-2025-64056 ↗	Dec 5, 2025Friday, 5 December 2025, 16:15	4.3 MEDIUM	—
File upload vulnerability in Fanvil x210 V2 2.12.20 allows unauthenticated attackers on the local network to store arbitrary files on the filesystem.
CVE-2025-64057 ↗	Dec 5, 2025Friday, 5 December 2025, 15:15	8.3 HIGH	—
Directory traversal vulnerability in Fanvil x210 V2 2.12.20 allows unauthenticated attackers on the local network to store files in arbitrary locations and potentially modify the system configuration or other unspecified impacts.
CVE-2025-64055 ↗	Dec 3, 2025Wednesday, 3 December 2025, 21:15	9.8 CRITICAL	—
An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local network to access administrative functions of the device (e.g. file upload, firmware update, reboot...) via a crafted authentication bypass.
CVE-2024-29421 ↗	May 22, 2024Wednesday, 22 May 2024, 18:15	6.2 MEDIUM	—
xmedcon 0.23.0 and fixed in v.0.24.0 is vulnerable to Buffer Overflow via libs/dicom/basic.c which allows an attacker to execute arbitrary code.
CVE-2023-51146 ↗	Mar 26, 2024Tuesday, 26 March 2024, 22:15	8 HIGH	—
Buffer Overflow vulnerability in TRENDnet AC1200 TEW-821DAP with firmware version 3.00b06 allows an attacker to execute arbitrary code via the adm_add_user action.
CVE-2023-51147 ↗	Mar 26, 2024Tuesday, 26 March 2024, 22:15	8 HIGH	—
Buffer Overflow vulnerability in TRENDnet Trendnet AC1200 TEW-821DAP with firmware version 3.00b06 allows an attacker to execute arbitrary code via the adm_mod_pwd action.
CVE-2024-27521 ↗	Mar 26, 2024Tuesday, 26 March 2024, 21:15	8 HIGH	—
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote command execution (RCE) vulnerability via multiple parameters in the "setOpModeCfg" function. This security issue allows an attacker to take complete control of the device. In detail, exploitation allows unauthenticated, remote attackers to execute arbitrary system commands with administrative privileges (i.e., as user "root").
CVE-2023-51148 ↗	Mar 26, 2024Tuesday, 26 March 2024, 21:15	8 HIGH	—
An issue in TRENDnet Trendnet AC1200 Dual Band PoE Indoor Wireless Access Point TEW-821DAP v.3.00b06 allows an attacker to execute arbitrary code via the 'mycli' command-line interface component.