ZackSecurity/VulnerReport

Releases0

Stars6

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-28256 ↗	Mar 28, 2025Friday, 28 March 2025, 21:15	9.8 CRITICAL	—
An issue in TOTOLINK A3100R V4.1.2cu.5247_B20211129 allows a remote attacker to execute arbitrary code via the setWebWlanIdx of the file /lib/cste_modules/wireless.so.
CVE-2024-51114 ↗	Dec 3, 2024Tuesday, 3 December 2024, 20:15	8.8 HIGH	—
An issue in Beijing Digital China Yunke Information Technology Co.Ltd v.7.2.6.120 allows a remote attacker to execute arbitrary code via the code/function/dpi/web_auth/customizable.php file
CVE-2024-42905 ↗	Aug 28, 2024Wednesday, 28 August 2024, 18:15	9.8 CRITICAL	—
Beijing Digital China Cloud Technology Co., Ltd. DCME-320 v.7.4.12.60 has a command execution vulnerability, which can be exploited to obtain device administrator privileges via the getVar function in the code/function/system/tool/ping.php file.
CVE-2024-34256 ↗	May 14, 2024Tuesday, 14 May 2024, 16:17	9.8 CRITICAL	—
OFCMS V1.1.2 is vulnerable to SQL Injection via the new table function.
CVE-2024-25852 ↗	Apr 11, 2024Thursday, 11 April 2024, 21:15	8.8 HIGH	—
Linksys RE7000 v2.0.9, v2.0.11, and v2.0.15 have a command execution vulnerability in the "AccessControlList" parameter of the access control function point. An attacker can use the vulnerability to obtain device administrator rights.