funny-mud-peee/IoT-vuls

GitHub

github.com

Releases0

Stars22

iot-vuls

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-30572 ↗	Apr 3, 2024Wednesday, 3 April 2024, 13:16	8 HIGH	—
Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the ntp_server parameter.
CVE-2024-30571 ↗	Apr 3, 2024Wednesday, 3 April 2024, 13:16	7.5 HIGH	—
An information leak in the BRS_top.html component of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required.
CVE-2024-30570 ↗	Apr 3, 2024Wednesday, 3 April 2024, 13:16	5.3 MEDIUM	—
An information leak in debuginfo.htm of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required.
CVE-2024-30569 ↗	Apr 3, 2024Wednesday, 3 April 2024, 13:16	7.5 HIGH	—
An information leak in currentsetting.htm of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required.
CVE-2024-30568 ↗	Apr 3, 2024Wednesday, 3 April 2024, 13:16	9.8 CRITICAL	—
Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the c4-IPAddr parameter.
CVE-2024-28338 ↗	Mar 12, 2024Tuesday, 12 March 2024, 17:15	8 HIGH	—
A login bypass in TOTOLINK A8000RU V7.1cu.643_B20200521 allows attackers to login to Administrator accounts via providing a crafted session cookie.
CVE-2024-28340 ↗	Mar 12, 2024Tuesday, 12 March 2024, 17:15	7.5 HIGH	—
An information leak in the currentsetting.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required.
CVE-2024-28339 ↗	Mar 12, 2024Tuesday, 12 March 2024, 17:15	5.4 MEDIUM	—
An information leak in the debuginfo.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required.
CVE-2024-24333 ↗	Jan 30, 2024Tuesday, 30 January 2024, 15:15	9.8 CRITICAL	—
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the desc parameter in the setWiFiAclRules function.
CVE-2024-24332 ↗	Jan 30, 2024Tuesday, 30 January 2024, 15:15	9.8 CRITICAL	—
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the url parameter in the setUrlFilterRules function.
CVE-2024-24325 ↗	Jan 30, 2024Tuesday, 30 January 2024, 15:15	9.8 CRITICAL	—
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setParentalRules function.
CVE-2024-24326 ↗	Jan 30, 2024Tuesday, 30 January 2024, 15:15	9.8 CRITICAL	—
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the arpEnable parameter in the setStaticDhcpRules function.
CVE-2024-24327 ↗	Jan 30, 2024Tuesday, 30 January 2024, 15:15	9.8 CRITICAL	—
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pppoePass parameter in the setIpv6Cfg function.
CVE-2024-24328 ↗	Jan 30, 2024Tuesday, 30 January 2024, 15:15	9.8 CRITICAL	—
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setMacFilterRules function.
CVE-2024-24329 ↗	Jan 30, 2024Tuesday, 30 January 2024, 15:15	9.8 CRITICAL	—
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setPortForwardRules function.
CVE-2024-24330 ↗	Jan 30, 2024Tuesday, 30 January 2024, 15:15	9.8 CRITICAL	—
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the port or enable parameter in the setRemoteCfg function.
CVE-2024-24331 ↗	Jan 30, 2024Tuesday, 30 January 2024, 15:15	9.8 CRITICAL	—
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setWiFiScheduleCfg function.
CVE-2024-24324 ↗	Jan 30, 2024Tuesday, 30 January 2024, 15:15	9.8 CRITICAL	—
TOTOLINK A8000RU v7.1cu.643_B20200521 was discovered to contain a hardcoded password for root stored in /etc/shadow.
CVE-2024-23061 ↗	Jan 11, 2024Thursday, 11 January 2024, 16:15	9.8 CRITICAL	—
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the minute parameter in the setScheduleCfg function.
CVE-2024-23060 ↗	Jan 11, 2024Thursday, 11 January 2024, 16:15	9.8 CRITICAL	—
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDmzCfg function.
CVE-2024-23059 ↗	Jan 11, 2024Thursday, 11 January 2024, 16:15	9.8 CRITICAL	—
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the username parameter in the setDdnsCfg function.
CVE-2024-23058 ↗	Jan 11, 2024Thursday, 11 January 2024, 16:15	9.8 CRITICAL	—
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pass parameter in the setTr069Cfg function.
CVE-2024-23057 ↗	Jan 11, 2024Thursday, 11 January 2024, 16:15	9.8 CRITICAL	—
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the tz parameter in the setNtpCfg function.
CVE-2024-22942 ↗	Jan 11, 2024Thursday, 11 January 2024, 16:15	9.8 CRITICAL	—
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the hostName parameter in the setWanCfg function.
CVE-2023-51984 ↗	Jan 11, 2024Thursday, 11 January 2024, 16:15	9.8 CRITICAL	—
D-Link DIR-822+ V1.0.2 was found to contain a command injection in SetStaticRouteSettings function. allows remote attackers to execute arbitrary commands via shell.
CVE-2023-51989 ↗	Jan 11, 2024Thursday, 11 January 2024, 16:15	—	—
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-51987. Reason: This candidate is a reservation duplicate of CVE-2025-51987. Notes: All CVE users should reference CVE-2025-51987 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2023-51987 ↗	Jan 11, 2024Thursday, 11 January 2024, 16:15	9.8 CRITICAL	—
D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, which allows attackers to log in to administrator accounts with empty passwords.