yanggao017/vuln

Releases0

Stars2

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-57235 ↗	May 5, 2025Monday, 5 May 2025, 17:18	9.8 CRITICAL	—
NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the iface parameter in the vif_enable function.
CVE-2024-57234 ↗	May 5, 2025Monday, 5 May 2025, 17:18	9.8 CRITICAL	—
NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function.
CVE-2024-57233 ↗	May 5, 2025Monday, 5 May 2025, 17:18	9.8 CRITICAL	—
NETGEAR RAX5 (AX1600 WiFi Router) v1.0.2.26 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function.
CVE-2024-57232 ↗	May 5, 2025Monday, 5 May 2025, 17:18	9.8 CRITICAL	—
NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function.
CVE-2024-57231 ↗	May 5, 2025Monday, 5 May 2025, 17:18	9.8 CRITICAL	—
NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function.
CVE-2024-57229 ↗	May 5, 2025Monday, 5 May 2025, 17:18	9.8 CRITICAL	—
NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function.
CVE-2024-57230 ↗	May 5, 2025Monday, 5 May 2025, 17:18	9.8 CRITICAL	—
NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function.
CVE-2024-41319 ↗	Jul 23, 2024Tuesday, 23 July 2024, 15:15	9.8 CRITICAL	—
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the cmd parameter in the webcmd function.
CVE-2024-41320 ↗	Jul 22, 2024Monday, 22 July 2024, 14:15	8.8 HIGH	—
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the get_apcli_conn_info function.
CVE-2024-41318 ↗	Jul 22, 2024Monday, 22 July 2024, 14:15	9.8 CRITICAL	—
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function.
CVE-2024-41317 ↗	Jul 22, 2024Monday, 22 July 2024, 14:15	8 HIGH	—
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function.
CVE-2024-41316 ↗	Jul 22, 2024Monday, 22 July 2024, 14:15	9.8 CRITICAL	—
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function.
CVE-2024-41315 ↗	Jul 22, 2024Monday, 22 July 2024, 14:15	6.8 MEDIUM	—
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function.
CVE-2024-41314 ↗	Jul 22, 2024Monday, 22 July 2024, 14:15	6.8 MEDIUM	—
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function.
CVE-2024-39209 ↗	Jun 27, 2024Thursday, 27 June 2024, 21:15	6.3 MEDIUM	—
luci-app-sms-tool v1.9-6 was discovered to contain a command injection vulnerability via the score parameter.
CVE-2024-39207 ↗	Jun 27, 2024Thursday, 27 June 2024, 20:15	8.2 HIGH	—
lua-shmem v1.0-1 was discovered to contain a buffer overflow via the shmem_write function.
CVE-2024-39208 ↗	Jun 27, 2024Thursday, 27 June 2024, 20:15	9.8 CRITICAL	—
luci-app-lucky v2.8.3 was discovered to contain hardcoded credentials.