? CVE-2024-21833
Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product to execute arbitrary OS commands. The affected device, with the initial configuration, allows login only from the LAN port or Wi-Fi.

?@cveNotify

jvn.jp

JVNVU#91401812: Multiple TP-Link products vulnerable to OS command injection

Japan Vulnerability Notes

? CVE-2024-21821
Multiple TP-LINK products allow a network-adjacent authenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands.

?@cveNotify

jvn.jp

JVNVU#91401812: Multiple TP-Link products vulnerable to OS command injection

Japan Vulnerability Notes

? CVE-2024-21773
Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands on the product that has pre-specified target devices and blocked URLs in parental control settings.

?@cveNotify

jvn.jp

JVNVU#91401812: Multiple TP-Link products vulnerable to OS command injection

Japan Vulnerability Notes

? CVE-2024-28327
Asus RT-N12+ B1 router stores user passwords in plaintext, which could allow local attackers to obtain unauthorized access and modify router settings.

?@cveNotify

ASUS Global

Driven by innovation & committed to quality, ASUS has a wide selection of best in class products. Find & buy a laptop, phone, router, monitor, motherboard & more

? CVE-2024-28325
Asus RT-N12+ B1 router stores credentials in cleartext, which could allow local attackers to obtain unauthorized access and modify router settings.

?@cveNotify

ASUS Global

Driven by innovation & committed to quality, ASUS has a wide selection of best in class products. Find & buy a laptop, phone, router, monitor, motherboard & more

? CVE-2024-4236
A vulnerability, which was classified as critical, has been found in Tenda AX1803 1.0.0.1. This issue affects the function formSetSysToolDDNS of the file /goform/SetDDNSCfg. The manipulation of the argument serverName/ddnsUser/ddnsPwd/ddnsDomain leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-262127. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

?@cveNotify

GitHub

IoT-vulnerable/Tenda/AX/AX1803/formSetSysToolDDNS.md at main · abcdefg-png/IoT-vulnerable

IoT-vulnerable. Contribute to abcdefg-png/IoT-vulnerable development by creating an account on GitHub.

? CVE-2024-4235
A vulnerability classified as problematic was found in Netgear DG834Gv5 1.6.01.34. This vulnerability affects unknown code of the component Web Management Interface. The manipulation leads to cleartext storage of sensitive information. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-262126 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

?@cveNotify

NETSECFISH on Notion

Netgear DG834Gv5 - Plain Text Credentials Exposure | Notion

Overview

? CVE-2024-33344
D-Link DIR-822+ V1.0.5 was found to contain a command injection in ftext function of upload_firmware.cgi, which allows remote attackers to execute arbitrary commands via shell.

?@cveNotify

? CVE-2024-33343
D-Link DIR-822+ V1.0.5 was found to contain a command injection in ChgSambaUserSettings function of prog.cgi, which allows remote attackers to execute arbitrary commands via shell.

?@cveNotify