Skip to main content
CVE-2016-10372 CRITICAL POC THREAT Emergency

The Eir D1000 modem does not properly restrict the TR-064 protocol, which allows remote attackers to execute arbitrary commands via TCP port 7547, as demonstrated by opening WAN access to TCP port. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 93.1%.

Privilege Escalation D1000 Modem Firmware
NVD
CVSS 3.0
9.8
EPSS
93.1%
Threat
6.3
CVE-2017-6079 CRITICAL POC THREAT Emergency

The HTTP web-management application on Edgewater Networks Edgemarc appliances has a hidden page that allows for user-defined commands such as specific iptables routes, etc., to be set. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 32.4%.

Information Disclosure Edgemarc Firmware
NVD
CVSS 3.1
9.8
EPSS
32.4%
Threat
4.4
CVE-2017-6886 CRITICAL PATCH Act Now

An error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to corrupt memory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Libraw
NVD GitHub
CVSS 3.0
9.8
EPSS
0.6%
CVE-2017-6885 CRITICAL Act Now

An error when handling certain external commands and services related to the FlexNet Inventory Agent and FlexNet Beacon of the Flexera Software FlexNet Manager Suite 2017 before 2017 R1 and 2014 R3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Flexnet Manager Suite
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-3882 CRITICAL Act Now

A vulnerability in the Universal Plug-and-Play (UPnP) implementation in the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, Layer 2-adjacent attacker to execute arbitrary code or. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Cisco Denial Of Service Small Business Rv Router Firmware +1
NVD
CVSS 3.0
9.6
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy