Skip to main content
CVE-2018-10168 HIGH POC This Week

TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows do not control privileges for usage of the Web API, allowing a low-privilege user to make any request as an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation TP-Link Eap Controller
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2018-10166 HIGH POC This Week

The web management interface in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows does not have Anti-CSRF tokens in any forms. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF TP-Link Eap Controller
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-10717 HIGH POC PATCH This Week

The DecodeGifImg function in ngiflib.c in MiniUPnP ngiflib 0.4 does not consider the bounds of the pixels data structure, which allows remote attackers to cause a denial of service (WritePixels. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Denial Of Service Buffer Overflow Ngiflib
NVD GitHub
CVSS 3.0
8.8
EPSS
2.0%
CVE-2018-10713 HIGH POC This Week

An issue was discovered on D-Link DSL-3782 EU 1.01 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow D-Link Dsl 3782 Firmware
NVD GitHub
CVSS 3.0
8.8
EPSS
2.4%
CVE-2018-10167 HIGH POC This Week

The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows is encrypted with a hard-coded cryptographic key, so anyone who knows that key. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Authentication Bypass TP-Link Eap Controller
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-10666 HIGH This Week

The Owned smart contract implementation for Aurora IDEX Membership (IDXM), an Ethereum ERC20 token, allows attackers to acquire contract ownership because the setOwner function is declared as public. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Idex Membership
NVD
CVSS 3.0
7.5
EPSS
1.0%
CVE-2018-4849 HIGH This Week

A vulnerability has been identified in Siveillance VMS Video for Android (All versions < V12.1a (2018 R1)), Siveillance VMS Video for iOS (All versions < V12.1a (2018 R1)). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Siemens Apple Siveillance Vms Video
NVD
CVSS 3.0
7.4
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy