Skip to main content
CVE-2018-17440 CRITICAL POC PATCH THREAT Act Now

An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

File Upload D-Link PHP Central Wifimanager
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
36.9%
CVE-2018-1000804 CRITICAL POC PATCH Act Now

contiki-ng version 4 contains a Buffer Overflow vulnerability in AQL (Antelope Query Language) database engine that can result in Attacker can perform Remote Code Execution on device using Contiki-NG. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Buffer Overflow Contiki Ng
NVD GitHub
CVSS 3.1
9.8
EPSS
6.3%
CVE-2018-5399 CRITICAL Act Now

The Auto-Maskin DCU 210E firmware contains an undocumented Dropbear SSH server, v2015.55, configured to listen on Port 22 while the DCU is running. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dcu 210E Firmware Rp 210E Firmware
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2018-1000810 CRITICAL Act Now

The Rust Programming Language Standard Library version 1.29.0, 1.28.0, 1.27.2, 1.27.1, 127.0, 126.2, 126.1, 126.0 contains a CWE-680: Integer Overflow to Buffer Overflow vulnerability in standard. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Rust
NVD
CVSS 3.0
9.8
EPSS
3.0%
CVE-2018-14818 CRITICAL Act Now

WECON Technology Co., Ltd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Stack Overflow Pi Studio Pi Studio Hmi
NVD
CVSS 3.1
9.8
EPSS
3.5%
CVE-2018-1742 CRITICAL PATCH Act Now

IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass IBM Security Key Lifecycle Manager
NVD
CVSS 3.0
9.3
EPSS
0.3%
CVE-2018-5400 CRITICAL Act Now

The Auto-Maskin products utilize an undocumented custom protocol to set up Modbus communications with other devices without validating those devices. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Rp 210E Firmware Dcu 210E Firmware
NVD
CVSS 3.0
9.1
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy