Skip to main content
CVE-2021-30234 CRITICAL POC Act Now

The api/ZRIGMP/set_MLD_PROXY interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the MLD_PROXY_WAN_CONNECT. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection An Lianbao Wf 1 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.3%
CVE-2021-30233 CRITICAL POC Act Now

The api/ZRIptv/setIptvInfo interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the iptv_vlan parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection An Lianbao Wf 1 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.3%
CVE-2021-30232 CRITICAL POC Act Now

The api/ZRIGMP/set_IGMP_PROXY interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the IGMP_PROXY_WAN_CONNECT. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection An Lianbao Wf 1 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.3%
CVE-2021-30231 CRITICAL POC Act Now

The api/zrDm/set_ZRElink interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the bssaddr, abiaddr, devtoken,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection An Lianbao Wf 1 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.3%
CVE-2021-30230 CRITICAL POC Act Now

The api/ZRFirmware/set_time_zone interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the zonename parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection An Lianbao Wf 1 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.3%
CVE-2021-30228 CRITICAL POC Act Now

The api/ZRAndlink/set_ZRAndlink interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the iandlink_proc_enable. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection An Lianbao Wf 1 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.3%
CVE-2021-27651 CRITICAL POC THREAT Act Now

In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset functionality for local accounts can be used to bypass local authentication checks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Infinity
NVD
CVSS 3.1
9.8
EPSS
53.8%
CVE-2021-20090 CRITICAL POC KEV THREAT Act Now

A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthenticated remote attackers to bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Wsr 2533Dhpl2 Bk Firmware Wsr 2533Dhp3 Bk Firmware
NVD
CVSS 3.1
9.8
EPSS
100.0%
CVE-2021-31875 CRITICAL POC PATCH Act Now

In mjs_json.c in Cesanta MongooseOS mJS 1.26, a maliciously formed JSON string can trigger an off-by-one heap-based buffer overflow in mjs_json_parse, which can potentially lead to redirection of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Mongooseos Mjs
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2021-21388 CRITICAL PATCH Act Now

systeminformation is an open source system and OS information library for node.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Command Injection Systeminformation
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-25812 CRITICAL Act Now

Command injection vulnerability in China Mobile An Lianbao WF-1 1.01 via the 'ip' parameter with a POST request to /api/ZRQos/set_online_client. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection An Lianbao Wf 1 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2021-29145 CRITICAL Act Now

A remote server side request forgery (SSRF) remote code execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE SSRF Aruba Clearpass
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-25216 CRITICAL PATCH Act Now

In BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.11.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.1 of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow RCE Information Disclosure Debian Linux Bind +12
NVD
CVSS 3.1
9.8
EPSS
82.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy