Skip to main content
CVE-2023-37173 CRITICAL POC Act Now

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3300R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-37172 CRITICAL POC Act Now

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3300R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-37171 CRITICAL POC Act Now

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3300R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-37170 CRITICAL POC Act Now

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the lang parameter in the setLanguageCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection A3300R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-36994 CRITICAL POC Act Now

In TravianZ 8.3.4 and 8.3.3, Incorrect Access Control in the installation script allows an attacker to overwrite the server configuration and inject PHP code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Travianz
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-36993 CRITICAL POC Act Now

The cryptographically insecure random number generator being used in TravianZ 8.3.4 and 8.3.3 in the password reset function allows an attacker to guess the password reset.parameters and to take over. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Travianz
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-27845 CRITICAL POC Act Now

SQL injection vulnerability found in PrestaShop lekerawen_ocs before v.1.4.1 allow a remote attacker to gain privileges via the KerawenHelper::setCartOperationInfo, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Omnichannel Stocks
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-37149 CRITICAL POC Act Now

TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadSetting function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Lr350 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-37148 CRITICAL POC Act Now

TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the ussd parameter in the setUssd function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Lr350 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-37146 CRITICAL POC Act Now

TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Lr350 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-37145 CRITICAL POC Act Now

TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Lr350 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-37144 CRITICAL POC Act Now

Tenda AC10 v15.03.06.26 was discovered to contain a command injection vulnerability via the mac parameter in the function formWriteFacMac. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tenda Ac10 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2023-34995 CRITICAL Act Now

There are no requirements for setting a complex password for PiiGAB M-Bus, which could contribute to a successful brute force attack if the password is inline with recommended password guidelines. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brute Force M Bus 900S Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-34433 CRITICAL Act Now

PiiGAB M-Bus stores passwords using a weak hash algorithm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure M Bus 900S Firmware
NVD
CVSS 3.1
9.8
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy