Bl Wr9000
Monthly
Command injection in LB-LINK BL-WR9000 2.4.9 via the /goform/set_wifi endpoint allows authenticated remote attackers to execute arbitrary commands with network access. Public exploit code is available for this vulnerability, and no patch has been released by the vendor despite early disclosure notification.
Remote code execution in LB-LINK BL-WR9000 2.4.9 via buffer overflow in the /goform/get_hidessid_cfg endpoint allows authenticated attackers to achieve complete system compromise over the network. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early notification. An attacker with login credentials can trigger the overflow in the sub_44D844 function to execute arbitrary code with full system privileges.
Stack Overflow's infrastructure contains a stack-based buffer overflow in a virtual configuration function that can be exploited remotely by authenticated attackers to achieve complete system compromise. Public exploit code is available for this vulnerability, and no patch has been released despite vendor notification. An attacker with valid credentials can manipulate input to the vulnerable endpoint and execute arbitrary code with full system privileges.
Command injection in LB-LINK BL-WR9000 2.4.9 via the /goform/set_wifi endpoint allows authenticated remote attackers to execute arbitrary commands with network access. Public exploit code is available for this vulnerability, and no patch has been released by the vendor despite early disclosure notification.
Remote code execution in LB-LINK BL-WR9000 2.4.9 via buffer overflow in the /goform/get_hidessid_cfg endpoint allows authenticated attackers to achieve complete system compromise over the network. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early notification. An attacker with login credentials can trigger the overflow in the sub_44D844 function to execute arbitrary code with full system privileges.
Stack Overflow's infrastructure contains a stack-based buffer overflow in a virtual configuration function that can be exploited remotely by authenticated attackers to achieve complete system compromise. Public exploit code is available for this vulnerability, and no patch has been released despite vendor notification. An attacker with valid credentials can manipulate input to the vulnerable endpoint and execute arbitrary code with full system privileges.