4hsien

7 exploits Active since Mar 2024
CVE-2024-28402 WRITEUP MEDIUM WRITEUP
Totolink X2000r Firmware - XSS
TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-site scripting (XSS) vulnerability in IP/Port Filtering under the Firewall Page.
CVSS 5.9
CVE-2024-28404 WRITEUP HIGH WRITEUP
Totolink X2000r Firmware - XSS
TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-site scripting (XSS) vulnerability in MAC Filtering under the Firewall Page.
CVSS 8.0
CVE-2024-31810 WRITEUP CRITICAL WRITEUP
TOTOLINK EX200 V4.0.3c.7646 - Info Disclosure
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a hardcoded password for root at /etc/shadow.sample.
CVSS 9.8
CVE-2024-31814 WRITEUP HIGH WRITEUP
TOTOLINK EX200 V4.0.3c.7646_B20201211 - Auth Bypass
TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to bypass login through the Form_Login function.
CVSS 8.8
CVE-2024-51187 WRITEUP MEDIUM WRITEUP
Trendnet Tew-651br Firmware - XSS
TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the firewallRule_Name_1.1.1.0.0 parameter on the /firewall_setting.htm page.
CVSS 4.8
CVE-2024-51189 WRITEUP MEDIUM WRITEUP
Trendnet Tew-651br Firmware - XSS
TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the macList_Name_1.1.1.0.0 parameter on the /filters.htm page.
CVSS 4.8
CVE-2024-51190 WRITEUP MEDIUM WRITEUP
Trendnet Tew-651br Firmware - XSS
TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the ptRule_ApplicationName_1.1.6.0.0 parameter on the /special_ap.htm page.
CVSS 4.8