FzBacon

5 exploits Active since Oct 2019
CVE-2023-27216 NOMISEC HIGH WRITEUP
D-Link DSL-3782 1.03 - Authenticated Root Code Execution via Network Settings
An issue found in D-Link DSL-3782 v.1.03 allows remote authenticated users to execute arbitrary code as root via the network settings page.
2 stars
CVSS 8.8
CVE-2019-18370 NOMISEC CRITICAL WRITEUP
Millet Router 3G Firmware < 2.28.23 - OS Command Injection
An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. The backup file is in tar.gz format. After uploading, the application uses the tar zxf command to decompress, so one can control the contents of the files in the decompressed directory. In addition, the application's sh script for testing upload and download speeds reads a URL list from /tmp/speedtest_urls.xml, and there is a command injection vulnerability, as demonstrated by api/xqnetdetect/netspeed.
2 stars
CVSS 9.8
CVE-2023-26976 NOMISEC HIGH WORKING POC
Tenda AC6 <15.03.05.09 - Buffer Overflow
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function.
1 stars
CVSS 7.5
CVE-2023-25234 NOMISEC CRITICAL WRITEUP
Tenda AC500 V2.0.1.9(1307) - Buffer Overflow in fromAddressNat via entrys and mitInterface
Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in function fromAddressNat via parameters entrys and mitInterface.
CVSS 9.8
CVE-2022-34527 NOMISEC HIGH WORKING POC
D-Link DSL-3782 <= v1.03 - OS Command Injection via byte_4C0160 Function
D-Link DSL-3782 v1.03 and below was discovered to contain a command injection vulnerability via the function byte_4C0160.
CVSS 8.8