Shuanunio

7 exploits Active since Jan 2025
CVE-2024-54763 WRITEUP MEDIUM WRITEUP
ipTIME A2004 <12.17.0 - Info Disclosure
An access control issue in the component /login/hostinfo.cgi of ipTIME A2004 v12.17.0 allows attackers to obtain sensitive information without authentication.
CVSS 6.5
CVE-2024-54764 WRITEUP MEDIUM WRITEUP
ipTIME A2004 <12.17.0 - Info Disclosure
An access control issue in the component /login/hostinfo2.cgi of ipTIME A2004 v12.17.0 allows attackers to obtain sensitive information without authentication.
CVSS 6.5
CVE-2024-54767 WRITEUP HIGH WRITEUP
AVM FRITZ!Box 7530 AX v7.59 - Info Disclosure
An access control issue in the component /juis_boxinfo.xml of AVM FRITZ!Box 7530 AX v7.59 allows attackers to obtain sensitive information without authentication. NOTE: this is disputed by the Supplier because it cannot be reproduced, and the issue report focuses on an unintended configuration with direct Internet exposure.
CVSS 7.5
CVE-2024-57045 WRITEUP CRITICAL WRITEUP
D-Link DIR-859 <A3 1.05 - Auth Bypass
A vulnerability in the D-Link DIR-859 router with firmware version A3 1.05 and earlier permits unauthorized individuals to bypass the authentication. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page.
CVSS 9.8
CVE-2024-57046 WRITEUP HIGH WRITEUP
Netgear DGN2200 <v1.0.0.46 - Auth Bypass
A vulnerability in the Netgear DGN2200 router with firmware version v1.0.0.46 and earlier permits unauthorized individuals to bypass the authentication. When adding "?x=1.gif" to the the requested url, it will be recognized as passing the authentication.
CVSS 8.8
CVE-2024-57049 WRITEUP CRITICAL WRITEUP
TP-Link Archer c20 <V6.6_230412 - Auth Bypass
A vulnerability in the TP-Link Archer c20 router with firmware version V6.6_230412 and earlier permits unauthorized individuals to bypass the authentication of some interfaces under the /cgi directory. When adding Referer: http://tplinkwifi.net to the the request, it will be recognized as passing the authentication. NOTE: this is disputed by the Supplier because the response to the API call is only "non-sensitive UI initialization variables."
CVSS 9.8
CVE-2025-5495 WRITEUP HIGH WRITEUP
Netgear WNR614 <1.1.0.28_1.0.1WW - Auth Bypass
A vulnerability was found in Netgear WNR614 1.1.0.28_1.0.1WW. It has been classified as critical. This affects an unknown part of the component URL Handler. The manipulation with the input %00currentsetting.htm leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This issue appears to have been circulating as an 0day since 2024.
CVSS 7.3