Vinod Kumar Shrimali (mrnmap)

6 exploits Active since Nov 2024
CVE-2024-28726 WRITEUP HIGH WRITEUP
DLink DWR-2000M 5G CPE - OS Command Injection via Diagnostics Function
An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to execute arbitrary code via a crafted payload to the Diagnostics function.
CVSS 8.0
CVE-2024-28728 WRITEUP MEDIUM WRITEUP
DLink DWR-2000M 5G CPE - Stored Cross-Site Scripting via WiFi SSID Name Field
Cross Site Scripting vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to obtain sensitive information via a crafted payload to the WiFi SSID Name field.
CVSS 6.6
CVE-2024-28729 WRITEUP CRITICAL WRITEUP
DLink DWR-2000M Firmware 1.34ME - OS Command Injection
An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to execute arbitrary code via a crafted request.
CVSS 9.8
CVE-2024-28730 WRITEUP MEDIUM WRITEUP
DLink DWR-2000M Firmware 1.34ME - Cross-Site Scripting via VPN Configuration File Upload
Cross Site Scripting vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to obtain sensitive information via the file upload feature of the VPN configuration module.
CVSS 5.4
CVE-2024-28731 WRITEUP MEDIUM WRITEUP
DLink DWR-2000M Firmware 1.34ME - Cross-Site Request Forgery via Port Forwarding Option
Cross Site Request Forgery vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to obtain sensitive information via the Port forwarding option.
CVSS 4.3
CVE-2024-53563 WRITEUP MEDIUM WRITEUP
Arcadyan Meteor 2 CPE FG360 Firmware ETV2.10 - XSS
A stored cross-site scripting (XSS) vulnerability in Arcadyan Meteor 2 CPE FG360 Firmware ETV2.10 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload.
CVSS 5.4