efchatz

4 exploits Active since Nov 2021
CVE-2022-30592 NOMISEC CRITICAL WORKING POC
Litespeedtech Lsquic < 3.1.0 - NULL Pointer Dereference
liblsquic/lsquic_qenc_hdl.c in LiteSpeed QUIC (aka LSQUIC) before 3.1.0 mishandles MAX_TABLE_CAPACITY.
79 stars
CVSS 9.8
CVE-2022-30591 NOMISEC HIGH WORKING POC
Quic-go < 0.27.0 - Denial of Service
quic-go through 0.27.0 allows remote attackers to cause a denial of service (CPU consumption) via a Slowloris variant in which incomplete QUIC or HTTP/3 requests are sent. This occurs because mtu_discoverer.go misparses the MTU Discovery service and consequently overflows the probe timer. NOTE: the vendor's position is that this behavior should not be listed as a vulnerability on the CVE List
25 stars
CVSS 7.5
CVE-2022-41540 NOMISEC MEDIUM WORKING POC
TP-Link AX10v1 V1_211117 - Info Disclosure
The web app client of TP-Link AX10v1 V1_211117 uses hard-coded cryptographic keys when communicating with the router. Attackers who are able to intercept the communications between the web client and router through a man-in-the-middle attack can then obtain the sequence key via a brute-force attack, and access sensitive information.
17 stars
CVSS 5.9
CVE-2021-37910 NOMISEC LOW WORKING POC
ASUS routers - DoS
ASUS routers Wi-Fi protected access protocol (WPA2 and WPA3-SAE) has improper control of Interaction frequency vulnerability, an unauthenticated attacker can remotely disconnect other users' connections by sending specially crafted SAE authentication frames.
17 stars
CVSS 3.7