funny-mud-peee - Security Researcher - Exploit Intelligence Platform

CVE-2024-24324 WRITEUP CRITICAL WRITEUP

TOTOLINK A8000RU v7.1cu.643_B20200521 - Use of Hard-coded Credentials

TOTOLINK A8000RU v7.1cu.643_B20200521 was discovered to contain a hardcoded password for root stored in /etc/shadow.

CVSS 9.8

View Code

CVE-2024-24325 WRITEUP CRITICAL WRITEUP

TOTOLINK A3300R V17.0.0cu.557_B20221024 - OS Command Injection via setParentalRules enable Parameter

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setParentalRules function.

CVSS 9.8

View Code

CVE-2024-24326 WRITEUP CRITICAL WRITEUP

TOTOLINK A3300R V17.0.0cu.557_B20221024 - OS Command Injection via arpEnable Parameter

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the arpEnable parameter in the setStaticDhcpRules function.

CVSS 9.8

View Code

CVE-2024-24327 WRITEUP CRITICAL WRITEUP

TOTOLINK A3300R V17.0.0cu.557_B20221024 - OS Command Injection via pppoePass Parameter

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pppoePass parameter in the setIpv6Cfg function.

CVSS 9.8

View Code

CVE-2024-24328 WRITEUP CRITICAL WRITEUP

TotoLink Router setMacFilterRules - Command Injection

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setMacFilterRules function.

CVSS 9.8

View Code

CVE-2024-24329 WRITEUP CRITICAL WRITEUP

TotoLink Router setPortForwardRules - Command Injection

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setPortForwardRules function.

CVSS 9.8

View Code

CVE-2024-24330 WRITEUP CRITICAL WRITEUP

TOTOLINK A3300R V17.0.0cu.557_B20221024 - OS Command Injection via setRemoteCfg Port or Enable Parameter

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the port or enable parameter in the setRemoteCfg function.

CVSS 9.8

View Code

CVE-2024-24331 WRITEUP CRITICAL WRITEUP

TOTOLINK A3300R V17.0.0cu.557_B20221024 - OS Command Injection via setWiFiScheduleCfg enable Parameter

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setWiFiScheduleCfg function.

CVSS 9.8

View Code

CVE-2024-24332 WRITEUP CRITICAL WRITEUP

TOTOLINK A3300R V17.0.0cu.557_B20221024 - OS Command Injection via setUrlFilterRules URL Parameter

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the url parameter in the setUrlFilterRules function.

CVSS 9.8

View Code

CVE-2024-24333 WRITEUP CRITICAL WRITEUP

TOTOLINK A3300R V17.0.0cu.557_B20221024 - OS Command Injection via setWiFiAclRules desc Parameter

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the desc parameter in the setWiFiAclRules function.

CVSS 9.8

View Code

CVE-2024-28338 WRITEUP HIGH WRITEUP

TOTOLINK A8000RU V7.1cu.643_B20200521 - Unauthenticated Login Bypass via Session Cookie

A login bypass in TOTOLINK A8000RU V7.1cu.643_B20200521 allows attackers to login to Administrator accounts via providing a crafted session cookie.

CVSS 8.0

View Code

CVE-2024-28339 WRITEUP MEDIUM WRITEUP

Netgear CBR40, CBK40, CBK43 2.5.0.28 - Unauthenticated Sensitive Information Exposure via debuginfo.htm

An information leak in the debuginfo.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required.

CVSS 5.4

View Code

CVE-2024-28340 WRITEUP HIGH WRITEUP

Netgear CBR40, CBK40, CBK43 2.5.0.28 - Unauthenticated Sensitive Information Exposure via currentsetting.htm

An information leak in the currentsetting.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required.

CVSS 7.5

View Code

CVE-2024-30568 WRITEUP CRITICAL WORKING POC

Netgear R6850 1.1.0.88 - OS Command Injection via c4-IPAddr Parameter

Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the c4-IPAddr parameter.

CVSS 9.8

View Code

CVE-2024-30569 WRITEUP HIGH WRITEUP

Netgear R6850 v1.1.0.88 - Unauthenticated Exposure of Sensitive Information via currentsetting.htm

An information leak in currentsetting.htm of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required.

CVSS 7.5

View Code

CVE-2024-30570 WRITEUP MEDIUM WRITEUP

Netgear R6850 v1.1.0.88 - Unauthenticated Sensitive Information Exposure via debuginfo.htm

An information leak in debuginfo.htm of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required.

CVSS 5.3

View Code

CVE-2024-30571 WRITEUP HIGH WRITEUP

Netgear R6850 v1.1.0.88 - Unauthenticated Exposure of Sensitive Information in BRS_top.html

An information leak in the BRS_top.html component of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required.

CVSS 7.5

View Code

CVE-2024-30572 WRITEUP HIGH WRITEUP

Netgear R6850 1.1.0.88 - OS Command Injection via ntp_server Parameter

Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the ntp_server parameter.

CVSS 8.0

View Code