funny-mud-peee

18 exploits Active since Jan 2024
CVE-2024-24324 WRITEUP CRITICAL WRITEUP
Totolink A8000ru Firmware - Hard-coded Credentials
TOTOLINK A8000RU v7.1cu.643_B20200521 was discovered to contain a hardcoded password for root stored in /etc/shadow.
CVSS 9.8
CVE-2024-24325 WRITEUP CRITICAL WRITEUP
Totolink A3300r Firmware - OS Command Injection
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setParentalRules function.
CVSS 9.8
CVE-2024-24326 WRITEUP CRITICAL WRITEUP
Totolink A3300r Firmware - OS Command Injection
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the arpEnable parameter in the setStaticDhcpRules function.
CVSS 9.8
CVE-2024-24327 WRITEUP CRITICAL WRITEUP
Totolink A3300r Firmware - OS Command Injection
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pppoePass parameter in the setIpv6Cfg function.
CVSS 9.8
CVE-2024-24328 WRITEUP CRITICAL WRITEUP
TotoLink Router setMacFilterRules - Command Injection
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setMacFilterRules function.
CVSS 9.8
CVE-2024-24329 WRITEUP CRITICAL WRITEUP
TotoLink Router setPortForwardRules - Command Injection
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setPortForwardRules function.
CVSS 9.8
CVE-2024-24330 WRITEUP CRITICAL WRITEUP
Totolink A3300r Firmware - OS Command Injection
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the port or enable parameter in the setRemoteCfg function.
CVSS 9.8
CVE-2024-24331 WRITEUP CRITICAL WRITEUP
Totolink A3300r Firmware - OS Command Injection
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setWiFiScheduleCfg function.
CVSS 9.8
CVE-2024-24332 WRITEUP CRITICAL WRITEUP
Totolink A3300r Firmware - OS Command Injection
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the url parameter in the setUrlFilterRules function.
CVSS 9.8
CVE-2024-24333 WRITEUP CRITICAL WRITEUP
Totolink A3300r Firmware - OS Command Injection
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the desc parameter in the setWiFiAclRules function.
CVSS 9.8
CVE-2024-28338 WRITEUP HIGH WRITEUP
Totolink A8000ru Firmware - Improper Access Control
A login bypass in TOTOLINK A8000RU V7.1cu.643_B20200521 allows attackers to login to Administrator accounts via providing a crafted session cookie.
CVSS 8.0
CVE-2024-28339 WRITEUP MEDIUM WRITEUP
Netgear Cbk40 Firmware - Information Disclosure
An information leak in the debuginfo.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required.
CVSS 5.4
CVE-2024-28340 WRITEUP HIGH WRITEUP
Netgear Cbk40 Firmware - Information Disclosure
An information leak in the currentsetting.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required.
CVSS 7.5
CVE-2024-30568 WRITEUP CRITICAL WORKING POC
Netgear R6850 Firmware - Code Injection
Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the c4-IPAddr parameter.
CVSS 9.8
CVE-2024-30569 WRITEUP HIGH WRITEUP
Netgear R6850 Firmware - Information Disclosure
An information leak in currentsetting.htm of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required.
CVSS 7.5
CVE-2024-30570 WRITEUP MEDIUM WRITEUP
Netgear R6850 Firmware - Information Disclosure
An information leak in debuginfo.htm of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required.
CVSS 5.3
CVE-2024-30571 WRITEUP HIGH WRITEUP
Netgear R6850 Firmware - Information Disclosure
An information leak in the BRS_top.html component of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required.
CVSS 7.5
CVE-2024-30572 WRITEUP HIGH WRITEUP
Netgear R6850 Firmware - Command Injection
Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the ntp_server parameter.
CVSS 8.0