n0wstr

26 exploits Active since Apr 2024
CVE-2024-33342 WRITEUP HIGH WORKING POC
Dlink Dir-822+ Firmware - Command Injection
D-Link DIR-822+ V1.0.5 was found to contain a command injection in SetPlcNetworkpwd function of prog.cgi, which allows remote attackers to execute arbitrary commands via shell.
CVSS 7.5
CVE-2024-33343 WRITEUP HIGH WORKING POC
Dlink Dir-822+ Firmware - OS Command Injection
D-Link DIR-822+ V1.0.5 was found to contain a command injection in ChgSambaUserSettings function of prog.cgi, which allows remote attackers to execute arbitrary commands via shell.
CVSS 8.8
CVE-2024-33344 WRITEUP CRITICAL WORKING POC
Dlink Dir-822+ Firmware - Command Injection
D-Link DIR-822+ V1.0.5 was found to contain a command injection in ftext function of upload_firmware.cgi, which allows remote attackers to execute arbitrary commands via shell.
CVSS 9.8
CVE-2024-33345 WRITEUP MEDIUM WORKING POC
Dlink Dir-823g Firmware - NULL Pointer Dereference
D-Link DIR-823G A1V1.0.2B05 was found to contain a Null-pointer dereference in the main function of upload_firmware.cgi, which allows remote attackers to cause a Denial of Service (DoS) via a crafted input.
CVSS 6.5
CVE-2024-34200 WRITEUP HIGH WORKING POC
TOTOLINK CPE CP450 v4.1.0cu.747_B20191224 - Buffer Overflow
TOTOLINK CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setIpQosRules function.
CVSS 8.8
CVE-2024-34201 WRITEUP HIGH WORKING POC
TOTOLINK CP450 <4.1.0cu.747_B20191224 - Buffer Overflow
TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the getSaveConfig function.
CVSS 7.3
CVE-2024-34202 WRITEUP MEDIUM WORKING POC
TOTOLINK CP450 <4.1.0cu.747_B20191224 - Buffer Overflow
TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setMacFilterRules function.
CVSS 6.5
CVE-2024-34203 WRITEUP LOW WORKING POC
TOTOLINK CP450 <4.1.0cu.747_B20191224 - Buffer Overflow
TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setLanguageCfg function.
CVSS 3.8
CVE-2024-34204 WRITEUP CRITICAL WORKING POC
TOTOLINK outdoor CPE CP450 <4.1.0cu.747_B20191224 - Command Injection
TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the setUpgradeFW function via the FileName parameter.
CVSS 9.8
CVE-2024-34205 WRITEUP HIGH WORKING POC
TOTOLINK CP450 <4.1.0cu.747_B20191224 - Command Injection
TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the download_firmware function.
CVSS 7.3
CVE-2024-34206 WRITEUP MEDIUM WORKING POC
TOTOLINK outdoor CPE CP450 <4.1.0cu.747_B20191224 - Command Injection
TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter.
CVSS 6.5
CVE-2024-34207 WRITEUP HIGH WORKING POC
TOTOLINK CP450 v4.1.0cu.747_B20191224 - Buffer Overflow
TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setStaticDhcpConfig function.
CVSS 8.8
CVE-2024-34209 WRITEUP CRITICAL WORKING POC
TOTOLINK CP450 <4.1.0cu.747 - Buffer Overflow
TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setIpPortFilterRules function.
CVSS 9.8
CVE-2024-34210 WRITEUP HIGH WORKING POC
TOTOLINK outdoor CPE CP450 <v4.1.0cu.747_B20191224 - Command Injection
TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the CloudACMunualUpdate function via the FileName parameter.
CVSS 7.3
CVE-2024-34211 WRITEUP HIGH WORKING POC
TOTOLINK CP450 <4.1.0cu.747_B20191224 - Info Disclosure
TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root.
CVSS 8.8
CVE-2024-34212 WRITEUP HIGH WORKING POC
TOTOLINK CP450 <4.1.0cu.747 - Buffer Overflow
TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the CloudACMunualUpdate function.
CVSS 7.3
CVE-2024-34213 WRITEUP CRITICAL WORKING POC
TOTOLINK CP450 <4.1.0cu.747_B20191224 - Buffer Overflow
TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the SetPortForwardRules function.
CVSS 9.8
CVE-2024-34215 WRITEUP HIGH WORKING POC
TOTOLINK CP450 <4.1.0cu.747 - Buffer Overflow
TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setUrlFilterRules function.
CVSS 7.3
CVE-2024-34217 WRITEUP HIGH WORKING POC
TOTOLINK CP450 <4.1.0cu.747 - Buffer Overflow
TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the addWlProfileClientMode function.
CVSS 7.7
CVE-2024-34218 WRITEUP LOW WORKING POC
TOTOLINK outdoor CPE CP450 <4.1.0cu.747_B20191224 - Command Injection
TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter.
CVSS 3.8
CVE-2024-34219 WRITEUP HIGH WORKING POC
TOTOLINK CP450 - Command Injection
TOTOLINK CP450 V4.1.0cu.747_B20191224 was discovered to contain a vulnerability in the SetTelnetCfg function, which allows attackers to log in through telnet.
CVSS 8.6
CVE-2025-29743 WRITEUP MEDIUM WRITEUP
Dlink Dir-816 Firmware - Command Injection
D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in /goform/delRouting.
CVSS 6.5
CVE-2025-44835 WRITEUP MEDIUM WORKING POC
Dlink Dir-816 A2 Firmware - Command Injection
D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in iptablesWebsFilterRun, which allows remote attackers to execute arbitrary commands via shell.
CVSS 6.3
CVE-2025-44836 WRITEUP MEDIUM WORKING POC
Totolink Cp900 Firmware - Command Injection
TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the setApRebootScheCfg function via the hour or minute parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS 6.3
CVE-2025-44837 WRITEUP MEDIUM WORKING POC
Totolink Cp900 Firmware - Command Injection
TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url or magicid parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS 6.3