s4ndw1ch136

17 exploits Active since Jun 2024
CVE-2024-37631 WRITEUP HIGH WORKING POC
TOTOLINK A3700R V9.1.2u.6165_20211012 - Stack-based Buffer Overflow via UploadCustomModule File Parameter
TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via the File parameter in function UploadCustomModule.
CVSS 8.8
CVE-2024-37632 WRITEUP CRITICAL WRITEUP
TOTOLINK A3700R V9.1.2u.6165_20211012 - Stack-based Buffer Overflow via loginAuth Password Parameter
TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via the password parameter in function loginAuth .
CVSS 9.8
CVE-2024-37633 WRITEUP HIGH WRITEUP
TOTOLINK A3700R V9.1.2u.6165_20211012 - Stack-based Buffer Overflow via SSID in setWiFiGuestCfg
TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiGuestCfg
CVSS 8.8
CVE-2024-37634 WRITEUP CRITICAL WRITEUP
TOTOLINK A3700R V9.1.2u.6165_20211012 - Stack-based Buffer Overflow via SSID in setWiFiEasyCfg
TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiEasyCfg.
CVSS 9.8
CVE-2024-37635 WRITEUP CRITICAL WRITEUP
TOTOLINK A3700R V9.1.2u.6165_20211012 - Stack-based Buffer Overflow via SSID in setWiFiBasicCfg
TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiBasicCfg
CVSS 9.8
CVE-2024-37637 WRITEUP CRITICAL WRITEUP
TOTOLINK A3700R V9.1.2u.6165_20211012 - Stack Overflow in setWizardCfg via ssid5g
TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid5g in the function setWizardCfg.
CVSS 9.8
CVE-2024-37639 WRITEUP HIGH WRITEUP
TOTOLINK A3700R V9.1.2u.6165_20211012 - Stack-based Buffer Overflow via eport in setIpPortFilterRules
TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via eport in the function setIpPortFilterRules.
CVSS 8.8
CVE-2024-37640 WRITEUP HIGH WORKING POC
TOTOLINK A3700R V9.1.2u.6165_20211012 - Stack-based Buffer Overflow via ssid5g in setWiFiEasyGuestCfg
TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid5g in the function setWiFiEasyGuestCfg.
CVSS 8.8
CVE-2024-37641 WRITEUP HIGH WORKING POC
TRENDnet TEW-814DAP v1_(FW1.01B01) - Stack-based Buffer Overflow via submit-url Parameter
TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow via the submit-url parameter at /formNewSchedule
CVSS 8.8
CVE-2024-37642 WRITEUP CRITICAL WORKING POC
TRENDnet TEW-814DAP v1_(FW1.01B01) - OS Command Injection via ipv4_ping and ipv6_ping Parameters
TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a command injection vulnerability via the ipv4_ping, ipv6_ping parameter at /formSystemCheck .
CVSS 9.1
CVE-2024-37643 WRITEUP HIGH WORKING POC
TRENDnet TEW-814DAP v1_(FW1.01B01) - Stack-based Buffer Overflow via submit-url Parameter
TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow vulnerability via the submit-url parameter at /formPasswordAuth .
CVSS 8.8
CVE-2024-37645 WRITEUP HIGH WORKING POC
TRENDnet TEW-814DAP v1_(FW1.01B01) - Stack-based Buffer Overflow via submit-url Parameter
TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow vulnerability via the submit-url parameter at /formSysLog .
CVSS 8.8
CVE-2024-38892 WRITEUP MEDIUM WRITEUP
Wavlink WN551K1 - Exposure of Sensitive Information via ExportAllSettings.sh
An issue in Wavlink WN551K1 allows a remote attacker to obtain sensitive information via the ExportAllSettings.sh component.
CVSS 6.5
CVE-2024-38894 WRITEUP MEDIUM WRITEUP
WAVLINK WN551K1 - OS Command Injection via IP Parameter in touchlist_sync.cgi
WAVLINK WN551K1 found a command injection vulnerability through the IP parameter of /cgi-bin/touchlist_sync.cgi.
CVSS 5.3
CVE-2024-38895 WRITEUP MEDIUM WORKING POC
WAVLINK WN551K1 - Exposure of Sensitive Information via live_mfg.shtml
WAVLINK WN551K1'live_mfg.shtml enables attackers to obtain sensitive router information.
CVSS 5.3
CVE-2024-38896 WRITEUP MEDIUM WORKING POC
WAVLINK WN551K1 - OS Command Injection via nightled.cgi start_hour Parameter
WAVLINK WN551K1 found a command injection vulnerability through the start_hour parameter of /cgi-bin/nightled.cgi.
CVSS 5.3
CVE-2024-38903 WRITEUP MEDIUM WORKING POC
H3C Magic R230 V100R002 - OS Command Injection via UDP Port 9034
H3C Magic R230 V100R002's udpserver opens port 9034, allowing attackers to execute arbitrary commands.
CVSS 4.1