yanggao017

27 exploits Active since Jun 2024
CVE-2024-41319 WRITEUP CRITICAL WRITEUP
TOTOLINK A6000R V1.0.1-B20201211.2000 - OS Command Injection via Webcmd Function
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the cmd parameter in the webcmd function.
CVSS 9.8
CVE-2024-39207 WRITEUP HIGH WRITEUP
lua-shmem v1.0-1 - Buffer Overflow via shmem_write Function
lua-shmem v1.0-1 was discovered to contain a buffer overflow via the shmem_write function.
CVSS 8.2
CVE-2024-39208 WRITEUP CRITICAL WRITEUP
luci-app-lucky v2.8.3 - Info Disclosure
luci-app-lucky v2.8.3 was discovered to contain hardcoded credentials.
CVSS 9.8
CVE-2024-39209 WRITEUP MEDIUM WRITEUP
luci-app-sms-tool <1.9.6 - Command Injection
luci-app-sms-tool v1.9-6 was discovered to contain a command injection vulnerability via the score parameter.
CVSS 6.3
CVE-2024-41314 WRITEUP MEDIUM WRITEUP
TOTOLINK A6000R V1.0.1-B20201211.2000 - OS Command Injection via iface Parameter in vif_disable Function
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function.
CVSS 6.8
CVE-2024-41315 WRITEUP MEDIUM WRITEUP
TOTOLINK A6000R V1.0.1-B20201211.2000 - OS Command Injection via ifname Parameter in apcli_do_enr_pin_wps
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function.
CVSS 6.8
CVE-2024-41316 WRITEUP CRITICAL WRITEUP
TOTOLINK A6000R V1.0.1-B20201211.2000 - OS Command Injection via ifname Parameter
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function.
CVSS 9.8
CVE-2024-41317 WRITEUP HIGH WRITEUP
TOTOLINK A6000R V1.0.1-B20201211.2000 - OS Command Injection via ifname Parameter in apcli_do_enr_pbc_wps
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function.
CVSS 8.0
CVE-2024-41318 WRITEUP CRITICAL WRITEUP
TOTOLINK A6000R V1.0.1-B20201211.2000 - OS Command Injection via ifname Parameter
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function.
CVSS 9.8
CVE-2024-41320 WRITEUP HIGH WRITEUP
TOTOLINK A6000R V1.0.1-B20201211.2000 - OS Command Injection via ifname Parameter
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the get_apcli_conn_info function.
CVSS 8.8
CVE-2024-57211 WRITEUP HIGH WRITEUP
TOTOLINK A6000R V1.0.1-B20201211.2000 - OS Command Injection via modifyOne Parameter
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the modifyOne parameter in the enable_wsh function.
CVSS 8.0
CVE-2024-57212 WRITEUP MEDIUM WRITEUP
TOTOLINK A6000R V1.0.1-B20201211.2000 - OS Command Injection via opmode Parameter
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the opmode parameter in the action_reboot function.
CVSS 5.1
CVE-2024-57213 WRITEUP MEDIUM WRITEUP
TOTOLINK A6000R V1.0.1-B20201211.2000 - OS Command Injection via newpasswd Parameter
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the newpasswd parameter in the action_passwd function.
CVSS 6.3
CVE-2024-57222 WRITEUP MEDIUM WRITEUP
Linksys E7350 1.1.00.032 - OS Command Injection via apcli_cancel_wps ifname Parameter
Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function.
CVSS 6.3
CVE-2024-57223 WRITEUP CRITICAL WRITEUP
Linksys E7350 1.1.00.032 - OS Command Injection via apcli_wps_gen_pincode ifname Parameter
Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function.
CVSS 9.8
CVE-2024-57224 WRITEUP CRITICAL WRITEUP
Linksys E7350 1.1.00.032 - OS Command Injection via apcli_do_enr_pin_wps ifname Parameter
Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function.
CVSS 9.8
CVE-2024-57225 WRITEUP CRITICAL WRITEUP
Linksys E7350 1.1.00.032 - OS Command Injection via devname Parameter
Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function.
CVSS 9.8
CVE-2024-57226 WRITEUP HIGH WRITEUP
Linksys E7350 1.1.00.032 - OS Command Injection via iface Parameter in vif_enable Function
Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the iface parameter in the vif_enable function.
CVSS 8.0
CVE-2024-57227 WRITEUP HIGH WRITEUP
Linksys E7350 1.1.00.032 - OS Command Injection via ifname Parameter in apcli_do_enr_pbc_wps
Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function.
CVSS 8.0
CVE-2024-57228 WRITEUP HIGH WRITEUP
Linksys E7350 1.1.00.032 - OS Command Injection via iface Parameter in vif_disable Function
Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function.
CVSS 8.0
CVE-2024-57229 WRITEUP CRITICAL WRITEUP
NETGEAR RAX5 Firmware V1.0.2.26 - OS Command Injection via reset_wifi devname Parameter
NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function.
CVSS 9.8
CVE-2024-57230 WRITEUP CRITICAL WRITEUP
NETGEAR RAX5 Firmware 1.0.2.26 - OS Command Injection via apcli_do_enr_pin_wps ifname Parameter
NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function.
CVSS 9.8
CVE-2024-57231 WRITEUP CRITICAL WRITEUP
NETGEAR RAX5 Firmware V1.0.2.26 - OS Command Injection via apcli_do_enr_pbc_wps ifname Parameter
NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function.
CVSS 9.8
CVE-2024-57232 WRITEUP CRITICAL WRITEUP
NETGEAR RAX5 Firmware V1.0.2.26 - OS Command Injection via apcli_wps_gen_pincode ifname Parameter
NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function.
CVSS 9.8
CVE-2024-57233 WRITEUP CRITICAL WRITEUP
NETGEAR RAX5 Firmware 1.0.2.26 - OS Command Injection via iface Parameter in vif_disable Function
NETGEAR RAX5 (AX1600 WiFi Router) v1.0.2.26 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function.
CVSS 9.8