yanggao017

26 exploits Active since Jun 2024
CVE-2024-39207 WRITEUP HIGH WRITEUP
lua-shmem <1.0-1 - Buffer Overflow
lua-shmem v1.0-1 was discovered to contain a buffer overflow via the shmem_write function.
CVSS 8.2
CVE-2024-39208 WRITEUP CRITICAL WRITEUP
luci-app-lucky v2.8.3 - Info Disclosure
luci-app-lucky v2.8.3 was discovered to contain hardcoded credentials.
CVSS 9.8
CVE-2024-39209 WRITEUP MEDIUM WRITEUP
luci-app-sms-tool <1.9.6 - Command Injection
luci-app-sms-tool v1.9-6 was discovered to contain a command injection vulnerability via the score parameter.
CVSS 6.3
CVE-2024-41314 WRITEUP MEDIUM WRITEUP
Totolink A6000r Firmware - OS Command Injection
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function.
CVSS 6.8
CVE-2024-41315 WRITEUP MEDIUM WRITEUP
Totolink A6000r Firmware - OS Command Injection
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function.
CVSS 6.8
CVE-2024-41316 WRITEUP CRITICAL WRITEUP
Totolink A6000r Firmware - Command Injection
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function.
CVSS 9.8
CVE-2024-41317 WRITEUP HIGH WRITEUP
Totolink A6000r Firmware - OS Command Injection
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function.
CVSS 8.0
CVE-2024-41318 WRITEUP CRITICAL WRITEUP
Totolink A6000r Firmware - Command Injection
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function.
CVSS 9.8
CVE-2024-41320 WRITEUP HIGH WRITEUP
Totolink A6000r Firmware - Command Injection
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the get_apcli_conn_info function.
CVSS 8.8
CVE-2024-57211 WRITEUP HIGH WRITEUP
Totolink A6000r Firmware - Command Injection
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the modifyOne parameter in the enable_wsh function.
CVSS 8.0
CVE-2024-57212 WRITEUP MEDIUM WRITEUP
Totolink A6000r Firmware - Command Injection
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the opmode parameter in the action_reboot function.
CVSS 5.1
CVE-2024-57213 WRITEUP MEDIUM WRITEUP
Totolink A6000r Firmware - Command Injection
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the newpasswd parameter in the action_passwd function.
CVSS 6.3
CVE-2024-57222 WRITEUP MEDIUM WRITEUP
Linksys E7350 Firmware - Command Injection
Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function.
CVSS 6.3
CVE-2024-57223 WRITEUP CRITICAL WRITEUP
Linksys E7350 Firmware - Command Injection
Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function.
CVSS 9.8
CVE-2024-57224 WRITEUP CRITICAL WRITEUP
Linksys E7350 Firmware - Command Injection
Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function.
CVSS 9.8
CVE-2024-57225 WRITEUP CRITICAL WRITEUP
Linksys E7350 Firmware - Command Injection
Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function.
CVSS 9.8
CVE-2024-57226 WRITEUP HIGH WRITEUP
Linksys E7350 Firmware - Command Injection
Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the iface parameter in the vif_enable function.
CVSS 8.0
CVE-2024-57227 WRITEUP HIGH WRITEUP
Linksys E7350 Firmware - Command Injection
Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function.
CVSS 8.0
CVE-2024-57228 WRITEUP HIGH WRITEUP
Linksys E7350 Firmware - Command Injection
Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function.
CVSS 8.0
CVE-2024-57229 WRITEUP CRITICAL WRITEUP
Netgear Rax50 Firmware - Command Injection
NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function.
CVSS 9.8
CVE-2024-57230 WRITEUP CRITICAL WRITEUP
Netgear Rax50 Firmware - Command Injection
NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function.
CVSS 9.8
CVE-2024-57231 WRITEUP CRITICAL WRITEUP
Netgear Rax50 Firmware - Command Injection
NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function.
CVSS 9.8
CVE-2024-57232 WRITEUP CRITICAL WRITEUP
Netgear Rax50 Firmware - Command Injection
NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function.
CVSS 9.8
CVE-2024-57233 WRITEUP CRITICAL WRITEUP
Netgear Rax50 Firmware - Command Injection
NETGEAR RAX5 (AX1600 WiFi Router) v1.0.2.26 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function.
CVSS 9.8
CVE-2024-57234 WRITEUP CRITICAL WRITEUP
Netgear Rax50 Firmware - Command Injection
NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function.
CVSS 9.8