Exploit Database

145,370 exploits tracked across all sources.

Sort: Activity Stars
CVE-2024-53944 WRITEUP CRITICAL
Tuoshi/Dionlink LT15D/LT21B - Command Injection
An issue was discovered on Tuoshi/Dionlink LT15D 4G Wi-Fi devices through M7628NNxlSPv2xUI_v1.0.1802.10.08_P4 and LT21B devices through M7628xUSAxUIv2_v1.0.1481.15.02_P0. A unauthenticated remote attacker with network access can exploit a command injection vulnerability. The /goform/formJsonAjaxReq endpoint fails to sanitize shell metacharacters sent via JSON parameters, thus allowing attackers to execute arbitrary OS commands with root privileges.
CVSS 9.8
CVE-2024-53943 WRITEUP MEDIUM
NRadio N8-180 NROS-1.9.2.n3.c5 - XSS
An issue was discovered in NRadio N8-180 NROS-1.9.2.n3.c5 devices. The /cgi-bin/luci/nradio/basic/radio endpoint is vulnerable to XSS via the 2.4 GHz and 5 GHz name parameters, allowing an attacker to execute JavaScript within the context of the current user by injecting JavaScript into the SSID field. If an administrator logs into the device, the injected script runs in their browser, executing the malicious payload.
CVSS 6.1
CVE-2024-53942 WRITEUP MEDIUM
NRadio N8-180 NROS-1.9.2.n3.c5 - Command Injection
An issue was discovered on NRadio N8-180 NROS-1.9.2.n3.c5 devices. The /cgi-bin/luci/nradio/basic/radio endpoint is vulnerable to command injection via the 2.4 GHz and 5 GHz name parameters, allowing a remote attacker to execute arbitrary OS commands on the device (with root-level permissions) via crafted input.
CVSS 4.8
CVE-2024-53941 WRITEUP HIGH
Victure RX1800 WiFi 6 Router EN_1.0.0_r12_110933 - Info Disclosure
An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. A remote attacker (in proximity to a Wi-Fi network) can derive the default Wi-Fi PSK value via the last 4 octets of the BSSID.
CVSS 8.8
CVE-2024-53939 WRITEUP HIGH
Victure RX1800 WiFi 6 Router - Command Injection
An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. The /cgi-bin/luci/admin/opsw/Dual_freq_un_apple endpoint is vulnerable to command injection through the 2.4 GHz and 5 GHz name parameters, allowing an attacker to execute arbitrary commands on the device (with root-level permissions) via crafted input.
CVSS 8.8
CVE-2024-53939 WRITEUP HIGH
Victure RX1800 WiFi 6 Router - Command Injection
An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. The /cgi-bin/luci/admin/opsw/Dual_freq_un_apple endpoint is vulnerable to command injection through the 2.4 GHz and 5 GHz name parameters, allowing an attacker to execute arbitrary commands on the device (with root-level permissions) via crafted input.
CVSS 8.8
CVE-2024-53938 WRITEUP HIGH
Victure RX1800 WiFi 6 Router - Info Disclosure
An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. The TELNET service is enabled by default and exposed over the LAN. The root account is accessible without a password, allowing attackers to achieve full control over the router remotely without any authentication.
CVSS 8.8
CVE-2024-53937 WRITEUP HIGH
Victure RX1800 WiFi 6 Router EN_V1.0.0_r12_110933 - RCE
An issue was discovered on Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. The TELNET service is enabled by default with admin/admin as default credentials and is exposed over the LAN. The allows attackers to execute arbitrary commands with root-level permissions. Device setup does not require this password to be changed during setup in order to utilize the device. (However, the TELNET password is dictated by the current GUI password.)
CVSS 8.8
CVE-2024-45242 WRITEUP HIGH
EnGenius ENH1350EXT - Command Injection
EnGenius ENH1350EXT A8J-ENH1350EXT devices through 3.9.3.2_c1.9.51 allow (blind) OS Command Injection via shell metacharacters to the Ping or Speed Test utility. During the time of initial setup, the device creates an open unsecured network whose admin panel is configured with the default credentials of admin/admin. An unauthorized attacker in proximity to the Wi-Fi network can exploit this window of time to execute arbitrary OS commands with root-level permissions.
CVSS 7.8
CVE-2024-39345 WRITEUP HIGH
AdTran SDG SmartOS < 12.1.3.1 - Unauthenticated Remote Code Execution via Hardcoded Support Account
AdTran 834-5 HDC17600021F1 (SmartOS 11.1.1.1) devices enable the SSH service by default and have a hidden, undocumented, hard-coded support account whose password is based on the devices MAC address. All of the devices internet interfaces share a similar MAC address that only varies in their final octet. This allows network-adjacent attackers to derive the support user's SSH password by decrementing the final octet of the connected gateway address or via the BSSID. An attacker can then execute arbitrary OS commands with root-level privileges. NOTE: The vendor states that there is no intended functionality allowing an attacker to execute arbitrary OS Commands with root-level privileges. The vendor also states that this issue was fixed in SmartOS 12.5.5.1.
CVSS 7.2
CVE-2024-31977 WRITEUP HIGH
Adtran 834-5 <11.1.0.101 - Command Injection
Adtran 834-5 11.1.0.101-202106231430, and fixed as of SmartOS Version 12.6.3.1, devices allow OS Command Injection via shell metacharacters to the Ping or Traceroute utility.
CVSS 8.8
CVE-2024-31976 WRITEUP HIGH
EnGenius EWS356-FIR <=1.1.30 - Controller Parameter OS Command Injection
EnGenius EWS356-FIR 1.1.30 and earlier devices allow a remote attacker to execute arbitrary OS commands via the Controller connectivity parameter.
CVSS 8.0
CVE-2024-31971 WRITEUP MEDIUM
AdTran NetVanta 3120 Firmware 18.01.01.00.E - Stored Cross-Site Scripting
Multiple stored cross-site scripting (XSS) vulnerabilities on AdTran NetVanta 3120 18.01.01.00.E devices allow remote attackers to inject arbitrary JavaScript, as demonstrated by /mainPassword.html, /processIdentity.html, /public.html, /dhcp.html, /private.html, /hostname.html, /connectivity.html, /NetworkMonitor.html, /trafficMonitoringConfig.html, and /wizardMain.html.
CVSS 4.8
CVE-2024-31970 WRITEUP HIGH
AdTran SRG 834-5 HDC17600021F1 - Privilege Escalation
AdTran SRG 834-5 HDC17600021F1 devices (with SmartOS 11.1.1.1 and fixed in Version 12.1.3.1) have SSH enabled by default, accessible both over the LAN and the Internet. During a window of time when the device is being set up, it uses a default username and password combination of admin/admin with root-level privileges. An attacker can exploit this window to gain unauthorized root access by either modifying the existing admin account or creating a new account with equivalent privileges. This vulnerability allows attackers to execute arbitrary commands. NOTE: The vendor has disputed this, finding the report not applicable. According to AdTran, SSH has never been accessible (from WAN) on SmartOS official builds. Furthermore, the vendor adds that test build 11.1.0.101-202106231430 was never released to end users.
CVSS 8.8
CVE-2024-28093 WRITEUP HIGH
AdTran NetVanta 3120 - Info Disclosure
The TELNET service of AdTran NetVanta 3120 18.01.01.00.E devices is enabled by default, and has default credentials for a root-level account.
CVSS 8.8
CVE-2024-28089 WRITEUP MEDIUM
Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 - Stored Cross-Site Scripting in Device Location Page
Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 devices allow a remote attacker within Wi-Fi proximity (who has access to the router admin panel) to conduct a DOM-based stored XSS attack that can fetch remote resources. The payload is executed at index.html#advanced_location (aka the Device Location page). This can cause a denial of service or lead to information disclosure.
CVSS 5.2
CVE-2024-28089 WRITEUP MEDIUM
Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 - Stored Cross-Site Scripting in Device Location Page
Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 devices allow a remote attacker within Wi-Fi proximity (who has access to the router admin panel) to conduct a DOM-based stored XSS attack that can fetch remote resources. The payload is executed at index.html#advanced_location (aka the Device Location page). This can cause a denial of service or lead to information disclosure.
CVSS 5.2
CVE-2024-25729 WRITEUP HIGH
Arris SBG6580 - Weak Password Requirements via Predictable WPA2 Default Credentials
Arris SBG6580 devices have predictable default WPA2 security passwords that could lead to unauthorized remote access. (They use the first 6 characters of the SSID and the last 6 characters of the BSSID, decrementing the last octet.)
CVSS 8.8
CVE-2023-49003 WRITEUP MEDIUM
Simple Mobile Tools Simple Dialer <5.18.1 - Auth Bypass
An issue in simplemobiletools Simple Dialer 5.18.1 allows an attacker to bypass intended access restrictions via interaction with com.simplemobiletools.dialer.activities.DialerActivity.
CVSS 5.3
CVE-2023-49002 WRITEUP HIGH
Xenom Technologies Phone Dialer-voice Call Dialer - Access Restriction Bypass
An issue in Xenom Technologies (sinous) Phone Dialer-voice Call Dialer v.1.2.5 allows an attacker to bypass intended access restrictions via interaction with com.funprime.calldialer.ui.activities.OutgoingActivity.
CVSS 7.5
CVE-2023-42471 WRITEUP CRITICAL
wave.ai.browser < 1.0.35 - Remote Code Execution via Crafted Intent
The wave.ai.browser application through 1.0.35 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. It contains a manifest entry that exports the wave.ai.browser.ui.splash.SplashScreen activity. This activity uses a WebView component to display web content and doesn't adequately validate or sanitize the URI or any extra data passed in the intent by a third party application (with no permissions).
CVSS 9.8
CVE-2023-42470 WRITEUP CRITICAL
Imou Life < 6.8.0 - Remote Code Execution via Exported MainActivity Component
The Imou Life com.mm.android.smartlifeiot application through 6.8.0 for Android allows Remote Code Execution via a crafted intent to an exported component. This relates to the com.mm.android.easy4ip.MainActivity activity. JavaScript execution is enabled in the WebView, and direct web content loading occurs.
CVSS 9.8
CVE-2023-42469 WRITEUP LOW
full_dialer <= 1.0.1 - Unauthenticated Phone Call Placement via Crafted Intent
The com.full.dialer.top.secure.encrypted application through 1.0.1 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.full.dialer.top.secure.encrypted.activities.DialerActivity component.
CVSS 3.3
CVE-2023-42468 WRITEUP MEDIUM
color_phone <= 2.1.8-2 - Unauthenticated Phone Call Initiation via Exported DialerActivity Component
The com.cutestudio.colordialer application through 2.1.8-2 for Android allows a remote attacker to initiate phone calls without user consent, because of improper export of the com.cutestudio.dialer.activities.DialerActivity component. A third-party application (without any permissions) can craft an intent targeting com.cutestudio.dialer.activities.DialerActivity via the android.intent.action.CALL action in conjunction with a tel: URI, thereby placing a phone call.
CVSS 5.3
CVE-2023-36351 WRITEUP HIGH
Viatom Health ViHealth <2.74.58 - RCE
An issue in Viatom Health ViHealth for Android v.2.74.58 and before allows a remote attacker to execute arbitrary code via the com.viatom.baselib.mvvm.webWebViewActivity component.
CVSS 7.8