CVE-2024-34204 |
Description: TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the setUpgradeFW function via the FileName parameter.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
CVE-2024-34203 |
Description: TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setLanguageCfg function.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
CVE-2024-34202 |
Description: TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setMacFilterRules function.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
CVE-2024-34201 |
Description: TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the getSaveConfig function.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
CVE-2024-34200 |
Description: TOTOLINK CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setIpQosRules function.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
CVE-2024-34199 |
Description: TinyWeb 1.94 and below allows unauthenticated remote attackers to cause a denial of service (Buffer Overflow) when sending excessively large elements in the request line.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
CVE-2024-34196 |
Description: Totolink AC1200 Wireless Dual Band Gigabit Router A3002RU_V3 Firmware V3.0.0-B20230809.1615 is vulnerable to Buffer Overflow. The "boa" program allows attackers to modify the value of the "vwlan_idx" field via "formMultiAP". This can lead to a stack overflow through the "formWlEncrypt" CGI function by constructing malicious HTTP requests and passing a WLAN SSID value exceeding the expected length, potentially resulting in command execution or denial of service attacks.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
CVE-2024-34193 |
Description: smanga 3.2.7 does not filter the file parameter at the PHP/get file flow.php interface, resulting in a path traversal vulnerability that can cause arbitrary file reading.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
CVE-2024-34191 |
Description: htmly v2.9.6 was discovered to contain an arbitrary file deletion vulnerability via the delete_post() function at admin.php. This vulnerability allows attackers to delete arbitrary files via a crafted request.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
CVE-2024-34161 |
Description: When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory.
CVSS: MEDIUM (5.3) EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|