IOT安全情报
CVE编号 | 描述 | CVSSV3评分 | 日期 | 厂商 | 操作 |
---|---|---|---|---|---|
CVE-2022-29383 | NETGEAR ProSafe SSL VPN firmware FVS336Gv2 and FVS336Gv3 was discovered to contain a SQL injection vulnerability via USERDBDomains.Domainname at cgi-bin/platform.cgi. | ---- | 2022-05-13 | Netgear | 查看详情 |
CVE-2022-23139 | ZTE's ZXMP M721 product has a permission and access control vulnerability. Since the folder permission viewed by sftp is 666, which is inconsistent with the actual permission. It’s easy for?users to?ignore the modification?of?the file permission configuration, so that low-authority accounts could actually obtain higher operating permissions on key files. | ---- | 2022-05-12 | ZTE | 查看详情 |
CVE-2021-36614 | Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the tr069-client process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). | ---- | 2022-05-11 | MikroTik | 查看详情 |
CVE-2022-30040 | Tenda AX1803 v1.0.0.1_2890 is vulnerable to Buffer Overflow. The vulnerability lies in rootfs_ In / goform / setsystimecfg of / bin / tdhttpd in ubif file system, attackers can access http://ip/goform/SetSysTimeCfg, and by setting the ntpserve parameter, the stack buffer overflow can be caused to achieve the effect of router denial of service. | ---- | 2022-05-11 | Tenda | 查看详情 |
CVE-2021-36613 | Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the ptp process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). | ---- | 2022-05-11 | MikroTik | 查看详情 |
CVE-2022-23137 | ZTE's ZXCDN product has a reflective XSS vulnerability. The attacker could modify the parameters in the content clearing request url, and when a user clicks the url, an XSS attack will be triggered. | ---- | 2022-05-11 | ZTE | 查看详情 |
CVE-2022-29326 | D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addhostfilter parameter in /goform/websHostFilter. | ---- | 2022-05-10 | D-Link | 查看详情 |
CVE-2022-29324 | D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the proto parameter in /goform/form2IPQoSTcAdd. | ---- | 2022-05-10 | D-Link | 查看详情 |
CVE-2022-29327 | D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the urladd parameter in /goform/websURLFilterAddDel. | ---- | 2022-05-10 | D-Link | 查看详情 |
CVE-2022-29329 | D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain a heap overflow via the devicename parameter in /goform/setDeviceSettings. | ---- | 2022-05-10 | D-Link | 查看详情 |
CVE-2022-29591 | Tenda TX9 Pro 22.03.02.10 devices have a SetNetControlList buffer overflow. | ---- | 2022-05-10 | Tenda | 查看详情 |
CVE-2022-29325 | D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addurlfilter parameter in /goform/websURLFilter. | ---- | 2022-05-10 | D-Link | 查看详情 |