Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2024
CVE-2024-30590
Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the schedEndTime parameter of the setSchedWifi function.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-03-28
CVE-2024-30591
Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the time parameter of the saveParentControlInfo function.
CVSS Score
8.8
EPSS Score
0.002
Published
2024-03-28
CVE-2024-30592
Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the page parameter of the fromAddressNat function.
CVSS Score
8.0
EPSS Score
0.001
Published
2024-03-28
CVE-2024-30606
Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the page parameter of the fromDhcpListClient function.
CVSS Score
8.0
EPSS Score
0.001
Published
2024-03-28
CVE-2024-30607
Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the deviceId parameter of the saveParentControlInfo function.
CVSS Score
8.0
EPSS Score
0.001
Published
2024-03-28
CVE-2024-29200
Kimai is a web-based multi-user time-tracking application. The permission `view_other_timesheet` performs differently for the Kimai UI and the API, thus returning unexpected data through the API. When setting the `view_other_timesheet` permission to true, on the frontend, users can only see timesheet entries for teams they are a part of. When requesting all timesheets from the API, however, all timesheet entries are returned, regardless of whether the user shares team permissions or not. This vulnerability is fixed in 2.13.0.
CVSS Score
6.8
EPSS Score
0.002
Published
2024-03-28
CVE-2024-29882
SRS is a simple, high-efficiency, real-time video server. SRS's `/api/v1/vhosts/vid-<id>?callback=<payload>` endpoint didn't filter the callback function name which led to injecting malicious javascript payloads and executing XSS ( Cross-Site Scripting). This vulnerability is fixed in 5.0.210 and 6.0.121.
CVSS Score
7.2
EPSS Score
0.073
Published
2024-03-28
CVE-2024-29898
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. An oversight during the writing of the patch for CVE-2024-29897 may have exposed suppressed wiki requests to private wikis that added Special:RequestWikiQueue to the read whitelist to users without the `(read)` permission. This vulnerability is fixed in 8f8442ed5299510ea3e58416004b9334134c149c.
CVSS Score
4.9
EPSS Score
0.002
Published
2024-03-28
CVE-2024-30583
Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the mitInterface parameter of the fromAddressNat function.
CVSS Score
8.0
EPSS Score
0.002
Published
2024-03-28
CVE-2024-30594
Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceMac parameter of the addWifiMacFilter function.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-03-28


Products
Pricing
Contact Us

Shodan ® - All rights reserved