Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2024
CVE-2024-42736
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in addBlacklist. Authenticated Attackers can send malicious packet to execute arbitrary commands.
CVSS Score
7.8
EPSS Score
0.022
Published
2024-08-13
CVE-2024-42737
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in delBlacklist. Authenticated Attackers can send malicious packet to execute arbitrary commands.
CVSS Score
8.8
EPSS Score
0.204
Published
2024-08-13
CVE-2024-42738
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setDmzCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.
CVSS Score
8.8
EPSS Score
0.164
Published
2024-08-13
CVE-2024-42739
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setAccessDeviceCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.
CVSS Score
8.8
EPSS Score
0.128
Published
2024-08-13
CVE-2024-41623
An issue in D3D Security D3D IP Camera (D8801) v.V9.1.17.1.4-20180428 allows a local attacker to execute arbitrary code via a crafted payload
CVSS Score
9.8
EPSS Score
0.004
Published
2024-08-13
CVE-2024-5849
An unauthenticated remote attacker may use a reflected XSS vulnerability to obtain information from a user or reboot the affected device once.
CVSS Score
7.1
EPSS Score
0.003
Published
2024-08-13
CVE-2024-38501
An unauthenticated remote attacker may use a HTML injection vulnerability with limited length to inject malicious HTML code and gain low-privileged access on the affected device.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-08-13
CVE-2024-38502
An unauthenticated remote attacker may use stored XSS vulnerability to obtain information from a user or reboot the affected device once.
CVSS Score
7.1
EPSS Score
0.003
Published
2024-08-13
CVE-2024-3913
An unauthenticated remote attacker can use this vulnerability to change the device configuration due to a file writeable for short time after system startup.
CVSS Score
5.9
EPSS Score
0.001
Published
2024-08-13
CVE-2024-43153
Improper Privilege Management vulnerability in WofficeIO Woffice allows Privilege Escalation.This issue affects Woffice: from n/a through 5.4.10.
CVSS Score
9.8
EPSS Score
0.003
Published
2024-08-13


Products
Pricing
Contact Us

Shodan ® - All rights reserved