Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2024
CVE-2024-6788
A remote unauthenticated attacker can use the firmware update feature on the LAN interface of the device to reset the password for the predefined, low-privileged user “user-app” to the default password.
CVSS Score
8.6
EPSS Score
0.045
Published
2024-08-13
CVE-2024-42740
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setLedCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.
CVSS Score
6.8
EPSS Score
0.005
Published
2024-08-13
CVE-2024-42736
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in addBlacklist. Authenticated Attackers can send malicious packet to execute arbitrary commands.
CVSS Score
7.8
EPSS Score
0.01
Published
2024-08-13
CVE-2024-42737
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in delBlacklist. Authenticated Attackers can send malicious packet to execute arbitrary commands.
CVSS Score
8.8
EPSS Score
0.07
Published
2024-08-13
CVE-2024-42738
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setDmzCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.
CVSS Score
8.8
EPSS Score
0.054
Published
2024-08-13
CVE-2024-42739
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setAccessDeviceCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.
CVSS Score
8.8
EPSS Score
0.054
Published
2024-08-13
CVE-2024-41623
An issue in D3D Security D3D IP Camera (D8801) v.V9.1.17.1.4-20180428 allows a local attacker to execute arbitrary code via a crafted payload
CVSS Score
9.8
EPSS Score
0.007
Published
2024-08-13
CVE-2024-5849
An unauthenticated remote attacker may use a reflected XSS vulnerability to obtain information from a user or reboot the affected device once.
CVSS Score
7.1
EPSS Score
0.006
Published
2024-08-13
CVE-2024-38501
An unauthenticated remote attacker may use a HTML injection vulnerability with limited length to inject malicious HTML code and gain low-privileged access on the affected device.
CVSS Score
6.1
EPSS Score
0.004
Published
2024-08-13
CVE-2024-38502
An unauthenticated remote attacker may use stored XSS vulnerability to obtain information from a user or reboot the affected device once.
CVSS Score
7.1
EPSS Score
0.006
Published
2024-08-13


Products
Pricing
Contact Us

Shodan ® - All rights reserved