Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In November 2023
CVE-2023-6070
A server-side request forgery vulnerability in ESM prior to version 11.6.8 allows a low privileged authenticated user to upload arbitrary content, potentially altering configuration. This is possible through the certificate validation functionality where the API accepts uploaded content and doesn't parse for invalid data
CVSS Score
4.3
EPSS Score
0.001
Published
2023-11-29
CVE-2023-45479
Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the list parameter in the function sub_49E098.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-11-29
CVE-2023-45480
Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the src parameter in the function sub_47D878.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-11-29
CVE-2023-45481
Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the firewallEn parameter in the function SetFirewallCfg.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-11-29
CVE-2023-45482
Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the urls parameter in the function get_parentControl_list_Info.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-11-29
CVE-2023-45483
Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the time parameter in the function compare_parentcontrol_time.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-11-29
CVE-2023-45484
Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the shareSpeed parameter in the function fromSetWifiGuestBasic.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-11-29
CVE-2023-47462
Insecure Permissions vulnerability in GL.iNet AX1800 v.3.215 and before allows a remote attacker to execute arbitrary code via the file sharing function.
CVSS Score
9.8
EPSS Score
0.034
Published
2023-11-29
CVE-2023-46886
Dreamer CMS before version 4.0.1 is vulnerable to Directory Traversal. Background template management allows arbitrary modification of the template file, allowing system sensitive files to be read.
CVSS Score
9.1
EPSS Score
0.006
Published
2023-11-29
CVE-2023-46887
In Dreamer CMS before 4.0.1, the backend attachment management office has an Arbitrary File Download vulnerability.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-11-29


Products
Pricing
Contact Us

Shodan ® - All rights reserved