News aggregator

CVE-2018-17023

National Vulnerability Database - Thu, 09/13/2018 - 15:29
Cross-site request forgery (CSRF) vulnerability on ASUS GT-AC5300 routers with firmware through 3.0.0.4.384_32738 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request to start_apply.htm.
Categories: Security News

CVE-2018-17010

National Vulnerability Database - Thu, 09/13/2018 - 14:29
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wireless wlan_host_2g bandwidth.
Categories: Security News

CVE-2018-17011

National Vulnerability Database - Thu, 09/13/2018 - 14:29
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for hosts_info para sun.
Categories: Security News

CVE-2018-17012

National Vulnerability Database - Thu, 09/13/2018 - 14:29
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for hosts_info set_block_flag up_limit.
Categories: Security News

CVE-2018-17013

National Vulnerability Database - Thu, 09/13/2018 - 14:29
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for protocol wan wan_rate.
Categories: Security News

CVE-2018-17014

National Vulnerability Database - Thu, 09/13/2018 - 14:29
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for ip_mac_bind name.
Categories: Security News

CVE-2018-17015

National Vulnerability Database - Thu, 09/13/2018 - 14:29
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for ddns phddns username.
Categories: Security News

CVE-2018-17016

National Vulnerability Database - Thu, 09/13/2018 - 14:29
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for reboot_timer name.
Categories: Security News

CVE-2018-17017

National Vulnerability Database - Thu, 09/13/2018 - 14:29
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for dhcpd udhcpd enable.
Categories: Security News

CVE-2018-17018

National Vulnerability Database - Thu, 09/13/2018 - 14:29
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for time_switch name.
Categories: Security News

CVE-2018-17004

National Vulnerability Database - Thu, 09/13/2018 - 14:29
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wlan_access name.
Categories: Security News

CVE-2018-17005

National Vulnerability Database - Thu, 09/13/2018 - 14:29
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for firewall dmz enable.
Categories: Security News

CVE-2018-17006

National Vulnerability Database - Thu, 09/13/2018 - 14:29
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for firewall lan_manage mac2.
Categories: Security News

CVE-2018-17007

National Vulnerability Database - Thu, 09/13/2018 - 14:29
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wireless wlan_wds_2g ssid.
Categories: Security News

CVE-2018-17008

National Vulnerability Database - Thu, 09/13/2018 - 14:29
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wireless wlan_host_2g power.
Categories: Security News

CVE-2018-17009

National Vulnerability Database - Thu, 09/13/2018 - 14:29
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wireless wlan_host_2g isolate.
Categories: Security News

CVE-2018-16999

National Vulnerability Database - Thu, 09/13/2018 - 12:29
Netwide Assembler (NASM) 2.14rc15 has an invalid memory write (segmentation fault) in expand_smacro in preproc.c, which allows attackers to cause a denial of service via a crafted input file.
Categories: Security News

CVE-2018-17000

National Vulnerability Database - Thu, 09/13/2018 - 12:29
A NULL pointer dereference in the function _TIFFmemcmp at tif_unix.c (called from TIFFWriteDirectoryTagTransferfunction) in LibTIFF 4.0.9 allows an attacker to cause a denial-of-service through a crafted tiff file. This vulnerability can be triggered by the executable tiffcp.
Categories: Security News

CVE-2018-16741

National Vulnerability Database - Thu, 09/13/2018 - 12:29
An issue was discovered in mgetty before 1.2.1. In fax/faxq-helper.c, the function do_activate() does not properly sanitize shell metacharacters to prevent command injection. It is possible to use the ||, &&, or > characters within a file created by the "faxq-helper activate <jobid>" command.
Categories: Security News

CVE-2018-16742

National Vulnerability Database - Thu, 09/13/2018 - 12:29
An issue was discovered in mgetty before 1.2.1. In contrib/scrts.c, a stack-based buffer overflow can be triggered via a command-line parameter.
Categories: Security News

Pages