CVE-2024-41622 : D-LINK DIR-846W A1 FW100A43 /HNAP1/ TOMOGRAPHY_PING_ADDRESS OS COMMAND INJECTION

Description

D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the tomography_ping_address parameter in /HNAP1/ interface.

References

https://www.dlink.com/en/security-bulletin/

http://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DIR-846W

https://github.com/yali-1002/some-poc/blob/main/CVE-2024-41622

For More Information

CVERecord

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2024-12728 : SOPHOS FIREWALL UP TO 20.0 MR2 SSH WEAK CREDENTIALS

CVE-2024-12728 : SOPHOS FIREWALL UP TO 20.0 MR2 SSH WEAK CREDENTIALS

Description A weak credentials vulnerability potentially allows privileged system access via SSH to Sophos Firewall older than version 20.0 MR3

CVE-2021-26102 : FORTINET FORTIWAN UP TO 4.4.1/4.5.7 POST REQUEST AUTHENTICATION BYPASS

CVE-2021-26102 : FORTINET FORTIWAN UP TO 4.4.1/4.5.7 POST REQUEST AUTHENTICATION BYPASS

Description A relative path traversal vulnerability (CWE-23) in FortiWAN version 4.5.7 and below, 4.4 all versions may allow a remote

CVE-2024-35141 : IBM SECURITY VERIFY ACCESS DOCKER UP TO 10.0.6 UNNECESSARY PRIVILEGES

CVE-2024-35141 : IBM SECURITY VERIFY ACCESS DOCKER UP TO 10.0.6 UNNECESSARY PRIVILEGES

Description IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to