| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-21029 | Cri | 0.00 | 9.8 | 0.03 | Oct 30, 2019 | systemd 239 through 245 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. Server Name Indication (SNI) is not sent, and there is no hostname validation with the GnuTLS backend. NOTE: This has been disputed by the developer as not a vulnerability… | ||
| CVE-2012-0694 | Cri | 0.72 | 9.8 | 0.67 | Oct 29, 2019 | SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which allows remote attackers to execute arbitrary PHP code. | ||
| CVE-2019-8287 | Cri | 0.65 | 9.8 | 0.19 | Oct 29, 2019 | TightVNC code version 1.3.10 contains global buffer overflow in HandleCoRREBBP macro function, which can potentially result code execution. This attack appear to be exploitable via network connectivity. | ||
| CVE-2019-18624 | Cri | 0.64 | 9.8 | 0.01 | Oct 29, 2019 | Opera Mini for Android allows attackers to bypass intended restrictions on .apk file download/installation via an RTLO (aka Right to Left Override) approach, as demonstrated by misinterpretation of malicious%E2%80%AEtxt.apk as maliciouskpa.txt. This affects 44.1.2254.142553,… | ||
| CVE-2019-18604 | Cri | 0.57 | 9.8 | 0.02 | Oct 29, 2019 | In axohelp.c before 1.3 in axohelp in axodraw2 before 2.1.1b, as distributed in TeXLive and other collections, sprintf is mishandled. | ||
| CVE-2019-15683 | Cri | 0.02 | 9.8 | 0.19 | Oct 29, 2019 | TurboVNC server code contains stack buffer overflow vulnerability in commit prior to cea98166008301e614e0d36776bf9435a536136e. This could possibly result into remote code execution, since stack frame is not protected with stack canary. This attack appear to be exploitable via… | ||
| CVE-2019-15679 | Cri | 0.65 | 9.8 | 0.13 | Oct 29, 2019 | TightVNC code version 1.3.10 contains heap buffer overflow in InitialiseRFBConnection function, which can potentially result code execution. This attack appear to be exploitable via network connectivity. | ||
| CVE-2019-15678 | Cri | 0.65 | 9.8 | 0.13 | Oct 29, 2019 | TightVNC code version 1.3.10 contains heap buffer overflow in rfbServerCutText handler, which can potentially result code execution.. This attack appear to be exploitable via network connectivity. | ||
| CVE-2019-10749 | Cri | 0.57 | 9.8 | 0.01 | Oct 29, 2019 | sequelize before version 3.35.1 allows attackers to perform a SQL Injection due to the JSON path keys not being properly sanitized in the Postgres dialect. | ||
| CVE-2019-10748 | Cri | 0.57 | 9.8 | 0.01 | Oct 29, 2019 | Sequelize all versions prior to 3.35.1, 4.44.3, and 5.8.11 are vulnerable to SQL Injection due to JSON path keys not being properly escaped for the MySQL/MariaDB dialects. | ||
| CVE-2019-10211 | Cri | 0.64 | 9.8 | 0.02 | Oct 29, 2019 | Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via bundled OpenSSL executing code from unprotected directory. | ||
| CVE-2012-1187 | Cri | 0.64 | 9.8 | 0.02 | Oct 29, 2019 | Bitlbee does not drop extra group privileges correctly in unix.c | ||
| CVE-2010-3375 | Cri | 0.64 | 9.8 | 0.02 | Oct 29, 2019 | qtparted has insecure library loading which may allow arbitrary code execution | ||
| CVE-2009-3887 | Cri | 0.64 | 9.8 | 0.03 | Oct 29, 2019 | ytnef has directory traversal | ||
| CVE-2019-18189 | Cri | 0.64 | 9.8 | 0.05 | Oct 28, 2019 | A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product's management console as a root user. The vulnerability does not… | ||
| CVE-2019-17181 | Cri | 0.71 | 9.8 | 0.49 | Oct 28, 2019 | A remote SEH buffer overflow has been discovered in IntraSrv 1.0 (2007-06-03). An attacker may send a crafted HTTP GET or HEAD request that can result in a compromise of the hosting system. | ||
| CVE-2019-14450 | Cri | 0.65 | 9.8 | 0.10 | Oct 28, 2019 | A directory traversal vulnerability was discovered in RepetierServer.exe in Repetier-Server 0.8 through 0.91 that allows for the creation of a user controlled XML file at an unintended location. When this is combined with CVE-2019-14451, an attacker can upload an "external… | ||
| CVE-2019-16897 | — | Cri | 0.64 | 9.8 | 0.02 | Oct 28, 2019 | In K7 Antivirus Premium 16.0.xxx through 16.0.0120; K7 Total Security 16.0.xxx through 16.0.0120; and K7 Ultimate Security 16.0.xxx through 16.0.0120, the module K7TSHlpr.dll improperly validates the administrative privileges of the user, allowing arbitrary registry writes in… | |
| CVE-2010-4239 | Cri | 0.65 | 9.8 | 0.13 | Oct 28, 2019 | Tiki Wiki CMS Groupware 5.2 has Local File Inclusion | ||
| CVE-2009-4899 | Cri | 0.64 | 9.8 | 0.01 | Oct 28, 2019 | pixelpost 1.7.1 has SQL injection | ||
| CVE-2002-2444 | Cri | 0.57 | 9.8 | 0.02 | Oct 28, 2019 | Snoopy before 2.0.0 has a security hole in exec cURL | ||
| CVE-2019-14931 | Cri | 0.71 | 9.8 | 0.58 | Oct 28, 2019 | An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote OS Command Injection vulnerability allows an attacker to execute arbitrary commands on the RTU due to the passing of unsafe user… | ||
| CVE-2019-14930 | Cri | 0.64 | 9.8 | 0.02 | Oct 28, 2019 | An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Undocumented hard-coded user passwords for root, ineaadmin, mitsadmin, and maint could allow an attacker to gain unauthorised access to the RTU. (Also, the… | ||
| CVE-2019-14929 | Cri | 0.64 | 9.8 | 0.02 | Oct 28, 2019 | An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Stored cleartext passwords could allow an unauthenticated attacker to obtain configured username and password combinations on the RTU due to the weak… | ||
| CVE-2019-14926 | Cri | 0.64 | 9.8 | 0.02 | Oct 28, 2019 | An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Hard-coded SSH keys allow an attacker to gain unauthorised access or disclose encrypted data on the RTU due to the keys not being regenerated on initial… | ||
| CVE-2019-16662 | Cri | 0.75 | 9.8 | 0.98 | Oct 28, 2019 | An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution. | ||
| CVE-2017-14742 | Cri | 0.64 | 9.8 | 0.03 | Oct 25, 2019 | Buffer overflow in LabF nfsAxe FTP client 3.7 allows an attacker to execute code remotely. | ||
| CVE-2019-5129 | Cri | 0.67 | 9.8 | 0.39 | Oct 25, 2019 | A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The… | ||
| CVE-2019-5128 | Cri | 0.66 | 9.8 | 0.30 | Oct 25, 2019 | A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The… | ||
| CVE-2019-5127 | Cri | 0.67 | 9.8 | 0.45 | Oct 25, 2019 | A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The… | ||
| CVE-2019-5114 | Cri | 0.64 | 9.9 | 0.01 | Oct 25, 2019 | An exploitable SQL injection vulnerability exists in the authenticated portion of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability,… | ||
| CVE-2019-13553 | Cri | 0.64 | 9.8 | 0.02 | Oct 25, 2019 | Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4. The authentication mechanism on affected systems is configured using hard-coded credentials. These credentials could allow attackers to influence the primary operations of the… | ||
| CVE-2019-16265 | Cri | 0.64 | 9.8 | 0.02 | Oct 25, 2019 | CODESYS V2.3 ENI server up to V3.2.2.24 has a Buffer Overflow. | ||
| CVE-2019-14451 | Cri | 0.64 | 9.8 | 0.04 | Oct 25, 2019 | RepetierServer.exe in Repetier-Server 0.8 through 0.91 does not properly validate the XML data structure provided when uploading a new printer configuration. When this is combined with CVE-2019-14450, an attacker can upload an "external command" configuration as a printer… | ||
| CVE-2013-4658 | Cri | 0.64 | 9.8 | 0.09 | Oct 25, 2019 | Linksys EA6500 has SMB Symlink Traversal allowing symbolic links to be created to locations outside of the Samba share. | ||
| CVE-2019-8088 | Cri | 0.64 | 9.8 | 0.06 | Oct 25, 2019 | Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. | ||
| CVE-2013-4857 | Cri | 0.64 | 9.8 | 0.02 | Oct 25, 2019 | D-Link DIR-865L has PHP File Inclusion in the router xml file. | ||
| CVE-2016-5202 | Cri | 0.59 | 9.1 | 0.01 | Oct 25, 2019 | browser/extensions/api/dial/dial_registry.cc in Google Chrome before 54.0.2840.98 on macOS, before 54.0.2840.99 on Windows, and before 54.0.2840.100 on Linux neglects to copy a device ID before an erase() call, which causes the erase operation to access data that that erase… | ||
| CVE-2016-2360 | Cri | 0.64 | 9.8 | 0.02 | Oct 25, 2019 | Milesight IP security cameras through 2016-11-14 have a default root password in /etc/shadow that is the same across different customers' installations. | ||
| CVE-2016-2359 | Cri | 0.64 | 9.8 | 0.03 | Oct 25, 2019 | Milesight IP security cameras through 2016-11-14 allow remote attackers to bypass authentication and access a protected resource by simultaneously making a request for the unprotected vb.htm resource. | ||
| CVE-2016-2358 | Cri | 0.64 | 9.8 | 0.02 | Oct 25, 2019 | Milesight IP security cameras through 2016-11-14 have a default set of 10 privileged accounts with hardcoded credentials. They are accessible if the customer has not configured 10 actual user accounts. | ||
| CVE-2016-2357 | Cri | 0.64 | 9.8 | 0.02 | Oct 25, 2019 | Milesight IP security cameras through 2016-11-14 have a hardcoded SSL private key under the /etc/config directory. | ||
| CVE-2016-2356 | Cri | 0.64 | 9.8 | 0.03 | Oct 25, 2019 | Milesight IP security cameras through 2016-11-14 have a buffer overflow in a web application via a long username or password. | ||
| CVE-2015-0270 | Cri | 0.57 | 9.8 | 0.01 | Oct 25, 2019 | Zend Framework before 2.2.10 and 2.3.x before 2.3.5 has Potential SQL injection in PostgreSQL Zend\Db adapter. | ||
| CVE-2019-18418 | Cri | 0.67 | 9.8 | 0.04 | Oct 24, 2019 | clonos.php in ClonOS WEB control panel 19.09 allows remote attackers to gain full access via change password requests because there is no session management. | ||
| CVE-2019-15929 | — | Cri | 0.64 | 9.8 | 0.02 | Oct 24, 2019 | In Craft CMS through 3.1.7, the elevated session password prompt was not being rate limited like normal login forms, leading to the possibility of a brute force attempt on them. | |
| CVE-2019-18200 | Cri | 0.64 | 9.8 | 0.03 | Oct 24, 2019 | An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, they are prone to keystroke injection attacks. | ||
| CVE-2019-13653 | Cri | 0.64 | 9.8 | 0.02 | Oct 24, 2019 | TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow triggerPort OS Command Injection (issue 5 of 5). | ||
| CVE-2019-13652 | Cri | 0.64 | 9.8 | 0.03 | Oct 24, 2019 | TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow serviceName OS Command Injection (issue 4 of 5). | ||
| CVE-2019-13651 | Cri | 0.64 | 9.8 | 0.03 | Oct 24, 2019 | TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow portMappingProtocol OS Command Injection (issue 3 of 5). |
- risk 0.00cvss 9.8epss 0.03
systemd 239 through 245 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. Server Name Indication (SNI) is not sent, and there is no hostname validation with the GnuTLS backend. NOTE: This has been disputed by the developer as not a vulnerability…
- risk 0.72cvss 9.8epss 0.67
SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which allows remote attackers to execute arbitrary PHP code.
- risk 0.65cvss 9.8epss 0.19
TightVNC code version 1.3.10 contains global buffer overflow in HandleCoRREBBP macro function, which can potentially result code execution. This attack appear to be exploitable via network connectivity.
- risk 0.64cvss 9.8epss 0.01
Opera Mini for Android allows attackers to bypass intended restrictions on .apk file download/installation via an RTLO (aka Right to Left Override) approach, as demonstrated by misinterpretation of malicious%E2%80%AEtxt.apk as maliciouskpa.txt. This affects 44.1.2254.142553,…
- risk 0.57cvss 9.8epss 0.02
In axohelp.c before 1.3 in axohelp in axodraw2 before 2.1.1b, as distributed in TeXLive and other collections, sprintf is mishandled.
- risk 0.02cvss 9.8epss 0.19
TurboVNC server code contains stack buffer overflow vulnerability in commit prior to cea98166008301e614e0d36776bf9435a536136e. This could possibly result into remote code execution, since stack frame is not protected with stack canary. This attack appear to be exploitable via…
- risk 0.65cvss 9.8epss 0.13
TightVNC code version 1.3.10 contains heap buffer overflow in InitialiseRFBConnection function, which can potentially result code execution. This attack appear to be exploitable via network connectivity.
- risk 0.65cvss 9.8epss 0.13
TightVNC code version 1.3.10 contains heap buffer overflow in rfbServerCutText handler, which can potentially result code execution.. This attack appear to be exploitable via network connectivity.
- risk 0.57cvss 9.8epss 0.01
sequelize before version 3.35.1 allows attackers to perform a SQL Injection due to the JSON path keys not being properly sanitized in the Postgres dialect.
- risk 0.57cvss 9.8epss 0.01
Sequelize all versions prior to 3.35.1, 4.44.3, and 5.8.11 are vulnerable to SQL Injection due to JSON path keys not being properly escaped for the MySQL/MariaDB dialects.
- risk 0.64cvss 9.8epss 0.02
Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via bundled OpenSSL executing code from unprotected directory.
- risk 0.64cvss 9.8epss 0.02
Bitlbee does not drop extra group privileges correctly in unix.c
- risk 0.64cvss 9.8epss 0.02
qtparted has insecure library loading which may allow arbitrary code execution
- risk 0.64cvss 9.8epss 0.03
ytnef has directory traversal
- risk 0.64cvss 9.8epss 0.05
A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product's management console as a root user. The vulnerability does not…
- risk 0.71cvss 9.8epss 0.49
A remote SEH buffer overflow has been discovered in IntraSrv 1.0 (2007-06-03). An attacker may send a crafted HTTP GET or HEAD request that can result in a compromise of the hosting system.
- risk 0.65cvss 9.8epss 0.10
A directory traversal vulnerability was discovered in RepetierServer.exe in Repetier-Server 0.8 through 0.91 that allows for the creation of a user controlled XML file at an unintended location. When this is combined with CVE-2019-14451, an attacker can upload an "external…
- risk 0.64cvss 9.8epss 0.02
In K7 Antivirus Premium 16.0.xxx through 16.0.0120; K7 Total Security 16.0.xxx through 16.0.0120; and K7 Ultimate Security 16.0.xxx through 16.0.0120, the module K7TSHlpr.dll improperly validates the administrative privileges of the user, allowing arbitrary registry writes in…
- risk 0.65cvss 9.8epss 0.13
Tiki Wiki CMS Groupware 5.2 has Local File Inclusion
- risk 0.64cvss 9.8epss 0.01
pixelpost 1.7.1 has SQL injection
- risk 0.57cvss 9.8epss 0.02
Snoopy before 2.0.0 has a security hole in exec cURL
- risk 0.71cvss 9.8epss 0.58
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote OS Command Injection vulnerability allows an attacker to execute arbitrary commands on the RTU due to the passing of unsafe user…
- risk 0.64cvss 9.8epss 0.02
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Undocumented hard-coded user passwords for root, ineaadmin, mitsadmin, and maint could allow an attacker to gain unauthorised access to the RTU. (Also, the…
- risk 0.64cvss 9.8epss 0.02
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Stored cleartext passwords could allow an unauthenticated attacker to obtain configured username and password combinations on the RTU due to the weak…
- risk 0.64cvss 9.8epss 0.02
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Hard-coded SSH keys allow an attacker to gain unauthorised access or disclose encrypted data on the RTU due to the keys not being regenerated on initial…
- risk 0.75cvss 9.8epss 0.98
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution.
- risk 0.64cvss 9.8epss 0.03
Buffer overflow in LabF nfsAxe FTP client 3.7 allows an attacker to execute code remotely.
- risk 0.67cvss 9.8epss 0.39
A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The…
- risk 0.66cvss 9.8epss 0.30
A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The…
- risk 0.67cvss 9.8epss 0.45
A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The…
- risk 0.64cvss 9.9epss 0.01
An exploitable SQL injection vulnerability exists in the authenticated portion of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability,…
- risk 0.64cvss 9.8epss 0.02
Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4. The authentication mechanism on affected systems is configured using hard-coded credentials. These credentials could allow attackers to influence the primary operations of the…
- risk 0.64cvss 9.8epss 0.02
CODESYS V2.3 ENI server up to V3.2.2.24 has a Buffer Overflow.
- risk 0.64cvss 9.8epss 0.04
RepetierServer.exe in Repetier-Server 0.8 through 0.91 does not properly validate the XML data structure provided when uploading a new printer configuration. When this is combined with CVE-2019-14450, an attacker can upload an "external command" configuration as a printer…
- risk 0.64cvss 9.8epss 0.09
Linksys EA6500 has SMB Symlink Traversal allowing symbolic links to be created to locations outside of the Samba share.
- risk 0.64cvss 9.8epss 0.06
Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.
- risk 0.64cvss 9.8epss 0.02
D-Link DIR-865L has PHP File Inclusion in the router xml file.
- risk 0.59cvss 9.1epss 0.01
browser/extensions/api/dial/dial_registry.cc in Google Chrome before 54.0.2840.98 on macOS, before 54.0.2840.99 on Windows, and before 54.0.2840.100 on Linux neglects to copy a device ID before an erase() call, which causes the erase operation to access data that that erase…
- risk 0.64cvss 9.8epss 0.02
Milesight IP security cameras through 2016-11-14 have a default root password in /etc/shadow that is the same across different customers' installations.
- risk 0.64cvss 9.8epss 0.03
Milesight IP security cameras through 2016-11-14 allow remote attackers to bypass authentication and access a protected resource by simultaneously making a request for the unprotected vb.htm resource.
- risk 0.64cvss 9.8epss 0.02
Milesight IP security cameras through 2016-11-14 have a default set of 10 privileged accounts with hardcoded credentials. They are accessible if the customer has not configured 10 actual user accounts.
- risk 0.64cvss 9.8epss 0.02
Milesight IP security cameras through 2016-11-14 have a hardcoded SSL private key under the /etc/config directory.
- risk 0.64cvss 9.8epss 0.03
Milesight IP security cameras through 2016-11-14 have a buffer overflow in a web application via a long username or password.
- risk 0.57cvss 9.8epss 0.01
Zend Framework before 2.2.10 and 2.3.x before 2.3.5 has Potential SQL injection in PostgreSQL Zend\Db adapter.
- risk 0.67cvss 9.8epss 0.04
clonos.php in ClonOS WEB control panel 19.09 allows remote attackers to gain full access via change password requests because there is no session management.
- risk 0.64cvss 9.8epss 0.02
In Craft CMS through 3.1.7, the elevated session password prompt was not being rate limited like normal login forms, leading to the possibility of a brute force attempt on them.
- risk 0.64cvss 9.8epss 0.03
An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, they are prone to keystroke injection attacks.
- risk 0.64cvss 9.8epss 0.02
TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow triggerPort OS Command Injection (issue 5 of 5).
- risk 0.64cvss 9.8epss 0.03
TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow serviceName OS Command Injection (issue 4 of 5).
- risk 0.64cvss 9.8epss 0.03
TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow portMappingProtocol OS Command Injection (issue 3 of 5).