Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-31309: CVE_Request/WAVLINK AC1200_check_live.md at main · pghuanghui/CVE_Request

A vulnerability in live_check.shtml of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to obtain sensitive router information via execution of the exec cmd function.

CVE
#vulnerability#mac#auth

0x01 Vulnerability description

A vulnerability is in the ‘live_check.shtml’ page of the AERIAL X 1200M,Firmware package version M79X3.V5030.180719

Unauthorized users can obtain the key information of the router by visiting:

http://xxx.xxx.xxx.xxx/live_check.shtml

0x02 Affected version****0x03 Vulnerability

Under the live_check.shtml file, use the exec cmd function to execute the command

0x04 PoC verification

In the live_check.shtml interface, it contains various information of the router, such as: firmware version, MAC address, etc., and even information such as the running process of the router.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda