Apache Superset versions 2.0.0 and below utilize Flask with a known default secret key which is used to sign HTTP cookies. These cookies can therefore be forged. If a user is able to login to the site, they can decode the cookie, set their user_id to that of an administrator, and re-sign the cookie. This valid cookie can then be used to login as the targeted user. From there the Superset database is mounted, and credentials are pulled. A dashboard is then created. Lastly a pickled python payload can be set for that dashboard within Superset's database which will trigger the remote code execution. An attempt to clean up ALL of the dashboard key values and reset them to their previous values happens during the cleanup phase.

Apache Superset 2.0.0 Remote Code Execution

In an attempt to wrest control from raucous far-right hardliners amid the fight for a new House speaker, Republican Party leaders are instituting phone bans to keep backroom deals secret.

Last week, after helping foment the eight-person coup that ended Kevin McCarthy’s 269-day reign as speaker of the United States House of Representatives Matt Gaetz’s signature smirk was everywhere. The 41-year-old Florida congressman peacocked through a slew of must-see Beltway cable news shows, dancing on McCarthy’s political grave, and generally basking in the brilliance of his successful scheme—one he openly doubted would work just the night before it did.

This week, Gaetz shut up—or, more accurately, he was shut up.

It’s not just Gaetz. All week long, unidentified Republican Party puppet masters have muzzled House members, scrambling to portray unity in the face of the disarray emanating from today’s leaderless House GOP. This includes the rare step of confiscating Republican’s electronic devices in an attempt to prevent leaks in the midst of their secret meetings to pick McCarthy’s replacement.

“I don't know who keeps talking in real time, because that's what they're concerned about,” Chris Smith, a New Jersey Republican, tells WIRED.

Nothing seems to be going right for House Republicans. Just ask the party’s handpicked majority leader, Steve Scalise. To the surprise of most, on Thursday night, he bowed out of the speaker race just a day after the majority of the conference tapped him to replace McCarthy. Even after disconnecting members and stopping real-time leaks, a minority of the majority party scuttled Scalise in less than 48 hours. Despite the wishes of party leaders, this revolt isn’t leaving our screens anytime soon.

It’s impossible to mute contemporary lawmakers for very long. The more party leaders try, the more the Republican base erupts with accusations of secret side deals. Still, party leaders are scrambling to regain control—if only momentarily and only in the Capitol’s plethora of backrooms.

“They're a little either whiplashed or gun shy from the McCarthy stuff. Gaetz and others knew they could blow up the Congress, but they didn't know how to rebuild it,” David Jolly, a former Florida Republican congressman, tells WIRED. “And in the rebuilding phase, they're sensitive to some of the negative press and the negative impressions.”

Today’s members of Congress are beholden to their online followings, not some party leader. Even one picked by the overwhelming majority—some 96 percent, in McCarthy’s case—of their peers. Regaining control of the seemingly uncontrollable seems to, once again, be proving a fool’s errand.

“The power centers no longer go up through leadership,” Jolly says. “Go back as far as you want—20 years, 30 years, whatever—all power structures funneled through leadership. Now they're all these independent power structures that reward and stabilize members regardless of if they've been there a year or 30 years. In fact, in many ways, the people who have been there 30 years probably have less security than the ones that just got there.”

Stripping members of their electronic devices is punishment for leaks and Gaetz-style boasting. It's being lauded by many members annoyed that their internal party deliberations often make headlines before they even hit the exits. But it’s backfiring.

Republican Party deliberations are staying secret longer—mere minutes longer, really—but the digital time-out isn’t fostering party unity. Following one of the party’s daily secret meetings this week, Republicans announced that Louisiana congressman Steve Scalise would be their nominee for the new House speaker, beating out Ohio’s Jim Jordan. Now the real trouble begins. In the wake of McCarthy’s speakership—the third-shortest in US history—the Republican Party’s right flank is emboldened, empowered, and feeling more justified than ever in their self-righteous quest to rid Washington of what they view as the federal government’s biggest problems.

The far-right Freedom Caucus and its allies began the House speaker fight in January, demanding more transparency, like the ability to review bills 72 hours before voting. Just last week, as he was moving his motion to vacate the speaker, Gaetz accused McCarthy of making "secret side deals" with US president Joe Biden. It seems calls for transparency withered alongside McCarthy’s short-lived speakership. If anything, the party seems mostly unified in embracing a new level of secrecy.

Phoneless in Washington

It’s still unclear who is running things among House Republicans. WIRED reached out to a slew of Republican leaders—former speaker McCarthy, speaker pro tem Patrick McHenry, former speaker-designate Scalise, majority whip Tom Emmer, and GOP conference chair Elise Stefanik—asking who made the call to temporarily confiscate member’s phones this week. None responded.

With no one in charge, everyone’s in charge. Each member of Congress is coached to run their office like a business, with each serving as the CEO, CFO, and mascot. Who’s Cupid without a bow and arrow? Ask a phoneless politician.

“Oh, wow. Really?” John Larson, a Connecticut Democrat, says after WIRED informs him of his rowdy Republican neighbor’s new no-phone rule. “It goes to show you the level of trust in this place, huh?”

It’s not unheard of for lawmakers to be stripped of their devices. US senators had to check their phones and tablets when they sat as the jury for former US president Donald Trump’s two impeachments. They were also only allowed to drink water and milk (yeah, it’s a thing).

Lawmakers also turn over their personal and government-issued devices before heading into classified briefings, like the one House members had Wednesday morning on the Israel-Hamas war. Most of the time, like the rest of us, lawmakers’ fingers are all but one with their screens.

“One of the members said to me—I won’t say who she was—she goes, ‘I need my phone!’” Smith, the New Jersey lawmaker, says with a laugh. “It is a different world. For a while there, all of us went to our grandkids or kids to figure out how to use these things. Now we got it down, and we can't stop it!”

But stop they did. Many Republicans report that these deviceless—and largely staffless—meetings are a welcome change. “I think it does help. Looking over at your colleague, wondering if he's the one livestreaming it, it foments mistrust,” Thomase Massie, a Republican Kentuckian, tells WIRED. “I think you have more direct, but coarser, conversations if there aren’t witnesses in the room. You’re missing the good stuff!”

Still, Massie is attuned to the complaints from the base about secret meetings. “If we don't have some kind of public vote on the floor, or in conference, where everybody accounts for their own vote, I feel like they can claim this is a stolen election,” Massie says. “If you come out of a secret room, with a secret ballot, and say, ‘This is our choice. Take our word for it,’ I think a lot of people want to know how their congressmen voted, and they want them to prove it, either in a roll call here or on the floor.”

But confiscating rank-and-file Republicans’ devices didn’t heal the internet-fueled internal GOP rift barely hiding underneath the party’s near universal hatred of Joe Biden, love of tax cuts, and fear of Donald Trump. It merely paused the cage match again. And, as usual, some of McCarthy’s fiercest opponents are now the loudest critics of the clampdown on devices.

“It’s ridiculous, really,” Tim Burchett—the Tennessee Republican who partnered with Gaetz in orchestrating McCarthy’s demise—tells WIRED. “You know someone’s gonna walk out and tell it.”

If anything, the no-phone rule is only fueling the Republican Party’s new ranks of conspiracy-laden conservatives. Burchett doesn’t know who made the call—but he blames McCarthy anyway. “That’s part of his leadership team that’s in place still,” Burchett says. “It'll work for a little while, and then somebody will figure something out.”

That Escalated Quickly—and Is Far From Over

Burchett, Gaetz, Marjorie Taylor Greene, and their fellow GOP hardliners were leaders of the transparency pack ahead of McCarthy’s ouster. Problem is, the public is now locked out of their private feeding frenzy at the feet of the party’s next generation of potential power brokers.

Just as McCarthy did in January, Scalise hosted holdouts and opponents alike for private meetings. While Republicans were encouraged to personally air their concerns and demands alike to his face, something was different this time, at least according to former speaker-designate Scalise.

“No side deals,” Scalise told reporters huddled outside an impromptu Thursday afternoon GOP conference meeting. “Let’s have this in full view of everybody. No side deals. No secret meetings.”

Full view? Just no phones allowed. No side deals either? Just private one-on-one conversations with some of the most expensive—morally speaking, at the very least—votes to buy on Capitol Hill.

Just as McCarthy did in January, Scalise moved further right—or at least did all he could to placate holdouts. It seemed to be working, just as it did for McCarthy—until it didn’t.

The towel came flying in after just one day of private confabs with the farthest-flung rightward wing of today’s rightward-tilting GOP. Scalise flipped at least one vote, but at what cost? Freshman Anna Paulina Luna is a Floridian who was slingshotted into this 118th Congress via her previous perch as a so-called social media influencer. Scalise denies doling out promises, and Luna refuses to say how the majority leader won her trust and met her demand.

All we know is, Scalise flipped her from a no to a yes. And she left the private meeting satisfied, feeling confident he met each one of the three bright red lines she’s publicly drawn in the proverbial political sands: impeaching Biden, slapping his son Hunter Biden with a subpoena, and defunding special counsel Jack Smith, thus halting the two federal cases he’s spearheading against Trump.

"After talking to Representative Scalise, I feel very confident that he's going to allow me to aggressively pursue justice for this country and this nation," Luna told reporters after meeting with Scalise on Wednesday. "He will be aggressively allowing me to pursue and do my job."

That’s a lot of weighty demands for anyone to placate in one day. One down, but Scalise still had 106 or so to go. Many were adamantly unbudgeable, even if they did go through the formal motions of sitting down with Scalise. The de-phoning experiment failed to unite the GOP’s new ranks of partisans, so vulnerable members are now demanding party leaders try other out-of-the-box options.

“We have to have something that takes the personality and emotion out of it,” says Marc Molinaro, a freshman Republican from New York. “At the end of the day, in the conference, we have to have a deliberative effort to get from whatever number the top vote getter has to 217. That has to happen in a deliberative way. We didn't have that the last few days.”

Frustration turned to anger after McCarthy was pushed out. Now, after more than a week of the House being ground to a halt by the majority party, embarrassment is now transforming into desperation. Ineptitude is not a good look, which speaker pro tem Patrick McHenry understands. When WIRED asks if Molinaro’s got any new ideas to try next, the former government relations consultant’s mind darts to a recent closed-door conversation he had with McHenry.

“Patrick McHenry suggested we don't get food or water, and maybe that will help,” Molinaro tells WIRED. “That was a joke. I don't want people to think he's gonna starve us.”

Like good policy, all good humor is grounded in reality, no? The unanswered question—one hovering ominously over all US politics these days—is, do Republicans live in the same reality as, well, Republicans? MAGA’s now passé—a distinction without a difference, really. That is, unless centrist Republicans actually declare the difference. That’s a step too far for most tenets cramped in Trump’s new small-tent GOP. Scalise gets the distinction, but he stops short of defining the difference.

"There's some folks that really need to look in the mirror over the next couple of days and decide are we going to get back on track, or if they're going to pursue their own agenda," Scalise told reporters at the Capitol Thursday night. That’s the same tightrope McCarthy—who only was granted his recently retired gavel in the 15th bruising round of speaker votes back in January—teetered on throughout his tenuous nine-month tenure. It’s also much like the one Senate minority leader Mitch McConnell has delicately maneuvered around—or sidestepped—on the other side of the Capitol. Center-right Republicans seem to finally be standing up to minority rule of their majority.

“It shows a structural problem,” Michael Waltz, a third-term Floridia Republican, tells WIRED. “You have to, in a republic, be able to rule by majority vote, and when we have a structural problem that came out of January where we can't, then I think that's gotta be fixed.”

Scalise’s surrender seems to have dislodged something. Some Republicans say it’s time to call on the House parliamentarian—the chamber’s procedural brain trust—to see if there’s an obscure loophole they can use to bypass this latest Republican blockade of Republicans. “There’s suggestion of that, but I don't see consensus around that,” Waltz says, even as he says tweaking internal party rules is different than overhauling House rules. “We're gonna be addressing our rules.” For now, the majority of the GOP don’t dare tamper with House rules, in no small part because Trump’s base is enlivened, engaged, and digitally screaming at the party’s rank and file.

Thing is, all of this was inevitable. “We knew this. I felt this in November when we, sadly, won with such a slim majority,” Chuck Fleischmann, a seven-term Tennessean, tells WIRED. “You could feel the difficulties of that slim majority present at that time. It just came into fruition 10 months later.”

Inevitable sure; painful nonetheless. Scalise is affable, genuine, and beloved by many, especially as he currently battles cancer after surviving a mass shooting just six years ago.

“The mood is pensive. There was a little bit of surprise there,” Fleischmann says. “This is not going to be an easy process. We had an historic event last week—a first, the vacating of the chair—so moving forward in these uncharted waters, in these uncharted times, is going to be difficult with a very slim majority.”

Slim and divided. Moments after Scalise and his entourage of aides and suit-donning officers left the Capitol Thursday evening, his inglorious departure was already a distant memory to second-term Michelle Fischbach of Minnesota.

“I’m looking for my phone,” the flustered congresswoman fretted, rifling through the huge handbag she set on a bronze-rimmed trash can in the Capitol’s dingy basement. When asked if she was frustrated by how the day ended, with Scalise’s walk of shame before his political family and the press corps, Fischbach spoke up on behalf of the minority of the minority of the majority party, telling WIRED, “It’s more frustrating that I can’t find my phone.”

The frustration is palpable.

US House Republicans Had Their Phones Confiscated to Stop Leaks

Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxlor prior to 2.0.22.

**Description**

Stored HTML Injection: A Hidden Web Threat. Learn how attackers exploit input fields to inject malicious code into web applications, jeopardizing user data and site integrity. Discover crucial prevention measures to safeguard against this insidious vulnerability.

#Step to reproduce

      1. Login to froxlor as admin
      2. Under the resource go to Hosting plans  and Add new plan  
      3. In the plan name field  add the HTML payload and save it  
      4. once after saving the plan we can see that  the payload is working 
    

**Proof of Concept**

    https://drive.google.com/file/d/1zAKGmVoxwmzXZbi6S4TZs9ZA3A7VhXxJ/view?usp=sharing
    
    

**Impact**

The impact of stored HTML injection can be severe and far-reaching, affecting both website owners and their users. Here are some of the key impacts:

Compromised User Data: Stored HTML injection allows attackers to access and manipulate sensitive user data stored in the application's database. This can include personal information, passwords, financial details, and other confidential data, leading to identity theft and fraud.

Malicious Code Execution: Attackers can inject harmful scripts into the web application, leading to the execution of arbitrary code on users' browsers. This can result in unauthorized actions, data theft, or the installation of malware on users' devices.

Loss of Trust: When users' data is compromised due to stored HTML injection, it erodes their trust in the website and the organization behind it. Loss of trust can lead to a decline in user engagement, decreased customer loyalty, and damage to the company's reputation.

Financial Loss: A successful attack can have financial repercussions, including costs associated with data breaches, legal liabilities, and the expenses of recovering and securing the compromised system.

Business Disruption: If a website is affected by stored HTML injection, it may become inaccessible or experience performance issues, leading to a disruption in services and potential loss of revenue.

Regulatory Compliance Issues: Depending on the nature of the compromised data, organizations may face legal consequences and regulatory penalties for failing to protect user information adequately.

Negative SEO Impact: A compromised website may be used to host malicious content, leading search engines to flag the site as unsafe, resulting in a negative impact on its search engine rankings.

Long-term Damage: The aftermath of a successful stored HTML injection attack can be long-lasting. Rebuilding user trust and restoring the website's reputation can be a time-consuming and challenging process

CVE-2023-4829: Stored HTML injection in froxlor

Cross-site Scripting (XSS) - Stored in GitHub repository hestiacp/hestiacp prior to 1.8.6.

Expand Up @@ -512,7 +512,7 @@ class="form-control js-password-input" class\="form-control" name\="v\_mysql\_url" id\="v\_mysql\_url" value\="<?= $\_SESSION\["DB\_PMA\_ALIAS"\] ?>" value\="<?= htmlentities($\_SESSION\["DB\_PMA\_ALIAS"\]); ?>" \> </div\> <div class\="u-mb10"\> Expand Down Expand Up @@ -618,7 +618,7 @@ class="form-control" <label for\="v\_pgsql\_url" class\="form-label"\> <?= \_("phpPgAdmin Alias") ?> </label\> <input type\="text" class\="form-control" name\="v\_pgsql\_url" id\="v\_pgsql\_url" value\="<?= $\_SESSION\["DB\_PGA\_ALIAS"\] ?>"\> <input type\="text" class\="form-control" name\="v\_pgsql\_url" id\="v\_pgsql\_url" value\="<?= htmlentities($\_SESSION\["DB\_PGA\_ALIAS"\]) ?>"\> </div\> <?php } ?> <?php if ($v\_pgsql == "yes") { Expand Down Expand Up @@ -727,7 +727,7 @@ class="u-ml5" class\="form-control" name\="v\_backup\_dir" id\="v\_backup\_dir" value\="<?= trim($v\_backup\_dir, "'") ?>" value\="<?= htmlentities(trim($v\_backup\_dir, "'")) ?>" disabled \> </div\> Expand Down Expand Up @@ -785,7 +785,7 @@ class="form-select" class\="form-control" name\="v\_backup\_host" id\="v\_backup\_host" value\="<?= trim($v\_backup\_host, "'") ?>" value\="<?= htmlentities(trim($v\_backup\_host, "'")) ?>" \> </div\> <div class\="u-mb20"\> Expand All @@ -797,7 +797,7 @@ class="form-control" class\="form-control" name\="v\_backup\_port" id\="v\_backup\_port" value\="<?= trim($v\_backup\_port, "'") ?>" value\="<?= htmlentities(trim($v\_backup\_port, "'")) ?>" \> </div\> <div class\="u-mb10"\> Expand All @@ -809,7 +809,7 @@ class="form-control" class\="form-control" name\="v\_backup\_username" id\="v\_backup\_username" value\="<?= trim($v\_backup\_username, "'") ?>" value\="<?= htmlentities(trim($v\_backup\_username, "'")) ?>" \> </div\> <div class\="u-mb20"\> Expand All @@ -822,7 +822,7 @@ class="form-control" class\="form-control js-password-input" name\="v\_backup\_password" id\="v\_backup\_password" value\="<?= trim($v\_backup\_password, "'") ?>" value\="<?= htmlentities(trim($v\_backup\_password, "'")) ?>" \> </div\> </div\> Expand All @@ -835,7 +835,7 @@ class="form-control js-password-input" class\="form-control" name\="v\_backup\_bpath" id\="v\_backup\_bpath" value\="<?= trim($v\_backup\_bpath, "'") ?>" value\="<?= htmlentities(trim($v\_backup\_bpath, "'")) ?>" \> </div\> </div\> Expand All @@ -849,7 +849,7 @@ class="form-control" class\="form-control" name\="v\_backup\_bucket" id\="v\_backup\_bucket" value\="<?= trim($v\_backup\_bucket, "'") ?>" value\="<?= htmlentities(trim($v\_backup\_bucket, "'")) ?>" \> </div\> <div class\="u-mb10"\> Expand All @@ -861,7 +861,7 @@ class="form-control" class\="form-control" name\="v\_backup\_application\_id" id\="v\_backup\_application\_id" value\="<?= trim($v\_backup\_application\_id, "'") ?>" value\="<?= htmlentities(trim($v\_backup\_application\_id, "'")) ?>" \> </div\> <div class\="u-mb10"\> Expand All @@ -873,7 +873,7 @@ class="form-control" class\="form-control" name\="v\_backup\_application\_key" id\="v\_backup\_application\_key" value\="<?= trim($v\_backup\_application\_key, "'") ?>" value\="<?= htmlentities(trim($v\_backup\_application\_key, "'")) ?>" \> </div\> </div\> Expand All @@ -887,7 +887,7 @@ class="form-control" class\="form-control" name\="v\_rclone\_host" id\="v\_rclone\_host" value\="<?= trim($v\_rclone\_host, "'") ?>" value\="<?= htmlentities(trim($v\_rclone\_host, "'")) ?>" \> </div\> <div class\="u-mb10"\> Expand All @@ -899,7 +899,7 @@ class="form-control" class\="form-control" name\="v\_rclone\_path" id\="v\_rclone\_path" value\="<?= trim($v\_rclone\_path, "'") ?>" value\="<?= htmlentities(trim($v\_rclone\_path, "'")) ?>" \> </div\> </div\> Expand Down Expand Up @@ -946,33 +946,33 @@ class="form-control u-min-height100 u-console" <ul class\="values-list"\> <li class\="values-list-item"\> <span class\="values-list-label"\><?= \_("Issued To") ?></span\> <span class\="values-list-value"\><?= $v\_ssl\_subject ?></span\> <span class\="values-list-value"\><?= htmlentities($v\_ssl\_subject) ?></span\> </li\> <?php if ($v\_ssl\_aliases) { ?> <li class\="values-list-item"\> <span class\="values-list-label"\><?= \_("Alternate") ?></span\> <span class\="values-list-value"\><?= $v\_ssl\_aliases ?></span\> <span class\="values-list-value"\><?= htmlentities($v\_ssl\_aliases) ?></span\> </li\> <?php } ?> <li class\="values-list-item"\> <span class\="values-list-label"\><?= \_("Not Before") ?></span\> <span class\="values-list-value"\><?= $v\_ssl\_not\_before ?></span\> <span class\="values-list-value"\><?= htmlentities($v\_ssl\_not\_before) ?></span\> </li\> <li class\="values-list-item"\> <span class\="values-list-label"\><?= \_("Not After") ?></span\> <span class\="values-list-value"\><?= $v\_ssl\_not\_after ?></span\> <span class\="values-list-value"\><?= htmlentities($v\_ssl\_not\_after) ?></span\> </li\> <li class\="values-list-item"\> <span class\="values-list-label"\><?= \_("Signature") ?></span\> <span class\="values-list-value"\><?= $v\_ssl\_signature ?></span\> <span class\="values-list-value"\><?= htmlentities($v\_ssl\_signature) ?></span\> </li\> <li class\="values-list-item"\> <span class\="values-list-label"\><?= \_("Key Size") ?></span\> <span class\="values-list-value"\><?= $v\_ssl\_pub\_key ?></span\> <span class\="values-list-value"\><?= htmlentities($v\_ssl\_pub\_key) ?></span\> </li\> <li class\="values-list-item"\> <span class\="values-list-label"\><?= \_("Issued By") ?></span\> <span class\="values-list-value"\><?= $v\_ssl\_issuer ?></span\> <span class\="values-list-value"\><?= htmlentities($v\_ssl\_issuer) ?></span\> </li\> </ul\> </div\> Expand Down

CVE-2023-4517: Security patch for XSS in Edit server (#3946) · hestiacp/hestiacp@d30e3ed

Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the hostName parameter in the FUN_0040dabc function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

CVE-2023-45463: CVE/netis_N3/buffer overflow in hostname parameter leads to DOS.md at main · adhikara13/CVE

Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the servDomain parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

CVE-2023-45464: CVE/netis_N3/buffer overflow in servDomain parameter leads to DOS.md at main · adhikara13/CVE

Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the pingWdogIp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

CVE-2023-45468: CVE/netis_N3/buffer overflow in pingWdogIp parameter leads to DOS.md at main · adhikara13/CVE

Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the ddnsDomainName parameter in the Dynamic DNS settings.

CVE-2023-45465: CVE/netis_N3/blind command injection in ddnsDomainName parameter in Dynamic DNS setting.md at main · adhikara13/CVE

Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the ntpServIP parameter in the Time Settings.

CVE-2023-45467: CVE/netis_N3/blind command injection in ntpServIP parameter in Time Settings .md at main · adhikara13/CVE

Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the pin_host parameter in the WPS Settings.

Tag

#git