This can potentially be exploited by malicious entities to gain access to critical system functions that require elevated privileges, such as installation of software or changing system settings.
Goto cgi-bin/platform.cgi and execute a SQL injection to inject arbitrary SQL commands.
DOUGv1 and DOUGv2 were found to have an SQL Injection vulnerability in cgi-bin/platform.cgi via USERDBDomains.Domainname.
The vulnerability can be exploited to inject SQL commands into the system, resulting in potential data manipulation.
CVE-2018-17894 - OpenVPN - Software - OpenVPN versions below 1.12 have been found to have a stack-based buffer overflow in the SSL/TLS handshake implementation. This could be exploited by malicious remote attackers to execute arbitrary code on the system with the privileges of the user running the OpenVPN process.
GOTO OpenVPN versions below 1.12 have been found to have a stack-based buffer overflow in the SSL/TLS handshake implementation. This could be exploited by malicious remote attackers to execute arbitrary code on the system with the privileges of the user running the OpenVPN process. The vendor has acknowledged the issue and released a patch.
CVE-2018-18974 - DD-WRT - Software - DD-WRT versions v24-sp2.2 and below contain a buffer overflow vulnerability in the VPN server. This could be exploited by malicious remote
How to Deal With Vulnerable Network Devices
Vulnerable network devices are the most common cause of security breaches due to their prevalent use in enterprise networks. These devices include routers, switches, and firewalls that may not be updated with the latest security patches. The devices can be used for a variety of purposes, such as routing data traffic or providing access control to a corporate LAN.
Timeline
Published on: 05/13/2022 13:15:00 UTC
Last modified on: 05/24/2022 12:50:00 UTC