CVE-2022-42161 The COVR 1200,1202,1203 v1.08 was found to have a command injection vulnerability in the SetTriggerWPS/PIN parameter.
The command injection can be exploited by issuing a request to set a custom WPS pin. An attacker can exploit the command injection to change
CVE-2022-41482 An exploit in the Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was found that had a buffer overflow.
An attacker can exploit this vulnerability by sending a specially crafted request to the 0x47c5dc function. It is advised to update Tenda AC1200 US_AC6V2.
CVE-2022-41489 - CSRF Vulnerability in WAYOS LQ_09 22.03.17V Usb_upload.htm Explained
Disclosure Date: October 2022
Vulnerability Type: Cross-Site Request Forgery (CSRF)
Affected Product: WAYOS LQ_09, Firmware Version 22.03.17V
Component: Usb_upload.htm
Introduction
CVE-2022-34020 The ResIOT IOT Platform and LoRaWAN Network Server has a CSRF vulnerability that can be used to add new admin users. This vulnerability could also have other impacts.
This vulnerability allows remote attackers to add new admin users to the platform or other unspecified impacts by sending a CSRF request to the application.
CVE-2018-18447 dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 2 of 2).
These issues could result in remote code execution. To verify your application's resistance to these issues, you can run it through an automated
Episode
00:00:00
00:00:00