Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-16 | CVE-2024-45695 | Out-of-bounds Write vulnerability in Dlink Dir-X4860 Firmware 1.00/1.04 The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device. | 9.8 |
| 2024-09-16 | CVE-2024-45696 | Hidden Functionality vulnerability in Dlink Covr-X1870 Firmware and Dir-X4860 Firmware Certain models of D-Link wireless routers contain hidden functionality. | 8.8 |
| 2024-09-16 | CVE-2024-45697 | Hidden Functionality vulnerability in Dlink Dir-X4860 Firmware 1.00/1.04 Certain models of D-Link wireless routers have a hidden functionality where the telnet service is enabled when the WAN port is plugged in. | 9.8 |
| 2024-09-16 | CVE-2024-45698 | Use of Hard-coded Credentials vulnerability in Dlink Dir-X4860 Firmware 1.00/1.04 Certain models of D-Link wireless routers do not properly validate user input in the telnet service, allowing unauthenticated remote attackers to use hard-coded credentials to log into telnet and inject arbitrary OS commands, which can then be executed on the device. | 9.8 |
| 2024-09-16 | CVE-2024-45833 | Unspecified vulnerability in Mattermost Mobile 1.26.0/1.29.0/1.30.0 Mattermost Mobile Apps versions <=2.18.0 fail to disable autocomplete during login while typing the password and visible password is selected, which allows the password to get saved in the dictionary when the user has Swiftkey as the default keyboard, the masking is off and the password contains a special character.. | 6.5 |
| 2024-09-16 | CVE-2024-8776 | Cross-site Scripting vulnerability in Intumit Smartrobot Firmware 6.0.0202012Tw SmartRobot from INTUMIT does not properly validate a specific page parameter, allowing unautheticated remote attackers to inject JavaScript code to the parameter for Reflected Cross-site Scripting attacks. | 6.1 |
| 2024-09-16 | CVE-2024-8777 | Insufficiently Protected Credentials vulnerability in Syscomgo Omflow OMFLOW from The SYSCOM Group has an information leakage vulnerability, allowing unauthorized remote attackers to read arbitrary system configurations. | 7.5 |
| 2024-09-16 | CVE-2024-8778 | Path Traversal vulnerability in Syscomgo Omflow OMFLOW from The SYSCOM Group does not properly validate user input of the download functionality, allowing remote attackers with regular privileges to read arbitrary system files. | 6.5 |
| 2024-09-16 | CVE-2024-8779 | Unspecified vulnerability in Syscomgo Omflow OMFLOW from The SYSCOM Group does not properly restrict access to the system settings modification functionality, allowing remote attackers with regular privileges to update system settings or create accounts with administrator privileges, thereby gaining control of the server. | 8.8 |
| 2024-09-16 | CVE-2024-8780 | Unspecified vulnerability in Syscomgo Omflow OMFLOW from The SYSCOM Group does not properly restrict the query range of its data query functionality, allowing remote attackers with regular privileges to obtain accounts and password hashes of other users. | 6.5 |