Vulnerabilities > Use of Externally-Controlled Format String
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-07 | CVE-2023-39239 | Use of Externally-Controlled Format String vulnerability in Asus products It is identified a format string vulnerability in ASUS RT-AX56U V2’s General function API. | 7.2 |
| 2023-09-07 | CVE-2023-39240 | Use of Externally-Controlled Format String vulnerability in Asus products It is identified a format string vulnerability in ASUS RT-AX56U V2’s iperf client function API. | 7.2 |
| 2023-09-04 | CVE-2023-4746 | Use of Externally-Controlled Format String vulnerability in Totolink N200Re-V5 Firmware 9.3.5U.6437B20230519 A vulnerability classified as critical has been found in TOTOLINK N200RE V5 9.3.5u.6437_B20230519. | 8.8 |
| 2023-07-21 | CVE-2023-35087 | Use of Externally-Controlled Format String vulnerability in Asus Rt-Ac86U Firmware and Rt-Ax56U V2 Firmware It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. | 9.8 |
| 2023-07-21 | CVE-2023-35086 | Use of Externally-Controlled Format String vulnerability in Asus Rt-Ac86U Firmware and Rt-Ax56U V2 Firmware It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. | 7.2 |
| 2023-07-17 | CVE-2023-33011 | Use of Externally-Controlled Format String vulnerability in Zyxel products A format string vulnerability in the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN series firmware versions 5.00 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands by using a crafted PPPoE configuration on an affected device when the cloud management mode is enabled. | 8.8 |
| 2023-06-13 | CVE-2022-43953 | Use of Externally-Controlled Format String vulnerability in Fortinet Fortios and Fortiproxy A use of externally-controlled format string in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS all versions 7.0, FortiOS all versions 6.4, FortiOS all versions 6.2, FortiProxy version 7.2.0 through 7.2.1, FortiProxy version 7.0.0 through 7.0.7 allows attacker to execute unauthorized code or commands via specially crafted commands. | 7.8 |
| 2023-06-07 | CVE-2023-2186 | Use of Externally-Controlled Format String vulnerability in Trianglemicroworks Scada Data Gateway On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, an unauthenticated attacker can send a specially crafted broadcast message including format string characters to the SCADA Data Gateway to perform unrestricted memory reads.An unauthenticated user can use this format string vulnerability to repeatedly crash the GTWWebMonitor.exe process to DoS the Web Monitor. | 9.8 |
| 2023-05-04 | CVE-2023-21497 | Use of Externally-Controlled Format String vulnerability in Samsung Android 13.0 Use of externally-controlled format string vulnerability in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to access the memory address. | 7.8 |
| 2023-05-01 | CVE-2023-22923 | Use of Externally-Controlled Format String vulnerability in Zyxel Nbg-418N Firmware 1.00(Aadz.3)C0/1.00(Aarp.10)C0/1.00(Aarp.13)C0 A format string vulnerability in a binary of the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker to cause denial-of-service (DoS) conditions on an affected device. | 6.5 |