Author: Angelo Barbosa

CVE-2023-49431 | Tenda AX9 22.03.01.46 /goform/SetOnlineDevName mac command injection

A vulnerability, which was classified as critical, has been found in Tenda AX9 22.03.01.46. Affected by this issue is some unknown functionality of the file /goform/SetOnlineDevName. The manipulation of the argument mac leads to command injection. This vulnerability is handled as CVE-2023-49431. The attack can only be done within the local network. There is no exploit...

Read More

CVE-2023-49955 | Dalmann OCPP.Core up to 1.1.x Open Charge Point Protocol chargePointVendor denial of service (Issue 32)

A vulnerability was found in Dalmann OCPP.Core up to 1.1.x and classified as problematic. This issue affects some unknown processing of the component Open Charge Point Protocol. The manipulation of the argument chargePointVendor leads to denial of service. The identification of this vulnerability is CVE-2023-49955. The attack needs to be approached within the local network. There is no exploit available. The real existence of this vulnerability is still doubted at the moment. It is recommended to upgrade the affected...

Read More

CVE-2023-6581 | D-Link DAR-7000 up to 20231126 /user/inc/workidajax.php id sql injection

A vulnerability has been found in D-Link DAR-7000 up to 20231126 and classified as critical. This vulnerability affects unknown code of the file /user/inc/workidajax.php. The manipulation of the argument id leads to sql injection. This vulnerability was named CVE-2023-6581. Access to the local network is required for this attack to succeed. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any...

Read More