Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
web management portal vulnerabilities and exploits
(subscribe to this query)
1.9
CVSSv2
CVE-2019-3606
Data Leakage Attacks vulnerability in the web portal component when in an MDR pair in McAfee Network Security Management (NSM) 9.1 < 9.1.7.75 (Update 4) and 9.2 < 9.2.7.31 Update2 allows administrators to view configuration information in plain text format via the GUI or GU...
Mcafee Network Security Manager
4
CVSSv2
CVE-2019-10710
Insecure permissions in the Web management portal on all IP cameras based on Hisilicon Hi3510 firmware allow authenticated malicious users to receive a network's cleartext WiFi credentials via a specific HTTP request. This affects certain devices labeled as HI3510, HI3518, L...
Hisilicon Hi3510 Firmware -
6.8
CVSSv2
CVE-2020-27692
The Relish (Verve Connect) VH510 device with firmware prior to 1.0.1.6L0516 contains multiple CSRF vulnerabilities within its web management portal. Attackers can, for example, use this to update the TR-069 configuration server settings (responsible for managing devices remotely)...
Imomobile Verve Connect Vh510 Firmware
5
CVSSv2
CVE-2018-3948
An exploitable denial-of-service vulnerability exists in the URI-parsing functionality of the TP-Link TL-R600VPN HTTP server. A specially crafted URL can cause the server to stop responding to requests, resulting in downtime for the management portal. An attacker can send either ...
Tp-link Tl-r600vpn Firmware 1.3.0
Tp-link Tl-r600vpn Firmware 1.2.3
NA
CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Ietf Http 2.0
Nghttp2 Nghttp2
Netty Netty
Envoyproxy Envoy 1.27.0
Envoyproxy Envoy 1.26.4
Envoyproxy Envoy 1.25.9
Envoyproxy Envoy 1.24.10
Eclipse Jetty
Caddyserver Caddy
Golang Http2
Golang Go
Golang Networking
F5 Big-ip Analytics
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Local Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Global Traffic Manager
F5 Big-ip Fraud Protection Service
F5 Big-ip Domain Name System
F5 Big-ip Application Security Manager
F5 Big-ip Application Acceleration Manager
F5 Big-ip Advanced Firewall Manager
34 Github repositories
2 Articles
9.3
CVSSv2
CVE-2021-38480
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to cross-site request forgery when unauthorized commands are submitted from a user the web application trusts. This may allow an malicious user to remotely perform actions on the router’...
Inhandnetworks Ir615 Firmware 2.3.0.r4724
Inhandnetworks Ir615 Firmware 2.3.0.r4870
9.3
CVSSv2
CVE-2021-44228
Apache Log4j2 2.0-beta9 up to and including 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can contr...
Apache Log4j 2.0
Apache Log4j
Siemens Sppa-t3000 Ses3000 Firmware
Siemens Logo\\! Soft Comfort
Siemens Spectrum Power 4 4.70
Siemens Spectrum Power 4
Siemens Siveillance Control Pro
Siemens Energyip Prepay 3.7
Siemens Energyip Prepay 3.8
Siemens Siveillance Identity 1.6
Siemens Siveillance Identity 1.5
Siemens Siveillance Command
Siemens Sipass Integrated 2.85
Siemens Sipass Integrated 2.80
Siemens Head-end System Universal Device Integration System
Siemens Gma-manager
Siemens Energyip 8.5
Siemens Energyip 8.6
Siemens Energyip 8.7
Siemens Energyip 9.0
Siemens Energy Engage 3.1
Siemens E-car Operation Center
2 Metasploit modules
1152 Github repositories
28 Articles
4
CVSSv2
CVE-2020-4079
Combodo iTop is a web based IT Service Management tool. In iTop prior to 2.7.2 and 2.8.0, when the ajax endpoint for the "excel export" portal functionality is called directly it allows getting data without scope filtering. This allows a user to access data they which t...
Combodo Itop
Combodo Itop 2.7.3
NA
CVE-2023-23313
Certain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and user_login.cgi script of the router's web application management portal. This affects Vigor3910, Vigor1000B, Vigor2962 v4.3.2.1; Vigor2865 and Vigor2866 v4.4.1.0; Vigor2927 v4...
Draytek Vigor2860 Firmware
Draytek Vigor2860n Firmware
Draytek Vigor2860n-plus Firmware
Draytek Vigor2860vn-plus Firmware
Draytek Vigor2860ac Firmware
Draytek Vigor2860vac Firmware
Draytek Vigor2860l Firmware
Draytek Vigor2860ln Firmware
Draytek Vigor2832 Firmware
Draytek Vigor2832n Firmware
Draytek Vigor2766 Firmware
Draytek Vigor2766ax Firmware
Draytek Vigor2766ac Firmware
Draytek Vigor2766vac Firmware
Draytek Vigor2765 Firmware
Draytek Vigor2765ax Firmware
Draytek Vigor2765ac Firmware
Draytek Vigor2765va Firmware
Draytek Vigor2763 Firmware
Draytek Vigor2763ac Firmware
Draytek Vigor2762 Firmware
Draytek Vigor2762n Firmware
10
CVSSv2
CVE-2017-17411
This vulnerability allows remote malicious users to execute arbitrary code on vulnerable installations of Linksys WVBR0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management portal. The issue lies in the lack of proper v...
Linksys Wvbr0 Firmware
2 EDB exploits
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »