Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
goahead vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-25649
There is a command injection vulnerability in a mobile internet product of ZTE. Due to insufficient validation of SET_DEVICE_LED interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands.
Zte Mf286r Firmware Cr Lvwrgbmf286rv1.0.0b04
9.8
CVSSv3
CVE-2021-41615
websda.c in GoAhead WebServer 2.1.8 has insufficient nonce entropy because the nonce calculation relies on the hardcoded onceuponatimeinparadise value, which does not follow the secret-data guideline for HTTP Digest Access Authentication in RFC 7616 section 3.3 (or RFC 2617 secti...
Embedthis Goahead 2.1.8
9.8
CVSSv3
CVE-2021-43298
The code that performs password matching when using 'Basic' HTTP authentication does not use a constant-time memcmp and has no rate-limiting. This means that an unauthenticated network attacker can brute-force the HTTP basic password, byte-by-byte, by recording the webs...
Embedthis Goahead
8.8
CVSSv3
CVE-2021-43469
VINGA WR-N300U 77.102.1.4853 is affected by a command execution vulnerability in the goahead component.
Vinga Wr-n300u Firmware 77.102.1.4853
2 Github repositories
9.8
CVSSv3
CVE-2021-42342
An issue exists in GoAhead 4.x and 5.x prior to 5.1.5. In the file upload filter, user form variables can be passed to CGI scripts without being prefixed with the CGI prefix. This permits tunneling untrusted environment variables into vulnerable CGI scripts.
Embedthis Goahead
5 Github repositories
6.2
CVSSv3
CVE-2020-19642
An issue exists in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B. A local attacker can execute arbitrary code via editing the 'recdata.db' file to call a specially crafted GoAhead ASP-file on the SD card.
Insma Wifi Mini Spy 1080p Hd Security Ip Camera Firmware 1.9.7b
8.8
CVSSv3
CVE-2020-15688
The HTTP Digest Authentication in the GoAhead web server prior to 5.1.2 does not completely protect against replay attacks. This allows an unauthenticated remote malicious user to bypass authentication via capture-replay if TLS is not used to protect the underlying communication ...
Embedthis Goahead
9.8
CVSSv3
CVE-2019-15311
An issue exists on Zolo Halo devices via the Linkplay firmware. There is Zolo Halo LAN remote code execution. The Zolo Halo Bluetooth speaker had a GoAhead web server listening on the port 80. The /httpapi.asp endpoint of the GoAhead web server was also vulnerable to multiple com...
Linkplay Linkplay -
9.8
CVSSv3
CVE-2019-5096
An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to a use-after-free condition during the processi...
Embedthis Goahead 3.6.5
Embedthis Goahead 5.0.1
Embedthis Goahead 4.1.1
7.5
CVSSv3
CVE-2019-5097
A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to an infinite loop in the process. The request can be unauthen...
Embedthis Goahead 3.6.5
Embedthis Goahead 5.0.1
Embedthis Goahead 4.1.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »