Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
goahead vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-41615
websda.c in GoAhead WebServer 2.1.8 has insufficient nonce entropy because the nonce calculation relies on the hardcoded onceuponatimeinparadise value, which does not follow the secret-data guideline for HTTP Digest Access Authentication in RFC 7616 section 3.3 (or RFC 2617 secti...
Embedthis Goahead 2.1.8
9.8
CVSSv3
CVE-2017-1000471
EmbedThis GoAhead Webserver version 4.0.0 is vulnerable to a NULL pointer dereference in the CGI handler resulting in memory corruption or denial of service.
Embedthis Goahead 4.0.0
7.5
CVSSv3
CVE-2017-1000470
EmbedThis GoAhead Webserver versions 4.0.0 and previous versions is vulnerable to an integer overflow in the HTTP listener resulting in denial of service.
Embedthis Goahead Web Server 4.0.0
7.5
CVSSv3
CVE-2018-15505
An issue exists in Embedthis GoAhead prior to 4.0.1 and Appweb prior to 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ']...
Embedthis Appweb
Embedthis Goahead
Juniper Junos 15.1
Juniper Junos 16.1
Juniper Junos 12.3
Juniper Junos 15.1x53
Juniper Junos 12.3x48
Juniper Junos 15.1x49
Juniper Junos 16.2
Juniper Junos 17.2
Juniper Junos 17.1
Juniper Junos 17.3
Juniper Junos 17.4
Juniper Junos 18.1
7.5
CVSSv3
CVE-2018-15504
An issue exists in Embedthis GoAhead prior to 4.0.1 and Appweb prior to 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 1...
Embedthis Appweb
Embedthis Goahead
Juniper Junos 12.1x46
Juniper Junos 12.3x48
Juniper Junos 15.1x49
Juniper Junos 12.3
Juniper Junos 15.1
Juniper Junos 15.1x53
Juniper Junos 16.1
Juniper Junos 16.2
Juniper Junos 17.1
Juniper Junos 17.2
Juniper Junos 17.3
Juniper Junos 17.4
Juniper Junos 18.1
Juniper Junos 18.2
Juniper Junos 18.3
Juniper Junos 18.4
8.8
CVSSv3
CVE-2023-25649
There is a command injection vulnerability in a mobile internet product of ZTE. Due to insufficient validation of SET_DEVICE_LED interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands.
Zte Mf286r Firmware Cr Lvwrgbmf286rv1.0.0b04
9.8
CVSSv3
CVE-2019-15311
An issue exists on Zolo Halo devices via the Linkplay firmware. There is Zolo Halo LAN remote code execution. The Zolo Halo Bluetooth speaker had a GoAhead web server listening on the port 80. The /httpapi.asp endpoint of the GoAhead web server was also vulnerable to multiple com...
Linkplay Linkplay -
8.8
CVSSv3
CVE-2021-43469
VINGA WR-N300U 77.102.1.4853 is affected by a command execution vulnerability in the goahead component.
Vinga Wr-n300u Firmware 77.102.1.4853
2 Github repositories
7.5
CVSSv3
CVE-2018-17880
On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 RunReboot commands without authentication to trigger a reboot.
D-link Dir-823g Firmware -
9.8
CVSSv3
CVE-2018-17881
On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 SetPasswdSettings commands without authentication to trigger an admin password change.
D-link Dir-823g Firmware -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »