CVE-2025-2094

CVE-2025-2094

Título es
CVE-2025-2094

Vie, 07/03/2025 – 22:15

Tipo
CWE-77

Gravedad v2.0
6.50

Gravedad 2.0 Txt
MEDIUM

Título en

CVE-2025-2094

Descripción en
A vulnerability was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. It has been rated as critical. Affected by this issue is the function setWiFiExtenderConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument apcliKey/key leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

08/03/2025

07/03/2025

Vector CVSS:4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Vector CVSS:2.0
AV:N/AC:L/Au:S/C:P/I:P/A:P

Gravedad 4.0
5.30

Gravedad 4.0 txt
MEDIUM

Gravedad 3.1 (CVSS 3.1 Base Score)
6.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias


  • https://github.com/kn0sky/cve/blob/main/TOTOLINK%20EX1800T/OS%20Command%20Injection%2001%20setWiFiExtenderConfig-_apcliKey.md

  • https://vuldb.com/?ctiid_298952=

  • https://vuldb.com/?id_298952=

  • https://vuldb.com/?submit_515319=

  • https://www.totolink.net/

  • https://github.com/kn0sky/cve/blob/main/TOTOLINK%20EX1800T/OS%20Command%20Injection%2001%20setWiFiExtenderConfig-_apcliKey.md

    • Enviar en el boletín
    Off

    CVE-2025-2093

    CVE-2025-2093

    Título es
    CVE-2025-2093

    Vie, 07/03/2025 – 22:15

    Tipo
    CWE-640

    Gravedad v2.0
    2.10

    Gravedad 2.0 Txt
    LOW

    Título en

    CVE-2025-2093

    Descripción en
    A vulnerability was found in PHPGurukul Online Library Management System 3.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /change-password.php. The manipulation of the argument email/phone number leads to weak password recovery. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.

    08/03/2025

    07/03/2025

    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

    Vector CVSS:2.0
    AV:N/AC:H/Au:S/C:N/I:P/A:N

    Gravedad 4.0
    2.30

    Gravedad 4.0 txt
    LOW

    Gravedad 3.1 (CVSS 3.1 Base Score)
    3.10

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    LOW

    Referencias


  • https://github.com/SECWG/cve/issues/4

  • https://phpgurukul.com/

  • https://vuldb.com/?ctiid_298951=

  • https://vuldb.com/?id_298951=

  • https://vuldb.com/?submit_515207=

  • https://github.com/SECWG/cve/issues/4

    • Enviar en el boletín
    Off

    CVE-2025-27826

    CVE-2025-27826

    Título es
    CVE-2025-27826

    Vie, 07/03/2025 – 22:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-27826

    Descripción en
    An XSS issue was discovered in the Bootstrap Lite theme before 1.x-1.4.5 for Backdrop CMS. It doesn't sufficiently sanitize certain class names.

    07/03/2025

    07/03/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.40

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://backdropcms.org/security/backdrop-sa-core-2025-005

    • Enviar en el boletín
    Off

    CVE-2025-27825

    CVE-2025-27825

    Título es
    CVE-2025-27825

    Vie, 07/03/2025 – 22:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-27825

    Descripción en
    An XSS issue was discovered in the Bootstrap 5 Lite theme before 1.x-1.0.3 for Backdrop CMS. It doesn't sufficiently sanitize certain class names.

    07/03/2025

    07/03/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.40

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://backdropcms.org/security/backdrop-sa-contrib-2025-004

    • Enviar en el boletín
    Off

    CVE-2025-27824

    CVE-2025-27824

    Título es
    CVE-2025-27824

    Vie, 07/03/2025 – 22:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-27824

    Descripción en
    An XSS issue was discovered in the Link iframe formatter module before 1.x-1.1.1 for Backdrop CMS. It doesn't sufficiently sanitize input before displaying results to the screen. This vulnerability is mitigated by the fact that an attacker must have the ability to create content containing an iFrame field.

    07/03/2025

    07/03/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.40

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://backdropcms.org/security/backdrop-sa-contrib-2025-003

    • Enviar en el boletín
    Off

    CVE-2025-27823

    CVE-2025-27823

    Título es
    CVE-2025-27823

    Vie, 07/03/2025 – 22:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-27823

    Descripción en
    An issue was discovered in the Mail Disguise module before 1.x-1.0.5 for Backdrop CMS. It enables a website to obfuscate email addresses, and should prevent spambots from collecting them. The module doesn't sufficiently validate the data attribute value on links, potentially leading to a Cross Site Scripting (XSS) vulnerability. This is mitigated by the fact an attacker must be able to insert link () HTML elements containing data attributes into the page.

    07/03/2025

    07/03/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.40

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://backdropcms.org/security/backdrop-sa-contrib-2025-007

    • Enviar en el boletín
    Off

    CVE-2025-2096

    CVE-2025-2096

    Título es
    CVE-2025-2096

    Vie, 07/03/2025 – 22:15

    Tipo
    CWE-77

    Gravedad v2.0
    6.50

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2025-2096

    Descripción en
    A vulnerability classified as critical was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This vulnerability affects the function setRebootScheCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument mode/week/minute/recHour leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

    08/03/2025

    07/03/2025

    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:P/I:P/A:P

    Gravedad 4.0
    5.30

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://github.com/kn0sky/cve/blob/main/TOTOLINK%20EX1800T/OS%20Command%20Injection%2004%20setRebootScheCfg-_mode.md

  • https://vuldb.com/?ctiid_298954=

  • https://vuldb.com/?id_298954=

  • https://vuldb.com/?submit_515322=

  • https://www.totolink.net/

  • https://github.com/kn0sky/cve/blob/main/TOTOLINK%20EX1800T/OS%20Command%20Injection%2004%20setRebootScheCfg-_mode.md

    • Enviar en el boletín
    Off

    CVE-2025-2095

    CVE-2025-2095

    Título es
    CVE-2025-2095

    Vie, 07/03/2025 – 22:15

    Tipo
    CWE-77

    Gravedad v2.0
    6.50

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2025-2095

    Descripción en
    A vulnerability classified as critical has been found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This affects the function setDmzCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

    08/03/2025

    07/03/2025

    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:P/I:P/A:P

    Gravedad 4.0
    5.30

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://github.com/kn0sky/cve/blob/main/TOTOLINK%20EX1800T/OS%20Command%20Injection%2003%20setDmzCfg-_ip.md

  • https://vuldb.com/?ctiid_298953=

  • https://vuldb.com/?id_298953=

  • https://vuldb.com/?submit_515321=

  • https://www.totolink.net/

  • https://github.com/kn0sky/cve/blob/main/TOTOLINK%20EX1800T/OS%20Command%20Injection%2003%20setDmzCfg-_ip.md

    • Enviar en el boletín
    Off

    CVE-2025-2097

    CVE-2025-2097

    Título es
    CVE-2025-2097

    Vie, 07/03/2025 – 23:15

    Tipo
    CWE-119

    Gravedad v2.0
    9.00

    Gravedad 2.0 Txt
    HIGH

    Título en

    CVE-2025-2097

    Descripción en
    A vulnerability, which was classified as critical, has been found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This issue affects the function setRptWizardCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument loginpass leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

    08/03/2025

    08/03/2025

    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:C/I:C/A:C

    Gravedad 4.0
    8.70

    Gravedad 4.0 txt
    HIGH

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias


  • https://github.com/kn0sky/cve/blob/main/TOTOLINK%20EX1800T/Stack-based%20Buffer%20Overflow%2001%20setRptWizardCfg-_loginpass.md

  • https://vuldb.com/?ctiid_298955=

  • https://vuldb.com/?id_298955=

  • https://vuldb.com/?submit_515326=

  • https://www.totolink.net/

    • Enviar en el boletín
    Off

    CVE-2025-27839

    CVE-2025-27839

    Título es
    CVE-2025-27839

    Sáb, 08/03/2025 – 00:15

    Tipo
    CWE-1025

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-27839

    Descripción en
    operations/attestation/AttestationTask.kt in the Tangem SDK before 5.18.3 for Android has a logic flow in offline wallet attestation (genuineness check) that causes verification results to be disregarded during the first scan of a card. Exploitation may not have been possible.

    08/03/2025

    08/03/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    3.20

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    LOW

    Referencias


  • https://github.com/tangem/tangem-sdk-android/commit/24588188fdb51ed469cd59d2c595128c1fe63b07

  • https://github.com/tangem/tangem-sdk-android/releases/tag/release-app_5.18-409

  • https://tangem.com/en/blog/post/app-update/

    • Enviar en el boletín
    Off