![]() ![]() ![]() Kirby's authentication endpoint did not limit the password length. The real-world impact of this vulnerability is limited, however we still recommend to update to one of the patch releases because they also fix more severe vulnerabilities. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby sites with user accounts (unless Kirby's API and Panel are disabled in the config). NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Ī command injection vulnerability exists in Bosch IP cameras that allows an authenticated user with administrative rights to run arbitrary commands on the OS of the camera. The identifier VDB-252269 was assigned to this vulnerability. The exploit has been disclosed to the public and may be used. The manipulation of the argument command leads to stack-based buffer overflow. ![]() This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |