Lafdrew

#8318of 53,624
33Total CVSS
Vulnerabilities · 4
Medium
2
Critical
2
PT-2025-31431
6.5
2025-07-30
Iptime · Iptime Nas Firmware · CVE-2025-50464
**Name of the Vulnerable Software and Affected Versions** iptime NAS firmware version 1.5.04 **Description** A buffer overflow exists in the `upload.cgi` module due to the unsafe use of the `strcpy` function. This function copies data from the `CONTENT TYPE` HTTP header into a fixed-size stack buffer (8 bytes) without sufficient bounds checking. The issue is exploitable before authentication. **Recommendations** Update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the `upload.cgi` module to minimize the risk of exploitation.
PT-2025-29577
6.5
2025-07-15
NetGear · Netgear Xr300 · CVE-2025-52082
**Name of the Vulnerable Software and Affected Versions** Netgear XR300 version 1.0.3.38 10.3.30 **Description** A stack-based buffer overflow exists in the HTTPD service through the `usb device.cgi` endpoint. The issue occurs when processing POST requests containing the `read access` parameter. **Recommendations** Update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the `usb device.cgi` endpoint.
PT-2025-22288
10
2025-04-20
Unknown · Fw-Wgs-804Hpt · CVE-2025-44884
**Name of the Vulnerable Software and Affected Versions** FW-WGS-804HPT version 1.305b241111 **Description** A stack overflow issue was discovered via the `web sys infoContact post` function. **Recommendations** For FW-WGS-804HPT version 1.305b241111, as a temporary workaround, consider disabling the `web sys infoContact post` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2025-22305
10
2025-04-18
Unknown · Fw-Wgs-804Hpt · CVE-2025-44896
**Name of the Vulnerable Software and Affected Versions** FW-WGS-804HPT version 1.305b241111 **Description** A stack overflow issue was discovered via the `bindEditMACName` parameter in the `web acl bindEdit post` function. **Recommendations** For FW-WGS-804HPT version 1.305b241111, consider restricting access to the `web acl bindEdit post` function to minimize the risk of exploitation. Avoid using the `bindEditMACName` parameter until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.