ZDI-24-808: (0Day) Actiontec WCB6200Q Cookie Format String Remote Code Execution Vulnerability | allinfosecnews.com

June 18, 2024, 5 a.m. |

ZDI: Published Advisories www.zerodayinitiative.com

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-6145.

0day actiontec arbitrary code attackers authentication code code execution cookie cve cve-2024 cves cvss exploit format string network rating remote code remote code execution routers vulnerability zdi

More from www.zerodayinitiative.com / ZDI: Published Advisories

ZDI-24-883: Zen Cart findPluginAdminPage Local File Inclusion Remote Code Execution Vulnerability 3 days, 3 hours ago | www.zerodayinitiative.com

arbitrary code attackers authentication code +14

ZDI-24-882: VMware vCenter Server Appliance License Server Uncontrolled Memory Allocation Denial-of-Service Vulnerability 4 days, 3 hours ago | www.zerodayinitiative.com

attackers authentication cve cve-2024 +16

ZDI-24-840: (Pwn2Own) Wyze Cam v3 TCP Traffic Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability 1 week, 1 day ago | www.zerodayinitiative.com

arbitrary code attackers authentication buffer +25

ZDI-24-839: (Pwn2Own) Wyze Cam v3 Cloud Infrastructure Improper Authentication Remote Code Execution Vulnerability 1 week, 1 day ago | www.zerodayinitiative.com

arbitrary code attackers authentication cam +21

ZDI-24-838: (Pwn2Own) Wyze Cam v3 Wi-Fi SSID OS Command Injection Remote Code Execution Vulnerability 1 week, 1 day ago | www.zerodayinitiative.com

arbitrary code attackers authentication cam +23

ZDI-24-837: (Pwn2Own) Wyze Cam v3 Realtek Wi-Fi Driver Heap-Based Buffer Overflow Remote Code Execution Vulnerability 1 week, 1 day ago | www.zerodayinitiative.com

arbitrary code attackers authentication buffer +24

ZDI-24-836: (Pwn2Own) Synology BC500 update_ntp_config Command Injection Remote Code Execution Vulnerability 1 week, 1 day ago | www.zerodayinitiative.com

arbitrary code attackers authentication cameras +16

ZDI-24-835: (Pwn2Own) Synology BC500 Protection Mechanism Failure Software Downgrade Vulnerability 1 week, 1 day ago | www.zerodayinitiative.com

attackers authentication cameras cvss +11

ZDI-24-834: (Pwn2Own) Synology BC500 Improper Compartmentalization Local Privilege Escalation Vulnerability 1 week, 1 day ago | www.zerodayinitiative.com

attacker attackers cameras code +18

Ingénieur Développement Logiciel IoT H/F

@ Socomec Group | Benfeld, Grand Est, France

View on infosec-jobs.com

Architecte Cloud – Lyon

@ Sopra Steria | Limonest, France

View on infosec-jobs.com

Senior Risk Operations Analyst

@ Visa | Austin, TX, United States

View on infosec-jobs.com

Military Orders Writer

@ Advanced Technology Leaders, Inc. | Ft Eisenhower, GA, US

View on infosec-jobs.com

Senior Golang Software Developer (f/m/d)

@ E.ON | Essen, DE

View on infosec-jobs.com

Senior Revenue Operations Analyst (Redwood City)

@ Anomali | Redwood City, CA

View on infosec-jobs.com