CVE-2022-30105
published 2022-05-18CVE-2022-30105: In Belkin N300 Firmware 1.00.08, the script located at /setting_hidden.asp, which is accessible before and after configuring the device, exhibits multiple…
PriorityP265critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.77%
84.5th percentile
In Belkin N300 Firmware 1.00.08, the script located at /setting_hidden.asp, which is accessible before and after configuring the device, exhibits multiple remote command injection vulnerabilities. The following parameters in the [form name] form; [list vulnerable parameters], are not properly sanitized after being submitted to the web interface in a POST request. With specially crafted parameters, it is possible to inject a an OS command which will be executed with root privileges, as the web interface, and all processes on the device, run as root.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| belkin | n300_firmware | — | — |
| msrc | microsoft_visual_studio_2022_version_17.10 | — | — |
| msrc | microsoft_visual_studio_2022_version_17.4 | — | — |
| msrc | microsoft_visual_studio_2022_version_17.6 | — | — |
| msrc | microsoft_visual_studio_2022_version_17.8 | — | — |
| msrc | net_8.0 | — | — |
| msrc | powershell_7.4 | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_msrc7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gfc4-5r33-fqmj: In Belkin N300 Firmware 1
ghsa_unreviewed·2022-05-19
CVE-2022-30105 [CRITICAL] CWE-78 GHSA-gfc4-5r33-fqmj: In Belkin N300 Firmware 1
In Belkin N300 Firmware 1.00.08, the script located at /setting_hidden.asp, which is accessible before and after configuring the device, exhibits multiple remote command injection vulnerabilities. The following parameters in the [form name] form; [list vulnerable parameters], are not properly sanitized after being submitted to the web interface in a POST request. With specially crafted parameters, it is possible to inject a an OS command which will be executed with root privileges, as the web interface, and all processes on the device, run as root.
Microsoft
.NET and Visual Studio Denial of Service Vulnerability
vendor_msrc·2024-07-09·CVSS 7.5
CVE-2024-30105 [HIGH] CWE-400 .NET and Visual Studio Denial of Service Vulnerability
.NET and Visual Studio Denial of Service Vulnerability
.NET and Visual Studio: .NET and Visual Studio
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Denial of Service
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
Reference: https://dotnet.microsoft.com/en-us/download/dotnet/8.0
Reference: https://support.microsoft.com/help/5041081
Remediation: Release Notes
Reference: https://github.com/PowerShell/Announcements/issues/64
Reference: https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4
Reference: https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes
Reference: https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.6
Reference: https://my.visualstudio.com/Downl
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-05-18
Published