24h | 7d | 30d

CVE-2025-12003

Overview

  • ASUS
  • Router
25 Nov 2025
Published
25 Nov 2025
Updated
CVSS v4.0
HIGH (8.2)
EPSS
0.20%
KEV

Description

A path traversal vulnerability has been identified in WebDAV, which may allow unauthenticated remote attackers to impact the integrity of the device. Refer to the ' Security Update for ASUS Router Firmware' section on the ASUS Security Advisory for more information.

Statistics

  • 1 Post
Last activity: 4 hours ago

Bluesky

Profile picture
ohhara @shiojiri.com
ASUS製ルーターに複数の脆弱性。計8件中、緊急が1件。アップデートを。『CVE-2025-59366』『CVE-2025-12003』など | ニッチなPCゲーマーの環境構築Z https://www.nichepcgamer.com/archives/asus-routers-multiple-vulnerabilities-cve-2025-59366-etc.html
  • 0
  • 0
  • 0
  • 4h ago

CVE-2022-37055

Overview

  • Pending
28 Aug 2022
Published
06 Jan 2025
Updated
CVSS
Pending
EPSS
37.41%
KEV

Description

D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Buffer Overflow via cgibin, hnap_main,

Statistics

  • 1 Post
Last activity: 23 hours ago

Fediverse

Profile picture
ekiledjian @edwardk

Botnet takes advantage of AWS outage to hit 28 countries
theregister.com/2025/11/26/mir

A Mirai-based botnet known as ShadowV2 surfaced during last October’s large-scale AWS outage, compromising IoT devices across multiple sectors and regions. Fortinet’s FortiGuard Labs suggests the activity may have been a “test run” for future, more disruptive campaigns.

Once the malware infiltrates vulnerable devices, it assembles them into a distributed network that can be remotely controlled to execute large-scale operations, including distributed denial-of-service (DDoS) attacks.

The botnet spread by exploiting several vulnerabilities affecting devices from multiple vendors, including:
• DD-WRT: CVE-2009-2765
• D-Link: CVE-2020-25506, CVE-2022-37055, CVE-2024-10914, CVE-2024-10915
• DigiEver: CVE-2023-52163
• TBK: CVE-2024-3721
• TP-Link: CVE-2024-53375

These details were outlined by Fortinet antivirus analyst Vincent Li in a Wednesday blog post.

  • 0
  • 0
  • 0
  • 23h ago

CVE-2024-10915

Overview

  • D-Link
  • DNS-320
06 Nov 2024
Published
06 Nov 2024
Updated
CVSS v4.0
CRITICAL (9.2)
EPSS
92.70%
KEV

Description

A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been rated as critical. Affected by this issue is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the argument group leads to os command injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.

Statistics

  • 1 Post
Last activity: 23 hours ago

Fediverse

Profile picture
ekiledjian @edwardk

Botnet takes advantage of AWS outage to hit 28 countries
theregister.com/2025/11/26/mir

A Mirai-based botnet known as ShadowV2 surfaced during last October’s large-scale AWS outage, compromising IoT devices across multiple sectors and regions. Fortinet’s FortiGuard Labs suggests the activity may have been a “test run” for future, more disruptive campaigns.

Once the malware infiltrates vulnerable devices, it assembles them into a distributed network that can be remotely controlled to execute large-scale operations, including distributed denial-of-service (DDoS) attacks.

The botnet spread by exploiting several vulnerabilities affecting devices from multiple vendors, including:
• DD-WRT: CVE-2009-2765
• D-Link: CVE-2020-25506, CVE-2022-37055, CVE-2024-10914, CVE-2024-10915
• DigiEver: CVE-2023-52163
• TBK: CVE-2024-3721
• TP-Link: CVE-2024-53375

These details were outlined by Fortinet antivirus analyst Vincent Li in a Wednesday blog post.

  • 0
  • 0
  • 0
  • 23h ago

CVE-2024-3721

Overview

  • TBK
  • DVR-4104
13 Apr 2024
Published
01 Aug 2024
Updated
CVSS v3.1
MEDIUM (6.3)
EPSS
83.57%
KEV

Description

A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing of the file /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___. The manipulation of the argument mdb/mdc leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260573 was assigned to this vulnerability.

Statistics

  • 1 Post
Last activity: 23 hours ago

Fediverse

Profile picture
ekiledjian @edwardk

Botnet takes advantage of AWS outage to hit 28 countries
theregister.com/2025/11/26/mir

A Mirai-based botnet known as ShadowV2 surfaced during last October’s large-scale AWS outage, compromising IoT devices across multiple sectors and regions. Fortinet’s FortiGuard Labs suggests the activity may have been a “test run” for future, more disruptive campaigns.

Once the malware infiltrates vulnerable devices, it assembles them into a distributed network that can be remotely controlled to execute large-scale operations, including distributed denial-of-service (DDoS) attacks.

The botnet spread by exploiting several vulnerabilities affecting devices from multiple vendors, including:
• DD-WRT: CVE-2009-2765
• D-Link: CVE-2020-25506, CVE-2022-37055, CVE-2024-10914, CVE-2024-10915
• DigiEver: CVE-2023-52163
• TBK: CVE-2024-3721
• TP-Link: CVE-2024-53375

These details were outlined by Fortinet antivirus analyst Vincent Li in a Wednesday blog post.

  • 0
  • 0
  • 0
  • 23h ago

CVE-2024-53375

Overview

  • Pending
02 Dec 2024
Published
17 Dec 2024
Updated
CVSS
Pending
EPSS
21.63%
KEV

Description

An Authenticated Remote Code Execution (RCE) vulnerability affects the TP-Link Archer router series. A vulnerability exists in the "tmp_get_sites" function of the HomeShield functionality provided by TP-Link. This vulnerability is still exploitable without the activation of the HomeShield functionality.

Statistics

  • 1 Post
Last activity: 23 hours ago

Fediverse

Profile picture
ekiledjian @edwardk

Botnet takes advantage of AWS outage to hit 28 countries
theregister.com/2025/11/26/mir

A Mirai-based botnet known as ShadowV2 surfaced during last October’s large-scale AWS outage, compromising IoT devices across multiple sectors and regions. Fortinet’s FortiGuard Labs suggests the activity may have been a “test run” for future, more disruptive campaigns.

Once the malware infiltrates vulnerable devices, it assembles them into a distributed network that can be remotely controlled to execute large-scale operations, including distributed denial-of-service (DDoS) attacks.

The botnet spread by exploiting several vulnerabilities affecting devices from multiple vendors, including:
• DD-WRT: CVE-2009-2765
• D-Link: CVE-2020-25506, CVE-2022-37055, CVE-2024-10914, CVE-2024-10915
• DigiEver: CVE-2023-52163
• TBK: CVE-2024-3721
• TP-Link: CVE-2024-53375

These details were outlined by Fortinet antivirus analyst Vincent Li in a Wednesday blog post.

  • 0
  • 0
  • 0
  • 23h ago

CVE-2009-2765

Overview

  • Pending
14 Aug 2009
Published
07 Aug 2024
Updated
CVSS
Pending
EPSS
92.26%
KEV

Description

httpd.c in httpd in the management GUI in DD-WRT 24 sp1, and other versions before build 12533, allows remote attackers to execute arbitrary commands via shell metacharacters in a request to a cgi-bin/ URI.

Statistics

  • 1 Post
Last activity: 23 hours ago

Fediverse

Profile picture
ekiledjian @edwardk

Botnet takes advantage of AWS outage to hit 28 countries
theregister.com/2025/11/26/mir

A Mirai-based botnet known as ShadowV2 surfaced during last October’s large-scale AWS outage, compromising IoT devices across multiple sectors and regions. Fortinet’s FortiGuard Labs suggests the activity may have been a “test run” for future, more disruptive campaigns.

Once the malware infiltrates vulnerable devices, it assembles them into a distributed network that can be remotely controlled to execute large-scale operations, including distributed denial-of-service (DDoS) attacks.

The botnet spread by exploiting several vulnerabilities affecting devices from multiple vendors, including:
• DD-WRT: CVE-2009-2765
• D-Link: CVE-2020-25506, CVE-2022-37055, CVE-2024-10914, CVE-2024-10915
• DigiEver: CVE-2023-52163
• TBK: CVE-2024-3721
• TP-Link: CVE-2024-53375

These details were outlined by Fortinet antivirus analyst Vincent Li in a Wednesday blog post.

  • 0
  • 0
  • 0
  • 23h ago

CVE-2024-10914

Overview

  • D-Link
  • DNS-320
06 Nov 2024
Published
24 Nov 2024
Updated
CVSS v4.0
CRITICAL (9.2)
EPSS
93.12%
KEV

Description

A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been declared as critical. Affected by this vulnerability is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the argument name leads to os command injection. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.

Statistics

  • 1 Post
Last activity: 23 hours ago

Fediverse

Profile picture
ekiledjian @edwardk

Botnet takes advantage of AWS outage to hit 28 countries
theregister.com/2025/11/26/mir

A Mirai-based botnet known as ShadowV2 surfaced during last October’s large-scale AWS outage, compromising IoT devices across multiple sectors and regions. Fortinet’s FortiGuard Labs suggests the activity may have been a “test run” for future, more disruptive campaigns.

Once the malware infiltrates vulnerable devices, it assembles them into a distributed network that can be remotely controlled to execute large-scale operations, including distributed denial-of-service (DDoS) attacks.

The botnet spread by exploiting several vulnerabilities affecting devices from multiple vendors, including:
• DD-WRT: CVE-2009-2765
• D-Link: CVE-2020-25506, CVE-2022-37055, CVE-2024-10914, CVE-2024-10915
• DigiEver: CVE-2023-52163
• TBK: CVE-2024-3721
• TP-Link: CVE-2024-53375

These details were outlined by Fortinet antivirus analyst Vincent Li in a Wednesday blog post.

  • 0
  • 0
  • 0
  • 23h ago

CVE-2020-25506

Overview

  • Pending
02 Feb 2021
Published
21 Oct 2025
Updated
CVSS
Pending
EPSS
93.55%
KEV

Description

D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the system_mgr.cgi component, which can lead to remote arbitrary code execution.

Statistics

  • 1 Post
Last activity: 23 hours ago

Fediverse

Profile picture
ekiledjian @edwardk

Botnet takes advantage of AWS outage to hit 28 countries
theregister.com/2025/11/26/mir

A Mirai-based botnet known as ShadowV2 surfaced during last October’s large-scale AWS outage, compromising IoT devices across multiple sectors and regions. Fortinet’s FortiGuard Labs suggests the activity may have been a “test run” for future, more disruptive campaigns.

Once the malware infiltrates vulnerable devices, it assembles them into a distributed network that can be remotely controlled to execute large-scale operations, including distributed denial-of-service (DDoS) attacks.

The botnet spread by exploiting several vulnerabilities affecting devices from multiple vendors, including:
• DD-WRT: CVE-2009-2765
• D-Link: CVE-2020-25506, CVE-2022-37055, CVE-2024-10914, CVE-2024-10915
• DigiEver: CVE-2023-52163
• TBK: CVE-2024-3721
• TP-Link: CVE-2024-53375

These details were outlined by Fortinet antivirus analyst Vincent Li in a Wednesday blog post.

  • 0
  • 0
  • 0
  • 23h ago

CVE-2023-52163

Overview

  • Pending
03 Feb 2025
Published
05 Feb 2025
Updated
CVSS
Pending
EPSS
0.15%
KEV

Description

Digiever DS-2105 Pro 3.1.0.71-11 devices allow time_tzsetup.cgi Command Injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Statistics

  • 1 Post
Last activity: 23 hours ago

Fediverse

Profile picture
ekiledjian @edwardk

Botnet takes advantage of AWS outage to hit 28 countries
theregister.com/2025/11/26/mir

A Mirai-based botnet known as ShadowV2 surfaced during last October’s large-scale AWS outage, compromising IoT devices across multiple sectors and regions. Fortinet’s FortiGuard Labs suggests the activity may have been a “test run” for future, more disruptive campaigns.

Once the malware infiltrates vulnerable devices, it assembles them into a distributed network that can be remotely controlled to execute large-scale operations, including distributed denial-of-service (DDoS) attacks.

The botnet spread by exploiting several vulnerabilities affecting devices from multiple vendors, including:
• DD-WRT: CVE-2009-2765
• D-Link: CVE-2020-25506, CVE-2022-37055, CVE-2024-10914, CVE-2024-10915
• DigiEver: CVE-2023-52163
• TBK: CVE-2024-3721
• TP-Link: CVE-2024-53375

These details were outlined by Fortinet antivirus analyst Vincent Li in a Wednesday blog post.

  • 0
  • 0
  • 0
  • 23h ago
Showing 21 to 29 of 29 CVEs