CWE-266
AllowedIncorrect Privilege Assignment
Abstraction: Base · Status: Draft
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
1913 vulnerabilities reference this CWE, most recent first.
GHSA-JJX5-R5W6-73PH
Vulnerability from github – Published: 2025-03-20 18:30 – Updated: 2025-03-20 18:30A vulnerability was found in D-Link DIR-618 and DIR-605L 2.02/3.02 and classified as problematic. Affected by this issue is some unknown functionality of the file /goform/formSetDDNS of the component DDNS Service. The manipulation leads to improper access controls. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
{
"affected": [],
"aliases": [
"CVE-2025-2550"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-20T17:15:38Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in D-Link DIR-618 and DIR-605L 2.02/3.02 and classified as problematic. Affected by this issue is some unknown functionality of the file /goform/formSetDDNS of the component DDNS Service. The manipulation leads to improper access controls. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.",
"id": "GHSA-jjx5-r5w6-73ph",
"modified": "2025-03-20T18:30:31Z",
"published": "2025-03-20T18:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2550"
},
{
"type": "WEB",
"url": "https://lavender-bicycle-a5a.notion.site/D-Link-DIR-605L-formSetDDNS-1b153a41781f80feb80bd24afc8f83d5?pvs=4"
},
{
"type": "WEB",
"url": "https://lavender-bicycle-a5a.notion.site/D-Link-DIR-618-formSetDDNS-1b053a41781f80659702da9a589e4f4a?pvs=4"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.300164"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.300164"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.516792"
},
{
"type": "WEB",
"url": "https://www.dlink.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-JM43-HRQ7-R7W6
Vulnerability from github – Published: 2025-06-13 20:24 – Updated: 2026-04-14 18:26Impact
Pages can gain script or programming rights when they contain a link and the target of the link is renamed or moved. This might lead to execution of scripts contained in xobjects that should have never been executed. This vulnerability affects all version of XWiki since 8.2 and 7.4.5.
Patches
The patch consists in only setting the originalMetadataAuthor when performing such change, so that it's displayed in the history but it has no impact on the right evaluation (i.e. the original author of the changes is still used for right computation).
This patch has been applied on XWiki 16.4.7, 17.1.0RC1, 16.10.4.
Workarounds
There's no workaround for this vulnerability, except preventing to perform any refactoring operation with users having more than edit rights.
Administrators are strongly advised to upgrade. If not possible, the patch only impacts module xwiki-platform-refactoring-default so it's possible to apply the commit and rebuild and deploy only that module.
CVSS explanation
Attack vector: Network - Always for XWiki. Complexity: Low - The set of operations to perform the attack is quite easy. Attack requirements: None - Any system is vulnerable, it doesn't depend on specific condition other than user interaction. Privileges required: Low - The attacker only needs edit rights. User interaction: Active - To be successful the attack needs someone with more rights to perform a move/rename of a specific page. Confidentiality: High - The attack might lead to execution of any script. Integrity: High - The attack might lead to execution of any script. Availability: High - The attack might lead to execution of any script. Subsequent system impacts: None for any criteria. Only current system is affected.
For more information
If you have any questions or comments about this advisory: * Open an issue in Jira XWiki.org * Email us at Security Mailing List
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.xwiki.platform:xwiki-platform-refactoring-default"
},
"ranges": [
{
"events": [
{
"introduced": "17.0.0-rc-1"
},
{
"fixed": "17.1.0-rc-1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.xwiki.platform:xwiki-platform-refactoring-default"
},
"ranges": [
{
"events": [
{
"introduced": "16.5.0-rc-1"
},
{
"fixed": "16.10.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.xwiki.platform:xwiki-platform-refactoring-default"
},
"ranges": [
{
"events": [
{
"introduced": "8.2"
},
{
"fixed": "16.4.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c 8.0-milestone-1"
},
"package": {
"ecosystem": "Maven",
"name": "org.xwiki.platform:xwiki-platform-refactoring-default"
},
"ranges": [
{
"events": [
{
"introduced": "7.4.5"
},
{
"fixed": "16.4.7"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-49580"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": true,
"github_reviewed_at": "2025-06-13T20:24:24Z",
"nvd_published_at": "2025-06-13T16:15:27Z",
"severity": "HIGH"
},
"details": "### Impact\n\nPages can gain script or programming rights when they contain a link and the target of the link is renamed or moved. This might lead to execution of scripts contained in xobjects that should have never been executed. \nThis vulnerability affects all version of XWiki since 8.2 and 7.4.5.\n\n### Patches\n\nThe patch consists in only setting the `originalMetadataAuthor` when performing such change, so that it\u0027s displayed in the history but it has no impact on the right evaluation (i.e. the original author of the changes is still used for right computation). \n\nThis patch has been applied on XWiki 16.4.7, 17.1.0RC1, 16.10.4.\n\n### Workarounds\n\nThere\u0027s no workaround for this vulnerability, except preventing to perform any refactoring operation with users having more than edit rights. \nAdministrators are strongly advised to upgrade. If not possible, the patch only impacts module `xwiki-platform-refactoring-default` so it\u0027s possible to apply the commit and rebuild and deploy only that module.\n\n### CVSS explanation\n\nAttack vector: Network - Always for XWiki.\nComplexity: Low - The set of operations to perform the attack is quite easy.\nAttack requirements: None - Any system is vulnerable, it doesn\u0027t depend on specific condition other than user interaction.\nPrivileges required: Low - The attacker only needs edit rights.\nUser interaction: Active - To be successful the attack needs someone with more rights to perform a move/rename of a specific page.\nConfidentiality: High - The attack might lead to execution of any script.\nIntegrity: High - The attack might lead to execution of any script.\nAvailability: High - The attack might lead to execution of any script.\nSubsequent system impacts: None for any criteria. Only current system is affected.\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n* Open an issue in [Jira XWiki.org](https://jira.xwiki.org/)\n* Email us at [Security Mailing List](mailto:security@xwiki.org)",
"id": "GHSA-jm43-hrq7-r7w6",
"modified": "2026-04-14T18:26:09Z",
"published": "2025-06-13T20:24:24Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-jm43-hrq7-r7w6"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49580"
},
{
"type": "WEB",
"url": "https://github.com/xwiki/xwiki-platform/commit/ab209acd780da69a4c5ff77ff011efd698273cec"
},
{
"type": "PACKAGE",
"url": "https://github.com/xwiki/xwiki-platform"
},
{
"type": "WEB",
"url": "https://jira.xwiki.org/browse/XWIKI-22836"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "XWiki allows privilege escalation through link refactoring"
}
GHSA-JMC9-6MCV-32WV
Vulnerability from github – Published: 2022-05-24 17:11 – Updated: 2023-02-02 21:33A vulnerability was found in openshift/template-service-broker-operator in all 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the openshift/template-service-broker-operator. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.
{
"affected": [],
"aliases": [
"CVE-2020-1705"
],
"database_specific": {
"cwe_ids": [
"CWE-266",
"CWE-732"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-03-19T16:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in openshift/template-service-broker-operator in all 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the openshift/template-service-broker-operator. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.",
"id": "GHSA-jmc9-6mcv-32wv",
"modified": "2023-02-02T21:33:40Z",
"published": "2022-05-24T17:11:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1705"
},
{
"type": "WEB",
"url": "https://access.redhat.com/articles/4859371"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHBA-2020:1278"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:0866"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2020-1705"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793304"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1705"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JMMC-J836-R5V7
Vulnerability from github – Published: 2025-12-24 21:30 – Updated: 2025-12-24 21:30Microhard Systems IPn4G 1.1.0 contains multiple authenticated remote code execution vulnerabilities in the admin interface that allow attackers to create crontab jobs and modify system startup scripts. Attackers can exploit hidden admin features to execute arbitrary commands with root privileges, including starting services, disabling firewalls, and writing files to the system.
{
"affected": [],
"aliases": [
"CVE-2018-25148"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-24T20:15:49Z",
"severity": "HIGH"
},
"details": "Microhard Systems IPn4G 1.1.0 contains multiple authenticated remote code execution vulnerabilities in the admin interface that allow attackers to create crontab jobs and modify system startup scripts. Attackers can exploit hidden admin features to execute arbitrary commands with root privileges, including starting services, disabling firewalls, and writing files to the system.",
"id": "GHSA-jmmc-j836-r5v7",
"modified": "2025-12-24T21:30:32Z",
"published": "2025-12-24T21:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25148"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/45038"
},
{
"type": "WEB",
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5479.php"
},
{
"type": "WEB",
"url": "http://www.microhardcorp.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-JPF3-PMMR-RR7V
Vulnerability from github – Published: 2026-04-25 12:32 – Updated: 2026-04-25 12:32A security vulnerability has been detected in vanna-ai vanna up to 2.0.2. The affected element is an unknown function of the component Legacy Flask API. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2026-6977"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-25T11:16:19Z",
"severity": "MODERATE"
},
"details": "A security vulnerability has been detected in vanna-ai vanna up to 2.0.2. The affected element is an unknown function of the component Legacy Flask API. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-jpf3-pmmr-rr7v",
"modified": "2026-04-25T12:32:04Z",
"published": "2026-04-25T12:32:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6977"
},
{
"type": "WEB",
"url": "https://github.com/yidaozhongqing/York/issues/2"
},
{
"type": "WEB",
"url": "https://vuldb.com/submit/795331"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/359520"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/359520/cti"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-JPFG-XQCG-WG8P
Vulnerability from github – Published: 2026-02-07 09:32 – Updated: 2026-02-07 09:32A vulnerability was detected in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function addPermission/updatePermission/deletePermission of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\PermissionController.java of the component Permission Management. Performing a manipulation results in improper authorization. The attack may be initiated remotely. The exploit is now public and may be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The project was informed of the problem early through an issue report but has not responded yet.
{
"affected": [],
"aliases": [
"CVE-2026-2078"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-07T08:15:51Z",
"severity": "MODERATE"
},
"details": "A vulnerability was detected in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function addPermission/updatePermission/deletePermission of the file dataset\\repos\\warehouse\\src\\main\\java\\com\\yeqifu\\sys\\controller\\PermissionController.java of the component Permission Management. Performing a manipulation results in improper authorization. The attack may be initiated remotely. The exploit is now public and may be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The project was informed of the problem early through an issue report but has not responded yet.",
"id": "GHSA-jpfg-xqcg-wg8p",
"modified": "2026-02-07T09:32:03Z",
"published": "2026-02-07T09:32:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2078"
},
{
"type": "WEB",
"url": "https://github.com/yeqifu/warehouse/issues/55"
},
{
"type": "WEB",
"url": "https://github.com/yeqifu/warehouse/issues/55#issue-3846656775"
},
{
"type": "WEB",
"url": "https://github.com/yeqifu/warehouse"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.344644"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.344644"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.745513"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-JQ8X-V7JW-V675
Vulnerability from github – Published: 2025-06-06 15:30 – Updated: 2025-07-31 18:31Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-m65q-v92h-cm7q. This link is maintained to preserve external references.
Original Description
A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "users"
},
"ranges": [
{
"events": [
{
"introduced": "0.8.0"
},
{
"last_affected": "0.11.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": true,
"github_reviewed_at": "2025-06-06T23:16:21Z",
"nvd_published_at": "2025-06-06T14:15:23Z",
"severity": "HIGH"
},
"details": "### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-m65q-v92h-cm7q. This link is maintained to preserve external references.\n\n### Original Description\nA flaw was found in the user\u0027s crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list.",
"id": "GHSA-jq8x-v7jw-v675",
"modified": "2025-07-31T18:31:57Z",
"published": "2025-06-06T15:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5791"
},
{
"type": "WEB",
"url": "https://github.com/ogham/rust-users/issues/44"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:12359"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2025-5791"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370001"
},
{
"type": "WEB",
"url": "https://crates.io/crates/users"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2025-0040.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Duplicate Advisory: users may append `root` to group listings",
"withdrawn": "2025-06-06T23:16:21Z"
}
GHSA-JRGQ-7F9R-3MM2
Vulnerability from github – Published: 2025-09-04 21:31 – Updated: 2025-09-05 18:31In createMultiProfilePagerAdapter of ChooserActivity.java , there is a possible way for an app to launch the ChooserActivity in another profile due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2025-48526"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-04T19:15:38Z",
"severity": "MODERATE"
},
"details": "In createMultiProfilePagerAdapter of ChooserActivity.java , there is a possible way for an app to launch the ChooserActivity in another profile due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.",
"id": "GHSA-jrgq-7f9r-3mm2",
"modified": "2025-09-05T18:31:19Z",
"published": "2025-09-04T21:31:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48526"
},
{
"type": "WEB",
"url": "https://android.googlesource.com/platform/packages/modules/IntentResolver/+/923a5673ac9d4b366097a8912a04e40e85111ed4"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2025-09-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JV85-6MGR-3W99
Vulnerability from github – Published: 2026-02-26 00:31 – Updated: 2026-03-08 09:30A vulnerability has been found in fosrl Pangolin up to 1.15.4-s.3. This affects the function verifyRoleAccess/verifyApiKeyRoleAccess of the component Role Handler. The manipulation leads to improper access controls. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. Upgrading to version 1.15.4-s.4 mitigates this issue. The identifier of the patch is 5e37c4e85fae68e756be5019a28ca903b161fdd5. Upgrading the affected component is advised.
{
"affected": [],
"aliases": [
"CVE-2026-3209"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-25T23:16:21Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been found in fosrl Pangolin up to 1.15.4-s.3. This affects the function verifyRoleAccess/verifyApiKeyRoleAccess of the component Role Handler. The manipulation leads to improper access controls. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. Upgrading to version 1.15.4-s.4 mitigates this issue. The identifier of the patch is 5e37c4e85fae68e756be5019a28ca903b161fdd5. Upgrading the affected component is advised.",
"id": "GHSA-jv85-6mgr-3w99",
"modified": "2026-03-08T09:30:20Z",
"published": "2026-02-26T00:31:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3209"
},
{
"type": "WEB",
"url": "https://github.com/fosrl/pangolin/pull/2511"
},
{
"type": "WEB",
"url": "https://github.com/fosrl/pangolin/commit/5e37c4e85fae68e756be5019a28ca903b161fdd5"
},
{
"type": "WEB",
"url": "https://gist.github.com/henrrrychau/0457bef6776d0c99688f9cf55cdf55f7"
},
{
"type": "WEB",
"url": "https://github.com/fosrl/pangolin"
},
{
"type": "WEB",
"url": "https://github.com/fosrl/pangolin/releases/tag/1.15.4-s.4"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.347796"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.347796"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.765676"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.766215"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-JVJW-3FF6-JFJH
Vulnerability from github – Published: 2025-04-16 06:31 – Updated: 2025-04-16 06:31A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. It has been classified as critical. This affects the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2025-3667"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-16T05:15:32Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. It has been classified as critical. This affects the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-jvjw-3ff6-jfjh",
"modified": "2025-04-16T06:31:02Z",
"published": "2025-04-16T06:31:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3667"
},
{
"type": "WEB",
"url": "https://lavender-bicycle-a5a.notion.site/TOTOLINK-A3700R-setUPnPCfg-1cb53a41781f802b8b16f973366ee5e3?pvs=4"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.304845"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.304845"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.551299"
},
{
"type": "WEB",
"url": "https://www.totolink.net"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation MIT-1
Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation MIT-17
Strategy: Environment Hardening
Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
No CAPEC attack patterns related to this CWE.