EUVD-2022-55966

DrayTek Vigor 2960 firmware versions prior to 1.5.1.4 contain an OS command injection vulnerability in the CGI login handler that allows unauthenticated remote attackers to execute arbitrary commands by injecting shell metacharacters into the formpassword parameter. Attackers can exploit...

CVE-2022-50994

DrayTek Vigor 2960 firmware versions prior to 1.5.1.4 contain an OS command injection vulnerability in the CGI login handler that allows unauthenticated remote attackers to execute arbitrary commands by injecting shell metacharacters into the formpassword parameter. Attackers can exploit...

CVE-2022-50994

The affected product is DrayTek Vigor 2960 with firmware versions prior to 1.5.1.4. The vulnerability is an OS command injection in the CGI login handler, exploitable by an unauthenticated remote attacker who injects shell metacharacters into the formpassword parameter; the input reaches the otp_...

CVE-2022-50994 DrayTek Vigor 2960 < 1.5.1.4 OS Command Injection via mainfunction.cgi

DrayTek Vigor 2960 firmware versions prior to 1.5.1.4 contain an OS command injection vulnerability in the CGI login handler that allows unauthenticated remote attackers to execute arbitrary commands by injecting shell metacharacters into the formpassword parameter. Attackers can exploit...

CVE-2022-50994 DrayTek Vigor 2960 < 1.5.1.4 OS Command Injection via mainfunction.cgi

DrayTek Vigor 2960 firmware versions prior to 1.5.1.4 contain an OS command injection vulnerability in the CGI login handler that allows unauthenticated remote attackers to execute arbitrary commands by injecting shell metacharacters into the formpassword parameter. Attackers can exploit...

DrayTek Vigor 2960 操作系统命令注入漏洞

The DrayTek Vigor 2960 is a router product developed by DrayTek Corporation. Versions prior to 1.5.1.4 of the DrayTek Vigor 2960 contained an operating system command injection vulnerability. This vulnerability stemmed from issues with OS command injection in the CGI login processing mechanism. I...

PT-2026-38912

Name of the Vulnerable Software and Affected Versions DrayTek Vigor 2960 versions prior to 1.5.1.4 Description An OS command injection issue exists in the CGI login handler. Unauthenticated remote attackers can execute arbitrary commands with web server privileges by injecting shell metacharacter...

CVE-2026-2960

creationtimestamp| type| source ---|---|--- 2026-02-22 07:34:36+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116113124611885174 2026-02-23 01:18:42+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mfiialliz52h 2026-02-23 07:30:29+00:00| seen|...

PT-2026-21453

Name of the Vulnerable Software and Affected Versions D-Link DWR-M960 version 1.01.07 Description A flaw exists in the D-Link DWR-M960 router firmware. The issue is located in the sub 468D64 function within the /boafrm/formDhcpv6s module. Manipulation of the submit-url argument can lead to a...

CVE-2024-2960

The SVS Pricing Tables plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the deletePricingTable function. This makes it possible for unauthenticated attackers to delete pricing tabl...

EUVD-2020-24502

Malware in sbrugna...

EUVD-2022-2960

Malicious code in bioql PyPI...

CVE-2023-1162

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, was found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5. Affected is an unknown function of the file mainfunction.cgi of the component Web Management Interface. The manipulation of the argument password leads to command injectio...

CVE-2023-1163

UNSUPPORTED WHEN ASSIGNED A vulnerability has been found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5 and classified as critical. Affected by this vulnerability is the function getSyslogFile of the file mainfunction.cgi of the component Web Management Interface. The manipulation of the argument option...

CVE-2011-2960

Heap-based buffer overflow in httpsvr.exe 6.0.5.3 in Sunway ForceControl 6.1 SP1, SP2, and SP3 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted URL...

CVE-2025-2960

A vulnerability classified as problematic has been found in TRENDnet TEW-637AP and TEW-638APB 1.2.7/1.3.0.106. This affects the function sub41DED0 of the file /bin/goahead of the component HTTP Request Handler. The manipulation leads to null pointer dereference. Access to the local network is...

CVE-2025-2960

creationtimestamp| type| source ---|---|--- 2025-03-30 21:30:16+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/9555 2025-03-31 00:00:36+00:00| seen| Telegram/JCqGZnmqi4Q06s52iyJKn9bwHh6kd2GSSD3RMAB9rTxvSw 2025-03-31 00:47:02+00:00| seen| https://t.me/cvedetector/21525...

CVE-2025-2960

A vulnerability classified as problematic has been found in TRENDnet TEW-637AP and TEW-638APB 1.2.7/1.3.0.106. This affects the function sub41DED0 of the file /bin/goahead of the component HTTP Request Handler. The manipulation leads to null pointer dereference. Access to the local network is...

CVE-2025-2960

The CVE-2025-2960 issue affects TRENDnet TEW-637AP and TEW-638APB (versions 1.2.7–1.3.0.106). Affects the HTTP Request Handler’s sub_41DED0 in /bin/goahead, causing a null pointer dereference when processing requests. Local-network access is required to exploit. Public disclosure of the exploit i...

CVE-2025-2960 TRENDnet TEW-637AP/TEW-638APB HTTP Request goahead sub_41DED0 null pointer dereference

A vulnerability classified as problematic has been found in TRENDnet TEW-637AP and TEW-638APB 1.2.7/1.3.0.106. This affects the function sub41DED0 of the file /bin/goahead of the component HTTP Request Handler. The manipulation leads to null pointer dereference. Access to the local network is...