19 matches found
EUVD-2025-23640
Malicious code in bioql PyPI...
CVE-2025-43978
Jointelli 5G CPE 21H01 firmware JY21H01A3v1.36 devices allow blind OS command injection. Multiple endpoints are vulnerable, including /ubus/?flag=setWPSpin and /ubus/?flag=netAppStar1 and /ubus/?flag=setwificfgs. This allows an authenticated attacker to execute arbitrary OS commands with root...
PT-2025-31946
Name of the Vulnerable Software and Affected Versions Jointelli 5G CPE 21H01 firmware version 1.36 Description Jointelli 5G CPE 21H01 firmware version 1.36 contains a blind OS command injection issue. Multiple API endpoints are vulnerable, including /ubus/?flag=set WPS pin, /ubus/?flag=netAppStar...
CVE-2025-43978
Jointelli 5G CPE 21H01 firmware JY_21H01_A3_v1.36 is affected by a blind OS command injection affecting multiple endpoints (including /ubus/?flag=set_WPS_pin, /ubus/?flag=netAppStar1, /ubus/?flag=set_wifi_cfgs). An authenticated attacker can execute arbitrary OS commands with root privileges by s...
CVE-2025-43978
Jointelli 5G CPE 21H01 firmware JY21H01A3v1.36 devices allow blind OS command injection. Multiple endpoints are vulnerable, including /ubus/?flag=setWPSpin and /ubus/?flag=netAppStar1 and /ubus/?flag=setwificfgs. This allows an authenticated attacker to execute arbitrary OS commands with root...
CVE-2025-43978
Jointelli 5G CPE 21H01 firmware JY21H01A3v1.36 devices allow blind OS command injection. Multiple endpoints are vulnerable, including /ubus/?flag=setWPSpin and /ubus/?flag=netAppStar1 and /ubus/?flag=setwificfgs. This allows an authenticated attacker to execute arbitrary OS commands with root...
CVE-2024-28729
An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M1.34ME allows a local attacker to execute arbitrary code via a crafted request...
CVE-2024-48440
Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router NR500-EA RG500UEAABxCOMSLICv3.2.2543.12.18 was discovered to contain a command injection vulnerability via the component atcommand.asp...
CVE-2024-28729
An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M1.34ME allows a local attacker to execute arbitrary code via a crafted request...
CVE-2024-28729
An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M1.34ME allows a local attacker to execute arbitrary code via a crafted request...
CVE-2024-28726
CVE-2024-28726 affects D-Link DWR-2000M 5G CPE with WiFi 6 Ax1800 and D-Link DWR-2000M 1.34ME. A local attacker can execute arbitrary code by sending a crafted payload to the device’s Diagnostics function. Exploitation is described as local with low privileges required and no user interaction, po...
CVE-2024-28726
An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M1.34ME allows a local attacker to execute arbitrary code via a crafted payload to the Diagnostics function...
CVE-2024-28728
CVE-2024-28728 describes a Cross Site Scripting vulnerability in D-Link DWR-2000M 5G CPE with Wi-Fi 6 Ax1800 and D-Link DWR-2000M_1.34ME. The issue arises from handling of the WiFi SSID Name field, allowing a local attacker to obtain sensitive information via a crafted payload. Affected product/v...
CVE-2024-48442
Incorrect access control in Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router NR500-EA RG500UEAABxCOMSLICv3.2.2543.12.18 allows attackers to access the SSH protocol without authentication...
CVE-2024-48440
Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router NR500-EA RG500UEAABxCOMSLICv3.2.2543.12.18 was discovered to contain a command injection vulnerability via the component atcommand.asp...
CVE-2024-48440
Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router NR500-EA RG500UEAABxCOMSLICv3.2.2543.12.18 was discovered to contain a command injection vulnerability via the component atcommand.asp...
CVE-2024-48442
Incorrect access control in Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router NR500-EA RG500UEAABxCOMSLICv3.2.2543.12.18 allows attackers to access the SSH protocol without authentication...
CVE-2024-48442
Incorrect access control in Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router NR500-EA RG500UEAABxCOMSLICv3.2.2543.12.18 allows attackers to access the SSH protocol without authentication...
CVE-2024-48442
CVE-2024-48442 affects Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router NR500-EA RG500UEAABxCOMSLIC, version 3.2.2543.12.18. Root cause is an incorrect access control that allows unauthenticated SSH access. Reported impact is confidentiality exposure via SSH without authentication; no...