115 matches found
EUVD-2026-39629
An unauthenticated NULL pointer dereference vulnerability exists in IEEE8021xupload.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper validation of multipart upload headers when processing certificate-related upload fields. A remote attacker may...
CVE-2026-57873
GeoVision GV-LPC2011 and GV-LPC2211 (V1.12 and earlier) are affected by CVE-2026-57873 due to an unauthenticated NULL pointer dereference in the IEEE8021x_upload.cgi handler. The root cause is improper validation of multipart upload headers when processing certificate-related upload fields, which...
EUVD-2026-31673
A vulnerability has been found in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function UploadOpenVpnCert of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument FileName leads to os command injection. Remote exploitation of the...
CVE-2026-20199
A vulnerability in the SSL certificate handling of Cisco ThousandEyes Virtual Appliance could allow an authenticated, remote attacker to execute commands on the underlying operating system as the root user. This vulnerability is due to insufficient validation of user-supplied input. An...
CVE-2026-20199
A vulnerability in the SSL certificate handling of Cisco ThousandEyes Virtual Appliance could allow an authenticated, remote attacker to execute commands on the underlying operating system as the root user. This vulnerability is due to insufficient validation of user-supplied input. An...
PT-2026-42191
Name of the Vulnerable Software and Affected Versions Cisco ThousandEyes Virtual Appliance affected versions not specified Description Insufficient validation of user-supplied input in the SSL certificate handling allows an authenticated remote attacker with administrative credentials to execute...
Security Bulletin: This Power System update is being released to address CVE-2026-22796
Summary This impacts the BMC administrator function to upload a certificate or firmware image. Uploading a malicious digitally-signed file may cause the BMC the become unavailable. Vulnerability Details CVEID:CVE-2026-22796 DESCRIPTION: Issue summary: A type confusion vulnerability exists in the...
Security Bulletin: This Power System update is being released to address CVE-2026-22796
Summary This impacts the FSP administrator function to upload a certificate or firmware image. Uploading a malicious digitally-signed file may cause the FSP the become unavailable. Vulnerability Details CVEID:CVE-2026-22796 DESCRIPTION: Issue summary: A type confusion vulnerability exists in the...
CVE-2026-6139 Totolink A7100RU CGI cstecgi.cgi UploadOpenVpnCert os command injection
A vulnerability has been found in Totolink A7100RU 7.4cu.2313b20191024. This affects the function UploadOpenVpnCert of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument FileName leads to os command injection. The attack can be launched remotely. The...
Exploit for CVE-2026-3891
Pix for WooCommerce 📜 Description...
📄 ASUS Router Multi-Stage Command Injection
A multi‑stage command injection vulnerability allows an attacker to achieve remote command execution on a vulnerable ASUS router by abusing the SETROOTCERTIFICATE and APPLYAPP HTTP methods. In the first stage, a malicious shell script is uploaded to the target system disguised as a certificate fi...
CVE-2023-49257
An authenticated user is able to upload an arbitrary CGI-compatible file using the certificate upload utility and execute it with the root user privileges...
CVE-2025-40935
A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X All versions V5.10.1, RUGGEDCOM RS416Pv2 V5.X All versions V5.10.1, RUGGEDCOM RS416v2 V5.X All versions V5.10.1, RUGGEDCOM RS900 32M V5.X All versions V5.10.1, RUGGEDCOM RS900G 32M V5.X All versions V5.10.1, RUGGEDCOM RSG2100 32M V5.X...
Siemens RUGGEDCOM ROS Improper Input Validation (CVE-2025-40935)
Affected devices do not properly validate input during the TLS certificate upload process of the web service. This could allow an authenticated remote attacker to trigger a device crash and reboot, leading to a temporary Denial of Service on the device. This plugin only works with Tenable.ot...
CVE-2025-68916
Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/certsupload.cgi /../ directory traversal for file upload with resultant code execution...
EUVD-2025-201920
A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X All versions V5.10.1, RUGGEDCOM RS416Pv2 V5.X All versions V5.10.1, RUGGEDCOM RS416v2 V5.X All versions V5.10.1, RUGGEDCOM RS900 32M V5.X All versions V5.10.1, RUGGEDCOM RS900G 32M V5.X All versions V5.10.1, RUGGEDCOM RSG2100 32M V5.X...
CVE-2025-40935
A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X All versions V5.10.1, RUGGEDCOM RS416Pv2 V5.X All versions V5.10.1, RUGGEDCOM RS416v2 V5.X All versions V5.10.1, RUGGEDCOM RS900 32M V5.X All versions V5.10.1, RUGGEDCOM RS900G 32M V5.X All versions V5.10.1, RUGGEDCOM RSG2100 32M V5.X...
CVE-2025-40935
A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X All versions V5.10.1, RUGGEDCOM RS416Pv2 V5.X All versions V5.10.1, RUGGEDCOM RS416v2 V5.X All versions V5.10.1, RUGGEDCOM RS900 32M V5.X All versions V5.10.1, RUGGEDCOM RS900G 32M V5.X All versions V5.10.1, RUGGEDCOM RSG2100 32M V5.X...
CVE-2025-40935
A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X All versions V5.10.1, RUGGEDCOM RS416Pv2 V5.X All versions V5.10.1, RUGGEDCOM RS416v2 V5.X All versions V5.10.1, RUGGEDCOM RS900 32M V5.X All versions V5.10.1, RUGGEDCOM RS900G 32M V5.X All versions V5.10.1, RUGGEDCOM RSG2100 32M V5.X...
CVE-2025-40935
Summary: CVE-2025-40935 affects Siemens/RUGGEDCOM ROS/RMC8388 and related devices. The issue is an input validation error during the TLS certificate upload in the web service, which could allow an authenticated remote attacker to crash and reboot the device, causing a temporary Denial of Service....