113 matches found
EUVD-2026-31673
A vulnerability has been found in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function UploadOpenVpnCert of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument FileName leads to os command injection. Remote exploitation of the...
CVE-2026-20199
A vulnerability in the SSL certificate handling of Cisco ThousandEyes Virtual Appliance could allow an authenticated, remote attacker to execute commands on the underlying operating system as the root user. This vulnerability is due to insufficient validation of user-supplied input. An...
CVE-2026-20199
A vulnerability in the SSL certificate handling of Cisco ThousandEyes Virtual Appliance could allow an authenticated, remote attacker to execute commands on the underlying operating system as the root user. This vulnerability is due to insufficient validation of user-supplied input. An...
PT-2026-42191
A vulnerability in the SSL certificate handling of Cisco ThousandEyes Virtual Appliance could allow an authenticated, remote attacker to execute commands on the underlying operating system as the root user. This vulnerability is due to insufficient validation of user-supplied input. An...
Security Bulletin: This Power System update is being released to address CVE-2026-22796
Summary This impacts the BMC administrator function to upload a certificate or firmware image. Uploading a malicious digitally-signed file may cause the BMC the become unavailable. Vulnerability Details CVEID:CVE-2026-22796 DESCRIPTION: Issue summary: A type confusion vulnerability exists in the...
Security Bulletin: This Power System update is being released to address CVE-2026-22796
Summary This impacts the FSP administrator function to upload a certificate or firmware image. Uploading a malicious digitally-signed file may cause the FSP the become unavailable. Vulnerability Details CVEID:CVE-2026-22796 DESCRIPTION: Issue summary: A type confusion vulnerability exists in the...
CVE-2026-6139 Totolink A7100RU CGI cstecgi.cgi UploadOpenVpnCert os command injection
A vulnerability has been found in Totolink A7100RU 7.4cu.2313b20191024. This affects the function UploadOpenVpnCert of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument FileName leads to os command injection. The attack can be launched remotely. The...
Exploit for CVE-2026-3891
Pix for WooCommerce 📜 Description...
📄 ASUS Router Multi-Stage Command Injection
A multi‑stage command injection vulnerability allows an attacker to achieve remote command execution on a vulnerable ASUS router by abusing the SETROOTCERTIFICATE and APPLYAPP HTTP methods. In the first stage, a malicious shell script is uploaded to the target system disguised as a certificate fi...
CVE-2023-49257
An authenticated user is able to upload an arbitrary CGI-compatible file using the certificate upload utility and execute it with the root user privileges...
CVE-2025-40935
A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X All versions V5.10.1, RUGGEDCOM RS416Pv2 V5.X All versions V5.10.1, RUGGEDCOM RS416v2 V5.X All versions V5.10.1, RUGGEDCOM RS900 32M V5.X All versions V5.10.1, RUGGEDCOM RS900G 32M V5.X All versions V5.10.1, RUGGEDCOM RSG2100 32M V5.X...
Siemens RUGGEDCOM ROS Improper Input Validation (CVE-2025-40935)
Affected devices do not properly validate input during the TLS certificate upload process of the web service. This could allow an authenticated remote attacker to trigger a device crash and reboot, leading to a temporary Denial of Service on the device. This plugin only works with Tenable.ot...
CVE-2025-68916
Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/certsupload.cgi /../ directory traversal for file upload with resultant code execution...
EUVD-2025-201920
A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X All versions V5.10.1, RUGGEDCOM RS416Pv2 V5.X All versions V5.10.1, RUGGEDCOM RS416v2 V5.X All versions V5.10.1, RUGGEDCOM RS900 32M V5.X All versions V5.10.1, RUGGEDCOM RS900G 32M V5.X All versions V5.10.1, RUGGEDCOM RSG2100 32M V5.X...
CVE-2025-40935
A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X All versions V5.10.1, RUGGEDCOM RS416Pv2 V5.X All versions V5.10.1, RUGGEDCOM RS416v2 V5.X All versions V5.10.1, RUGGEDCOM RS900 32M V5.X All versions V5.10.1, RUGGEDCOM RS900G 32M V5.X All versions V5.10.1, RUGGEDCOM RSG2100 32M V5.X...
CVE-2025-40935
A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X All versions V5.10.1, RUGGEDCOM RS416Pv2 V5.X All versions V5.10.1, RUGGEDCOM RS416v2 V5.X All versions V5.10.1, RUGGEDCOM RS900 32M V5.X All versions V5.10.1, RUGGEDCOM RS900G 32M V5.X All versions V5.10.1, RUGGEDCOM RSG2100 32M V5.X...
CVE-2025-40935
Summary: CVE-2025-40935 affects Siemens/RUGGEDCOM ROS/RMC8388 and related devices. The issue is an input validation error during the TLS certificate upload in the web service, which could allow an authenticated remote attacker to crash and reboot the device, causing a temporary Denial of Service....
CVE-2025-40935
A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X All versions V5.10.1, RUGGEDCOM RS416Pv2 V5.X All versions V5.10.1, RUGGEDCOM RS416v2 V5.X All versions V5.10.1, RUGGEDCOM RS900 32M V5.X All versions V5.10.1, RUGGEDCOM RS900G 32M V5.X All versions V5.10.1, RUGGEDCOM RSG2100 32M V5.X...
PT-2025-49841
A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X All versions V5.10.1, RUGGEDCOM RS416Pv2 V5.X All versions V5.10.1, RUGGEDCOM RS416v2 V5.X All versions V5.10.1, RUGGEDCOM RS900 32M V5.X All versions V5.10.1, RUGGEDCOM RS900G 32M V5.X All versions V5.10.1, RUGGEDCOM RSG2100 32M V5.X...
EUVD-2017-16453
Malware in sbrugna...