42 matches found
CVE-2026-45158 OPNsense: Command Injection via Attacker-Controlled DHCP Config
OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.8, unsanitized user input is passed to the DHCP configuration of the configured interface, which is processed by a shell script, allowing remote code execution as root on the underlying operating system. This vulnerability i...
CVE-2026-45158
OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.8, unsanitized user input is passed to the DHCP configuration of the configured interface, which is processed by a shell script, allowing remote code execution as root on the underlying operating system. This vulnerability i...
Deciso OPNsense 参数注入漏洞
Deciso OPNsense is a set of open-source firewall and routing software based on FreeBSD developed by the Dutch company Deciso. Versions of Decivo OPNsense prior to 26.1.8 had a parameter injection vulnerability. This vulnerability stemmed from uncleaned user input being passed into DHCP...
CVE-2026-1460
A post-authentication command injection vulnerability in the “DomainName” parameter of the DHCP configuration file in Zyxel DX3301-T0 and EX3301-T0 firmware versions through 5.50ABVY.7.1C0 could allow an authenticated attacker with administrator privileges to execute OS commands on an affected...
CVE-2026-1460
A post-authentication command injection vulnerability in the “DomainName” parameter of the DHCP configuration file in Zyxel DX3301-T0 and EX3301-T0 firmware versions through 5.50ABVY.7.1C0 could allow an authenticated attacker with administrator privileges to execute OS commands on an affected...
CVE-2026-1460
CVE-2026-1460 affects Zyxel DX3301-T0 and EX3301-T0 devices up to firmware 5.50(ABVY.7.1)C0. A post-authentication command-injection vulnerability exists in the DHCP configuration file’s DomainName parameter. An authenticated attacker with administrator privileges could execute OS commands on an ...
CVE-2026-1460
A post-authentication command injection vulnerability in the “DomainName” parameter of the DHCP configuration file in Zyxel DX3301-T0 and EX3301-T0 firmware versions through 5.50ABVY.7.1C0 could allow an authenticated attacker with administrator privileges to execute OS commands on an affected...
CVE-2026-1460
A post-authentication command injection vulnerability in the “DomainName” parameter of the DHCP configuration file in Zyxel DX3301-T0 and EX3301-T0 firmware versions through 5.50ABVY.7.1C0 could allow an authenticated attacker with administrator privileges to execute OS commands on an affected...
EUVD-2026-25970
A post-authentication command injection vulnerability in the “DomainName” parameter of the DHCP configuration file in Zyxel DX3301-T0 and EX3301-T0 firmware versions through 5.50ABVY.7.1C0 could allow an authenticated attacker with administrator privileges to execute OS commands on an affected...
Zyxel DX3301-T0和Zyxel EX3301-T0 操作系统命令注入漏洞
Both the Zyxel DX3301-T0 and Zyxel EX3301-T0 are products of the Chinese company Zyxel. The Zyxel DX3301-T0 is a small wireless WiFi router. The Zyxel EX3301-T0 is a secure routing gateway. Both the Zyxel DX3301-T0 and Zyxel EX3301-T0, including versions 5.50ABVY.7.1C0 and earlier, have an...
CVE-2019-25411
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the GATEWAYGREEN parameter. Attackers can send POST requests to the DHCP configuration endpoint with script payloads to execute arbitrary JavaScript...
CVE-2019-25411
CVE-2019-25411 affects Comodo Dome Firewall 2.7.0 with a reflected cross-site scripting vulnerability in the DHCP configuration endpoint. The vulnerability is triggered by manipulating the GATEWAY_GREEN parameter and submitting POST requests, allowing an attacker to inject and execute arbitrary J...
PT-2026-20814
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the GATEWAY GREEN parameter. Attackers can send POST requests to the DHCP configuration endpoint with script payloads to execute arbitrary JavaScrip...
CVE-2018-19978
A buffer overflow vulnerability in the DHCP and PPPOE configuration interface of the Auerswald COMfort 1200 IP phone 3.4.4.1-10589 allows a remote attacker authenticated as simple user in the same network as the device to trigger remote code execution via a POST request ManufacturerName parameter...
EUVD-2018-0884
Malware in sbrugna...
EUVD-1999-1388
Malware in sbrugna...
EUVD-2020-22905
Malware in sbrugna...
EUVD-2006-5801
Malware in sbrugna...
CVE-2025-6302
CVE-2025-6302 affects TOTOLINK EX1200T (4.1.2cu.5232_B20210713). The vulnerable element is setStaticDhcpConfig in /cgi-bin/cstecgi.cgi, where manipulating the Comment argument causes a stack-based buffer overflow. The impact is remote exploitation with a disclosed exploit; several sources corrobo...
CVE-2020-35226
NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allow unauthenticated users to modify the switch DHCP configuration by sending the corresponding write request command...