11 matches found
PYSEC-2026-308 CraftBeerPi 4 allows arbitrary code execution
URL GET parameter "logtime" utilized within the "downloadlog" function from "cbpi/httpendpoints/httpsystem.py" is subsequently passed to the "os.system" function in "cbpi/controller/systemcontroller.py" without prior validation allowing arbitrary code execution. This issue affects CraftBeerPi 4:...
The vulnerability of the /cgi-bin/DownloadLog file in the Web Management Interface component of the Tenda AC21 microprogramming router allows a hacker to gain unauthorized access to protected information.
The vulnerability of the /cgi-bin/DownloadLog file of the Web Management Interface component of the Tenda AC21 microprogramming system for routers is related to errors in information processing. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access t...
CVE-2026-2147
A weakness has been identified in Tenda AC21 16.03.08.16. This impacts an unknown function of the file /cgi-bin/DownloadLog of the component Web Management Interface. Executing a manipulation can lead to information disclosure. The attack may be performed from remote. The exploit has been made...
CVE-2026-2147
A weakness has been identified in Tenda AC21 16.03.08.16. This impacts an unknown function of the file /cgi-bin/DownloadLog of the component Web Management Interface. Executing a manipulation can lead to information disclosure. The attack may be performed from remote. The exploit has been made...
EUVD-2026-5802
A weakness has been identified in Tenda AC21 16.03.08.16. This impacts an unknown function of the file /cgi-bin/DownloadLog of the component Web Management Interface. Executing a manipulation can lead to information disclosure. The attack may be performed from remote. The exploit has been made...
CVE-2026-2147
A weakness has been identified in Tenda AC21 16.03.08.16. This impacts an unknown function of the file /cgi-bin/DownloadLog of the component Web Management Interface. Executing a manipulation can lead to information disclosure. The attack may be performed from remote. The exploit has been made...
CVE-2026-2147 Tenda AC21 Web Management DownloadLog information disclosure
A weakness has been identified in Tenda AC21 16.03.08.16. This impacts an unknown function of the file /cgi-bin/DownloadLog of the component Web Management Interface. Executing a manipulation can lead to information disclosure. The attack may be performed from remote. The exploit has been made...
CVE-2026-2147
CVE-2026-2147 affects Tenda AC21 16.03.08.16. The weakness is in the Web Management Interface, specifically the file /cgi-bin/DownloadLog, where manipulation can lead to information disclosure. The issue is exploitable remotely and exploitation is publicly available. Affected component, root caus...
Tenda AC21 访问控制错误漏洞
Tenda AC21 is a wireless router produced by the Chinese company Tenda. The Tenda AC21 version 16.03.08.16 has a vulnerability related to access control. This vulnerability stems from incorrect handling of the /cgi-bin/DownloadLog file, which may lead to information leakage...
PT-2026-6974
Name of the Vulnerable Software and Affected Versions Tenda AC21 version 16.03.08.16 Description A weakness exists in the Tenda AC21 device. This issue affects an unknown function within the Web Management Interface component, specifically related to the file /cgi-bin/DownloadLog. A manipulation ...
PT-2024-28526
Name of the Vulnerable Software and Affected Versions CraftBeerPi 4 versions 4.0.0.58 through 4.4.1.a1 Description The issue arises from the URL GET parameter logtime being utilized within the "downloadlog" function from "cbpi/http endpoints/http system.py". This parameter is subsequently passed ...