EUVD-2026-4962

A weakness has been identified in Totolink A7000R 4.1cu.4154. Impacted is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument FileName causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and...

CVE-2025-67089

A command injection vulnerability exists in the GL-iNet GL-AXT1800 router firmware v4.6.8. The vulnerability is present in the plugins.installpackage RPC method, which fails to properly sanitize user input in package names. Authenticated attackers can exploit this to execute arbitrary commands wi...

PT-2025-47592

Cross Site Scripting vulnerability in Ilevia EVE X1 Server Firmware Version= 4.7.18.0.eden:Logic Version=6.00 - 2025 07 21 allows a remote attacker to execute arbitrary code via the /index.php component...

CVE-2025-60336

A NULL pointer dereference in the sub41773C function of TOTOLINK N600R v4.3.0cu.7866B20220506 allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

CVE-2025-34517

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an absolute path traversal vulnerability in getfilecontent.php that allows an attacker to read arbitrary files. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet...

CVE-2025-60959

OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server GPS F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information...

CVE-2025-60960

OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server GPS F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, and gain sensitive information...

EUVD-2025-32554

OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server GPS F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, gain sensitive information, and possibly other unspecified impacts...

EUVD-2025-32572

Directory Traversal vulnerability in EndRun Technologies Sonoma D12 Network Time Server GPS F/W 6010-0076-000 Ver 4.00 allows attackers to gain sensitive information...

CVE-2025-60963

OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server GPS F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, and gain sensitive information...

CVE-2025-60967

Cross Site Scripting XSS vulnerability in EndRun Technologies Sonoma D12 Network Time Server GPS F/W 6010-0076-000 Ver 4.00 allows attackers to gain sensitive information...

CVE-2025-60962

OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server GPS F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information, and possibly other unspecified impacts...

CVE-2025-60961

Cross Site Scripting XSS vulnerability in EndRun Technologies Sonoma D12 Network Time Server GPS F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information, and possibly other unspecified impacts...

CVE-2025-60959

OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server GPS F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information...

CVE-2025-60961

Cross Site Scripting XSS vulnerability in EndRun Technologies Sonoma D12 Network Time Server GPS F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information, and possibly other unspecified impacts...

PT-2025-40929

Name of the Vulnerable Software and Affected Versions EndRun Technologies Sonoma D12 Network Time Server GPS version 4.00 Description An issue exists in EndRun Technologies Sonoma D12 Network Time Server GPS that allows attackers to execute arbitrary code, cause a denial of service, gain escalate...

CVE-2025-60961

EndRun Technologies Sonoma D12 Network Time Server (GPS) firmware 4.00 (6010-0071-000) is affected by a Cross-Site Scripting (XSS) vulnerability. Attackers could exfiltrate sensitive information; other impacts are unspecified. The issue is documented across multiple sources (NVD, Red Hat, EU ENIS...

CVE-2025-60958

Cross Site Scripting XSS vulnerability in EndRun Technologies Sonoma D12 Network Time Server GPS F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information...

CVE-2025-55590

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain an command injection vulnerability via the component bupload.html...

TOTOLINK T10 安全漏洞

The TOTOLINK T10 is a wireless router manufactured by TOTOLINK. A buffer overflow vulnerability exists in TOTOLINK T10 version 4.1.8cu.5207. The vulnerability affects the setUpgradeFW function in the /cgi-bin/cstecgi.cgi file in the POST request processing component. A remote attacker could use...