CVE-2023-41029

Command injection vulnerability in the homemng.htm endpoint in Juplink RX4-1500 Wifi router firmware versions V1.0.2, V1.0.3, V1.0.4, and V1.0.5 allows authenticated remote attackers to execute commands as root via specially crafted HTTP requests to the vulnerable endpoint...

CVE-2022-28372

On Verizon 5G Home LVSKIHP InDoorUnit IDU 3.4.66.162 and OutDoorUnit ODU 3.33.101.0 devices, the CRTC and ODU RPC endpoints provide a means of provisioning a firmware update for the device via crtcfwupgrade or crtcfwimage. The URL provided is not validated, and thus allows for arbitrary file uplo...

PT-2022-19307 · Totolink · Totolink N600R

Name of the Vulnerable Software and Affected Versions: TOTOLink N600R version V5.3c.7159 B20190425 Description: A command injection issue was discovered via the filename parameter in the "/setting/setUpgradeFW" API endpoint. This allows for potential exploitation. Recommendations: For TOTOLink...

PT-2020-10482 · D Link · D-Link Dwl-2600Ap

Name of the Vulnerable Software and Affected Versions: D-Link DWL-2600AP version 4.2.0.15 Rev A Description: The issue is an authenticated OS command injection vulnerability via the Upgrade Firmware functionality in the Web interface. This can be exploited by using shell metacharacters in the...

PT-2020-10063 · Intelbras · Intelbras Win 240

Name of the Vulnerable Software and Affected Versions: Intelbras WRN240 devices affected versions not specified Description: The issue allows replacement of the firmware without requiring authentication, via a POST request to the "incoming/Firmware.cfg" API endpoint. Recommendations: For Intelbra...