CVE-2026-38834

Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the dopingaction function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

PT-2026-34016

🚨CVE CVE-2026-38834 Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the do ping action function via the hostName parameter. This vulnerability allow… https://t.co/tKrNtNWoPC ----- Traducción: Se encontró que CV… https://t.co/utmtNgl3sv...

CVE-2026-34005

In Sofia on Xiongmai DVR/NVR AHB7008T-MH-V2 and NBD7024H-P 4.03.R11 devices, root OS command injection can occur via shell metacharacters in the HostName value via an authenticated DVRIP protocol TCP port 34567 request to the NetWork.NetCommon configuration handler, because system is used...

CVE-2026-34005

The CVE-2026-34005 entry affects Xiongmai/DVR–NVR devices (AHB7008T-MH-V2, NBD7024H-P) with firmware 4.03.R11. It enables root OS command injection via shell metacharacters in the HostName field of an authenticated DVRIP request (TCP 34567) to NetWork.NetCommon, because the system() function is i...

Smoothwall Express 跨站脚本漏洞

Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . Smoothwall Express cross-site scripting vulnerability , the vulnerability stems from the hosts.cgi script in the IP, HOSTNAME or COMMENT parameter on the user-supplied data lack of effective filtering and...

PT-2026-8377

Smoothwall Express 3.1-SP4-polar-x86 64-update9 contains multiple stored cross-site scripting vulnerabilities in the preferences.cgi script that allow attackers to inject malicious scripts through the HOSTNAME, KEYMAP, and OPENNESS parameters. Attackers can submit POST requests with script payloa...

VulnCheck KEV: CVE-2025-7407

A vulnerability, which was classified as critical, was found in Netgear D6400 1.0.0.114. This affects an unknown part of the file diag.cgi. The manipulation of the argument hostname leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to th...

EUVD-2025-36514

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the TLSHOSTNAME, UPSTREAMUSER, UPSTREAMPASSWORD, ADMINMAILADDRESS, and ADMINPASSWORD parameters when adding a new...

NETGEAR D6400 安全漏洞

The Netgear D6400 is a wireless modem from NETGEAR. A remote command execution vulnerability exists in the Netgear D6400, which can be exploited by an attacker to execute arbitrary commands on the system...

CVE-2024-25254

SuperScan v4.1 was discovered to contain a buffer overflow via the Hostname/IP parameter...

PT-2024-9032 · D Link · D-Link Dir-823G

Name of the Vulnerable Software and Affected Versions: D-Link DIR 823G version 1.0.2B05 Description: The issue is related to a command injection vulnerability via the HostName parameter in the SetWanSettings function. This allows attackers to execute arbitrary OS commands via a crafted request. T...

CVE-2024-7214

A vulnerability has been found in TOTOLINK LR350 9.3.5u.6369B20220309 and classified as critical. Affected by this vulnerability is the function setWanCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to command injection. The attack can be launched remotely. T...

TOTOLINK A3700R Command Injection Vulnerability

TOTOLINK A3700R is a wireless router, launched by TOTOLINK China Gion Electronics, a Taiwan-based networking equipment manufacturer. The TOTOLINK A3700R suffers from a command injection vulnerability located in the /cgi-bin/cstecgi.cgi file, which stems from improper handling of the hostName...

TOTOLINK A3700R 命令注入漏洞

TOTOLINK A3700R is a wireless router, launched by TOTOLINK China Gion Electronics, a Taiwan-based networking equipment manufacturer. The TOTOLINK A3700R suffers from a command injection vulnerability located in the /cgi-bin/cstecgi.cgi file, which stems from improper handling of the hostName...

TOTOLINK LR1200GB setWanCfg Function OS Command Injection Vulnerability

The TOTOLINK LR1200GB is a wireless dual-band 4GLTE router from China's Gion Electronics TOTOLINK that supports 2.4GHz and 5GHz dual-band networks, and is primarily used to provide mobile broadband connectivity and Wi-Fi coverage. The TOTOLINK LR1200GB suffers from an operating system command...

PT-2024-19623 · Totolink · Totolink A3300R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3300R version 17.0.0cu.557 B20221024 Description: A command injection issue was discovered via the hostName parameter in the setWanCfg function. This allows for potential exploitation. Recommendations: For TOTOLINK A3300R version...

TOTOLINK LR1200GB 操作系统命令注入漏洞

The TOTOLINK LR1200GB is a wireless dual-band 4GLTE router from China's Gion Electronics TOTOLINK that supports 2.4GHz and 5GHz dual-band networks, and is primarily used to provide mobile broadband connectivity and Wi-Fi coverage. The TOTOLINK LR1200GB suffers from an operating system command...

CVE-2023-46370

Tenda W18E V16.01.0.81576 has a command injection vulnerability via the hostName parameter in the formSetNetCheckTools function...

CVE-2023-45463

Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the hostName parameter in the FUN0040dabc function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2022-28491

TOTOLink outdoor CPE CP900 V6.3c.566B20171026 contains a command injection vulnerability in the NTPSyncWithHost function via the hostname parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...