369 matches found
CVE-2026-38834
Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the dopingaction function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
EUVD-2026-24162
Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the dopingaction function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
CVE-2026-38834
Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the dopingaction function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
CVE-2026-38834
Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the dopingaction function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
CVE-2026-38834
Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the dopingaction function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
CVE-2026-38834
CVE-2026-38834 affects Tenda W30E V2.0 with firmware 16.01.0.21. A command injection vulnerability exists in the do_ping_action function via the hostName parameter, allowing execution of arbitrary commands with crafted requests. The vulnerability is tied to the specific function and parameter, wi...
CVE-2026-6559
A weakness has been identified in Wavlink WL-WN579A3 220323. This affects the function sub401F80 of the file /cgi-bin/login.cgi. This manipulation of the argument Hostname causes cross site scripting. Remote exploitation of the attack is possible. Upgrading the affected component is recommended...
WAVLINK WL-WN579A3 安全漏洞
WAVLINK WL-WN579A3 is a high-performance dual-band wireless network card developed by WAVLINK Corporation. The WAVLINK WL-WN579A3 220323 version contains a security vulnerability, which stems from the handling of the Hostname parameter in the /cgi-bin/login.cgi file. This vulnerability may lead t...
SUSE CVE-2026-28279
osctrl is an osquery management solution. Prior to version 0.5.0, an OS command injection vulnerability exists in the osctrl-admin environment configuration. An authenticated administrator can inject arbitrary shell commands via the hostname parameter when creating or editing environments. These...
EUVD-2026-14603
A flaw has been found in TOTOLINK X6000R 9.4.0cu.1360B20241207/9.4.0cu.1498B20250826. Affected by this issue is the function setLanCfg of the file /usr/sbin/shttpd. Executing a manipulation of the argument Hostname can lead to os command injection. The attack may be launched remotely...
PT-2026-27220
A flaw has been found in TOTOLINK X6000R 9.4.0cu.1360 B20241207/9.4.0cu.1498 B20250826. Affected by this issue is the function setLanCfg of the file /usr/sbin/shttpd. Executing a manipulation of the argument Hostname can lead to os command injection. The attack may be launched remotely...
CVE-2026-3716 Wavlink WL-WN579X3-C adm.cgi sub_401AD4 cross site scripting
A vulnerability was determined in Wavlink WL-WN579X3-C 231124. This vulnerability affects the function sub401AD4 of the file /cgi-bin/adm.cgi. Executing a manipulation of the argument Hostname can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been...
PT-2026-23924
A vulnerability was determined in Wavlink WL-WN579X3-C 231124. This vulnerability affects the function sub 401AD4 of the file /cgi-bin/adm.cgi. Executing a manipulation of the argument Hostname can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been...
GHSA-RCHW-322G-F7RM osctrl is Vulnerable to OS Command Injection via Environment Configuration
Summary An OS command injection vulnerability exists in the osctrl-admin environment configuration. An authenticated administrator can inject arbitrary shell commands via the hostname parameter when creating or editing environments. These commands are embedded into enrollment one-liner scripts...
osctrl is Vulnerable to OS Command Injection via Environment Configuration
Summary An OS command injection vulnerability exists in the osctrl-admin environment configuration. An authenticated administrator can inject arbitrary shell commands via the hostname parameter when creating or editing environments. These commands are embedded into enrollment one-liner scripts...
CVE-2026-28279
osctrl is an osquery management solution. Prior to version 0.5.0, an OS command injection vulnerability exists in the osctrl-admin environment configuration. An authenticated administrator can inject arbitrary shell commands via the hostname parameter when creating or editing environments. These...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection in the osctrl-admin environment configuration. An attacker can execute arbitrary shell commands on every endpoint that enrolls using a compromised environment by injecting commands into the hostname parameter, which ar...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection in the osctrl-admin environment configuration. An attacker can execute arbitrary shell commands on every endpoint that enrolls using a compromised environment by injecting commands into the hostname parameter, which ar...
CVE-2026-28279
osctrl is an osquery management solution. Prior to version 0.5.0, an OS command injection vulnerability exists in the osctrl-admin environment configuration. An authenticated administrator can inject arbitrary shell commands via the hostname parameter when creating or editing environments. These...
CVE-2026-28279 `osctrl-admin` Vulnerable to OS Command Injection via Environment Configuration
osctrl is an osquery management solution. Prior to version 0.5.0, an OS command injection vulnerability exists in the osctrl-admin environment configuration. An authenticated administrator can inject arbitrary shell commands via the hostname parameter when creating or editing environments. These...