D-Link DIR-816 注入漏洞

The D-Link DIR-816 is a wireless router produced by D-Link Corporation. The D-Link DIR-816 1.10CNB05R1B011D88210 version has a vulnerability related to command injection, which stems from operations on the ipaddress parameter...

CVE-2026-28773

The web-based Ping diagnostic utility /IDCPing/main.cgi in International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web Management Interface version 101 is vulnerable to OS Command Injection. The application insecurely parses the IPaddr parameter. An authenticated attacke...

CVE-2026-28773 Authenticated OS Command Injection via Ping Utility Leading to RCE as Root

The web-based Ping diagnostic utility /IDCPing/main.cgi in International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web Management Interface version 101 is vulnerable to OS Command Injection. The application insecurely parses the IPaddr parameter. An authenticated attacke...

CVE-2026-28773

The web-based Ping diagnostic utility /IDCPing/main.cgi in International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web Management Interface version 101 is vulnerable to OS Command Injection. The application insecurely parses the IPaddr parameter. An authenticated attacke...

CVE-2026-28773 Authenticated OS Command Injection via Ping Utility Leading to RCE as Root

The web-based Ping diagnostic utility /IDCPing/main.cgi in International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web Management Interface version 101 is vulnerable to OS Command Injection. The application insecurely parses the IPaddr parameter. An authenticated attacke...

CVE-2026-28773

The CVE-2026-28773 entry concerns the IDC SFX Series SuperFlex SatelliteReceiver Web Management Interface (version 101). Affected component: the web-based Ping diagnostic utility at /IDC_Ping/main.cgi. Root cause: insecure parsing of the IPaddr parameter enables OS command injection by bypassing ...

TOTOLINK X5000R 安全漏洞

The TOTOLINK X5000R is a router produced by TOTOLINK, a Chinese electronics company. The TOTOLINK X5000R v9.1.0cu2415B20250515 version contains a security vulnerability. This vulnerability stems from insufficient validation of IP parameters in the setDiagnosisCfg processing program. It may allow...

CVE-2021-35402

CVE-2021-35402 affects PROLiNK PRC2402M firmware prior to 2021-06-13. The issue is an OS command injection in live_api.cgi when handling page=satellite_list (satellite_status) via the ip parameter, caused by shell metacharacters in user input. Impact is arbitrary command execution on vulnerable d...

CVE-2021-35402

PROLiNK PRC2402M 20190909 before 2021-06-13 allows liveapi.cgi?page=satellitelist OS command injection via shell metacharacters in the ip parameter for satellitestatus...

CVE-2025-15048

CVE-2025-15048 affects Tenda WH450 (v1.0.0.18). The vulnerability is in the HTTP Request Handler’s /goform/CheckTools, where tampering with the ipaddress argument enables remote command injection. Exploitation has been publicly disclosed and PoC/materials exist in multiple references; impact is d...

Tenda WH450 命令注入漏洞

Tenda WH450 is a wireless access point from Tenda, China. A command injection vulnerability exists in Tenda WH450 version 1.0.0.18, which originates from a misuse of the parameter ipaddress in the file/goform/CheckTools of the component HTTP Request Handler, which could lead to command injection...

CVE-2025-60688

A stack buffer overflow vulnerability exists in the ToToLink LR1200GB V9.1.0u.6619B20230130 and NR1800X V9.1.0u.6681B20230703 Router firmware within the cstecgi.cgi binary setDefResponse function. The binary reads the "IpAddress" parameter from a web request and copies it into a fixed-size stack...

CVE-2025-60676

An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetNetworkSettings' functionality of prog.cgi, where the 'IPAddress' and 'SubnetMask' parameters are directly concatenated into shell commands executed...

CVE-2025-57457

An OS Command Injection vulnerability in the Admin panel in Curo UC300 5.42.1.7.1.63R1 allows local attackers to inject arbitrary OS Commands via the "IP Addr" parameter...

Curo UC300 安全漏洞

Curo UC300 is a video phone device from Curo UK. A security vulnerability exists in Curo UC300 version 5.42.1.7.1.63R1, which stems from an unvalidated IP Addr parameter that could lead to an OS command injection attack...

PT-2025-41301

Name of the Vulnerable Software and Affected Versions Curo UC300 version 5.42.1.7.1.63R1 Description A flaw exists within the Admin panel that permits local attackers to inject arbitrary OS Commands. The injection occurs through the IP Addr parameter. Recommendations At the moment, there is no...

CVE-2025-54405

Multiple OS command injection vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command...

CVE-2025-54399

Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to stack-based buffer overflow. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This...

EUVD-2025-32864

Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to stack-based buffer overflow. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This...

PT-2025-41006

Name of the Vulnerable Software and Affected Versions Planet WGR-500 version 1.3411b190912 Description The Planet WGR-500 device contains OS command injection flaws within the formPingCmd functionality. Specifically crafted HTTP requests can result in arbitrary command execution. The issue is...