CVE-2016-20017

D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as exploited in the wild in 2016 through 2022...

CVE-2016-20017

D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as exploited in the wild in 2016 through 2022. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

D-Link DSL-2750B 命令注入漏洞

The D-Link DSL-2750B is a wireless router from China-based AUO D-Link. A security vulnerability exists in the D-Link DSL-2750B prior to version 1.05. An attacker can exploit this vulnerability to perform remote unauthenticated command injection via the login.cgi-cli parameter...

CVE-2022-35526

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 login.cgi has no filtering on parameter key, which leads to command injection in page /login.shtml...

Command injection

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 login.cgi has no filtering on parameter key, which leads to command injection in page /login.shtml...

多款WAVLINK产品安全漏洞

WAVLINK AC1200 and others are products of China RuiYin Technology WAVLINK.WAVLINK AC1200 is a dual-band high power wireless router.WAVLINK WL-WN531P3 is a wireless router.WAVLINK WN533A8 is a wireless router. A security vulnerability exists in WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3...

CVE-2022-35526

CVE-2022-35526 affects WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, and WN531P3. The login.cgi script does not filter the key parameter, enabling command injection on the /login.shtml page. Root cause: lack of input validation on a parameter used by login.cgi. Impact (per sources): high-severity ...

CVE-2022-35526

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 login.cgi has no filtering on parameter key, which leads to command injection in page /login.shtml...

PT-2022-22889 · Wavlink · Wavlink Wn533A8 +4

Name of the Vulnerable Software and Affected Versions: WAVLINK WN572HP3 WAVLINK WN533A8 WAVLINK WN530H4 WAVLINK WN535G3 WAVLINK WN531P3 Description: The issue is related to the login.cgi, which has no filtering on the key parameter, leading to command injection in the /login.shtml page...

CVE-2022-36266

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a stored XSS vulnerability. As the binary file /home/www/cgi-bin/login.cgi does not check if the user is authenticated, a malicious actor can craft a specific request on the login.cgi endpoint that contains a base32 encoded XSS...

Cross site scripting

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a stored XSS vulnerability. As the binary file /home/www/cgi-bin/login.cgi does not check if the user is authenticated, a malicious actor can craft a specific request on the login.cgi endpoint that contains a base32 encoded XSS...

PT-2022-23284 · Airspan · Airspan Airspot 5410

Name of the Vulnerable Software and Affected Versions: Airspan AirSpot 5410 versions 0.3.4.1-4 and under Description: The issue concerns a stored XSS vulnerability. It occurs because the binary file /home/www/cgi-bin/login.cgi does not check if the user is authenticated, allowing a malicious acto...

WAVLINK WN535 G3 Cross-Site Scripting Vulnerability

WAVLINK WN535 G3 is a wireless router from WAVLINK China. WAVLINK WN535 G3 suffers from a cross-site scripting vulnerability, which stems from a lack of filtering and escaping of the hostname parameter in /cgi-bin/login.cgi, and can be exploited by attackers to conduct cross-site scripting attack...

CVE-2022-30489

WAVLINK WN535 G3 was discovered to contain a cross-site scripting XSS vulnerability via the hostname parameter at /cgi-bin/login.cgi...

ProLink PRC2402M Information Disclosure Vulnerability (CVE-2021-36708)

ProLink PRC2402M is a router from ProLink Singapore. An information disclosure vulnerability exists in the setsysinit function in the login.cgi binary file of ProLink PRC2402M 1.0.18 and prior versions. An attacker can exploit this vulnerability to reset the password in the administrator interfac...

CVE-2021-36708

In ProLink PRC2402M V1.0.18 and older, the setsysinit function in the login.cgi binary allows an attacker to reset the password to the administrative interface of the router...

CVE-2021-36708

In ProLink PRC2402M V1.0.18 and older, the setsysinit function in the login.cgi binary allows an attacker to reset the password to the administrative interface of the router...

CVE-2021-36708

ProLink PRC2402M routers (firmware v1.0.18 and earlier) are affected by CVE-2021-36708 due to a flaw in the set_sys_init function of login.cgi. This allows an attacker to reset the admin password on the router’s administrative interface. The connected documents confirm the vulnerable component an...

VulnCheck KEV: CVE-2022-35526

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 login.cgi has no filtering on parameter key, which leads to command injection in page /login.shtml...

CVE-2020-7848

The EFM ipTIME C200 IP Camera is affected by a Command Injection vulnerability in /login.cgi?logout=1 script. To exploit this vulnerability, an attacker can send a GET request that executes arbitrary OS commands via cookie value...