CVE-2025-29165

Summary: CVE-2025-29165 affects the D-Link DIR-1253 MESH, version 1.6.1684. The issue allows an attacker to escalate privileges via the etc/shadow.sample component. The connected sources consistently reference this vendor/model and version, indicating a genuine privilege-escalation flaw rather th...

TOTOLINK X18 setEasyMeshAgentCfg Function Command Injection Vulnerability

TOTOLINK X18 is a Mesh WiFi 6 router system from TOTOLINK Taiwan, which supports WiFi 6 technology and optimizes home network coverage through the mesh function. TOTOLINK X18 suffers from a command injection vulnerability that stems from the failure of the agentName parameter in the...

CVE-2025-52377

Command injection vulnerability in Nexxt Solutions NCM-X1800 Mesh Router versions UV1.2.7 and below, allowing authenticated attackers to execute arbitrary commands on the device. The vulnerability is present in the web management interface's ping and traceroute functionality, specifically in the...

CVE-2025-52379

Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 and below contains an authenticated command injection vulnerability in the firmware update feature. The /web/umfileNameset.cgi and /web/umwebupgrade.cgi endpoints fail to properly sanitize the upgradeFileName parameter, allowing authenticated...

PT-2025-29564 · Nexxt Solutions · Nexxt Solutions Ncm-X1800 Mesh Router

Name of the Vulnerable Software and Affected Versions: Nexxt Solutions NCM-X1800 Mesh Router versions UV1.2.7 and below Description: A Cross-Site Scripting XSS issue exists in the Nexxt Solutions NCM-X1800 Mesh Router firmware. This allows attackers to inject JavaScript code that is executed with...

CVE-2025-52379

The vulnerability CVE-2025-52379 affects Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 and earlier. Affected component: firmware update feature; vulnerable endpoints are /web/um_fileName_set.cgi and /web/um_web_upgrade.cgi, where the upgradeFileName parameter is not properly sanitized, e...

CVE-2025-52378

Cross-Site Scripting XSS vulnerability in Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 and below allowing attackers to inject JavaScript code that is executed in the context of administrator sessions when viewing the device management page via the DEVICEALIAS parameter to the...

SoftBank Mesh Wi-Fi router RP562B 操作系统命令注入漏洞

The SoftBank Mesh Wi-Fi router RP562B is a router from SoftBank Japan. An operating system command injection vulnerability exists in SoftBank Mesh Wi-Fi router RP562B version 1.0.2 and prior versions, which stems from an issue with an improper neutralization of special elements used in operating...

PT-2024-11622 · Motorola · Q14 Mesh Router Firmware

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: An authentication bypass issue could allow an attacker to access API functions without authentication. Recommendations: At the moment, there is no information about a newer version that...

PT-2024-11623 · Motorola · Q14 Mesh Router Firmware +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: A command injection issue could allow an authenticated user to execute operating system commands as root via a specially crafted API request. Recommendations: At the moment, there i...

Ruijie Reyee Mesh Router - MITM Remote Code Execution (RCE)

Exploit Title: Ruijie Reyee Wireless Router firmware version B11P204 - MITM Remote Code Execution RCE Date: April 15, 2023 Exploit Author: Mochammad Riyan Firmansyah of SecLab Indonesia Vendor Homepage: https://ruijienetworks.com Software Link:...

TOTOLINK X18 命令注入漏洞

The TOTOLINK X18 is a mesh router system from China's Gion Electronics TOTOLINK. A security vulnerability exists in the TOTOLINK X18 version V9.1.0cu.2024B20220329, which stems from a command injection vulnerability via the pid parameter in the disconnectVPN function...

Aztech WMB250AC 安全漏洞

The Aztech WMB250AC is a wireless router from Aztech. A security vulnerability exists in Aztech WMB250AC Mesh Routers Firmware version 016 2020. An attacker can exploit the vulnerability to elevate privileges...

TCL LinkHub Mesh Wi-Fi 安全漏洞

TCL LinkHub Mesh Wi-Fi is a router from TCL Corporation. A security vulnerability exists in TCL LinkHub Mesh Wi-Fi version MS1G0001.0014, which stems from a buffer overflow vulnerability in the GetValue function, where a specially crafted configured value may cause a buffer overflow...

TCL LinkHub Mesh Wi-Fi 安全漏洞

TCL LinkHub Mesh Wi-Fi is a router from TCL. The TCL LinkHub Mesh Wi-Fi ucloudsetnodelocation feature is vulnerable to a stack buffer overflow vulnerability that can be exploited by attackers to cause a buffer overflow...

Ruijie Reyee Mesh Router - Remote Code Execution (Authenticated) Exploit

Exploit Title: Ruijie Reyee Mesh Router - Remote Code Execution RCE Authenticated Google Dork: None Exploit Author: Minh Khoa of VSEC Vendor Homepage: https://ruijienetworks.com Software Link: https://www.ruijienetworks.com/resources/products/1896-1900 Version: ReyeeOS 1.55.1915 - EW3.01B11P35 an...

Ruijie Reyee Mesh Router - Remote Code Execution (RCE) (Authenticated)

Exploit Title: Ruijie Reyee Mesh Router - Remote Code Execution RCE Authenticated Google Dork: None Date: November 1, 2021 Exploit Author: Minh Khoa of VSEC Vendor Homepage: https://ruijienetworks.com Software Link: https://www.ruijienetworks.com/resources/products/1896-1900 Version: ReyeeOS...

Ruijie Reyee Mesh Router Remote Code Execution

Exploit Title: Ruijie Reyee Mesh Router - Remote Code Execution RCE Authenticated Google Dork: None Date: November 1, 2021 Exploit Author: Minh Khoa of VSEC Vendor Homepage: https://ruijienetworks.com Software Link: https://www.ruijienetworks.com/resources/products/1896-1900 Version: ReyeeOS...

CVE-2021-45591

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6...

CVE-2021-45560

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6...