CVE-2026-7138

A vulnerability was detected in Totolink A8000RU 7.1cu.643b20200521. This vulnerability affects the function setNtpCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument tz results in os command injection. The attack can be executed remotely. The explo...

CVE-2026-7138 Totolink A8000RU CGI cstecgi.cgi setNtpCfg os command injection

A vulnerability was detected in Totolink A8000RU 7.1cu.643b20200521. This vulnerability affects the function setNtpCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument tz results in os command injection. The attack can be executed remotely. The explo...

CVE-2026-5689

A vulnerability was detected in Totolink A7100RU 7.4cu.2313b20191024. The affected element is the function setNtpCfg of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument tz results in os command injection. Remote exploitation of the attack is possible. The exploit is now...

CVE-2026-5689

Totolink A7100RU (firmware 7.4cu.2313_b20191024) is affected by an OS command injection in the setNtpCfg function of /cgi-bin/cstecgi.cgi. Manipulating the tz argument can enable remote exploitation, and public exploits are available. Affected impact and realistic remediation details are not prov...

CVE-2026-2854

A flaw has been found in D-Link DWR-M960 1.01.07. This impacts the function sub4611CC of the file /boafrm/formNtp of the component NTP Configuration Endpoint. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. The attack can be launched remotely. The...

CVE-2026-2854

A flaw has been found in D-Link DWR-M960 1.01.07. This impacts the function sub4611CC of the file /boafrm/formNtp of the component NTP Configuration Endpoint. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. The attack can be launched remotely. The...

CVE-2026-2854 D-Link DWR-M960 NTP Configuration Endpoint formNtp sub_4611CC stack-based overflow

A flaw has been found in D-Link DWR-M960 1.01.07. This impacts the function sub4611CC of the file /boafrm/formNtp of the component NTP Configuration Endpoint. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. The attack can be launched remotely. The...

CVE-2026-2854

DVE-2026-2854 affects D-Link DWR-M960 firmware 1.01.07. The flaw is in the NTP Configuration Endpoint, specifically the sub_4611CC function in /boafrm/formNtp, where manipulating the submit-url argument can trigger a stack-based buffer overflow. Remote exploitation is possible, with exploit resea...

CVE-2026-2854

A flaw has been found in D-Link DWR-M960 1.01.07. This impacts the function sub4611CC of the file /boafrm/formNtp of the component NTP Configuration Endpoint. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. The attack can be launched remotely. The...

CVE-2026-2854 D-Link DWR-M960 NTP Configuration Endpoint formNtp sub_4611CC stack-based overflow

A flaw has been found in D-Link DWR-M960 1.01.07. This impacts the function sub4611CC of the file /boafrm/formNtp of the component NTP Configuration Endpoint. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. The attack can be launched remotely. The...

PT-2026-21288

A flaw has been found in D-Link DWR-M960 1.01.07. This impacts the function sub 4611CC of the file /boafrm/formNtp of the component NTP Configuration Endpoint. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. The attack can be launched remotely. The...

CVE-2025-64091

This vulnerability allows authenticated attackers to execute commands via the NTP-configuration of the device...

CVE-2025-64091

The connected sources identify CVE-2025-64091 as affecting Zenitel ICX500 and ICX510 platforms. The vulnerability enables an authenticated attacker to execute commands via the device’s NTP configuration, described as a command-injection issue in the NTP configuration path. Reported by multiple fe...

CVE-2025-64091 Authenticated Remote Code Execution in the NTP-configuration

This vulnerability allows authenticated attackers to execute commands via the NTP-configuration of the device...

CVE-2024-39351

A vulnerability regarding improper neutralization of special elements used in an OS command 'OS Command Injection' is found in the NTP configuration. This allows remote authenticated users with administrator privileges to execute arbitrary commands via unspecified vectors. The following models wi...

PT-2026-1842

Name of the Vulnerable Software and Affected Versions Network Device Firmware affected versions not specified Description This issue enables authenticated attackers to execute commands through the NTP-configuration of the device. The vulnerability involves a command injection within the NTP...

EUVD-2024-37914

Malicious code in bioql PyPI...

CVE-2025-34129

CVE-2025-34129 affects LILIN Digital Video Recorder (DVR) devices prior to firmware 2.0b60_20200207. The root cause is insufficient sanitization of the FTP and NTP Server fields in the service configuration, allowing an attacker with access to the configuration interface to upload a malicious XML...

CVE-2024-39351

A vulnerability regarding improper neutralization of special elements used in an OS command 'OS Command Injection' is found in the NTP configuration. This allows remote authenticated users with administrator privileges to execute arbitrary commands via unspecified vectors. The following models wi...

CVE-2024-39351

CVE-2024-39351 affects Synology Camera Firmware BC500 and TC500 prior to 1.0.7-0298. It is an OS Command Injection in the NTP configuration, caused by improper neutralization of special elements used in OS commands. The impact: remote authenticated users with administrator privileges can execute ...