227 matches found
CVE-2025-70328
TOTOLINK X6000R v9.4.0cu.1498B20250826 contains an OS command injection vulnerability in the NTPSyncWithHost handler of the /usr/sbin/shttpd executable. The hosttime parameter is retrieved via sub40C404 and passed to a date -s shell command through CsteSystem. While the first two tokens of the...
TOTOLINK X6000R 安全漏洞
The TOTOLINK X6000R is a wireless router produced by TOTOLINK, a Chinese company. The TOTOLINK X6000R v9.4.0cu.1498B20250826 version contains a security vulnerability. This vulnerability stems from improper cleanup of the hosttime parameter in the NTPSyncWithHost handler, which may allow...
PT-2026-21552
Name of the Vulnerable Software and Affected Versions TOTOLINK X6000R version 9.4.0cu.1498 B20250826 Description The software contains an OS command injection issue in the NTPSyncWithHost handler of the /usr/sbin/shttpd executable. The host time parameter is processed by the sub 40C404 function a...
CVE-2025-70328
TOTOLINK X6000R v9.4.0cu.1498B20250826 contains an OS command injection vulnerability in the NTPSyncWithHost handler of the /usr/sbin/shttpd executable. The hosttime parameter is retrieved via sub40C404 and passed to a date -s shell command through CsteSystem. While the first two tokens of the...
CVE-2025-70328
Summary (CVE-2025-70328) TOTOLINK X6000R is affected by an OS command injection in the NTPSyncWithHost handler of /usr/sbin/shttpd balloted at v9.4.0cu.1498_B20250826. The vulnerability arises from how the host_time parameter is obtained via sub_40C404 and handed to a shell command (date -s) thro...
CVE-2022-37082
TOTOLINK A7000R V9.1.0u.6115B20201022 was discovered to contain a command injection vulnerability via the hosttime parameter at the function NTPSyncWithHost...
CVE-2025-15137
A vulnerability was detected in TRENDnet TEW-800MB 1.0.1.0. Affected by this vulnerability is the function subF934 of the file NTPSyncWithHost.cgi. The manipulation results in command injection. The attack may be launched remotely. The exploit is now public and may be used. The vendor was...
CVE-2025-15137 TRENDnet TEW-800MB NTPSyncWithHost.cgi sub_F934 command injection
A vulnerability was detected in TRENDnet TEW-800MB 1.0.1.0. Affected by this vulnerability is the function subF934 of the file NTPSyncWithHost.cgi. The manipulation results in command injection. The attack may be launched remotely. The exploit is now public and may be used. The vendor was...
CVE-2025-55901
TOTOLINK A3300R V17.0.0cu.596B20250515 is vulnerable to command injection in the function NTPSyncWithHost via the hosttime parameter...
CVE-2025-55901
TOTOLINK A3300R V17.0.0cu.596B20250515 is vulnerable to command injection in the function NTPSyncWithHost via the hosttime parameter...
CVE-2025-55901
TOTOLINK A3300R V17.0.0cu.596B20250515 is vulnerable to command injection in the function NTPSyncWithHost via the hosttime parameter...
TOTOLINK A3300R 安全漏洞
TOTOLINK A3300R is a wireless router from China Gion Electronics TOTOLINK. A security vulnerability exists in TOTOLINK A3300R V17.0.0cu.596B20250515, which originates from a command injection in the hosttime parameter of the NTPSyncWithHost function...
CVE-2025-55901
TOTOLINK A3300R V17.0.0cu.596B20250515 is vulnerable to command injection in the function NTPSyncWithHost via the hosttime parameter...
CVE-2025-55901
CVE-2025-55901 concerns TOTOLINK A3300R, firmware version V17.0.0cu.596_B20250515, where the NTPSyncWithHost function’s host_time parameter enables command injection. The Red Hat/NVD/CNNVD etc. sources confirm a vulnerability in this device, with the impact described as potential unauthorized com...
EUVD-2024-34695
Malicious code in bioql PyPI...
EUVD-2022-32933
Malicious code in bioql PyPI...
EUVD-2025-12218
Malicious code in bioql PyPI...
EUVD-2022-39188
Malicious code in bioql PyPI...
EUVD-2022-39735
Malicious code in bioql PyPI...
EUVD-2024-36212
Malicious code in bioql PyPI...