CVE-2026-9456

CVE-2026-9456 affects Totolink A8000RU Web Management Interface, specifically the function setOpenVpnCfg in the file /cgi-bin/cstecgi.cgi . The vulnerability is an os command injection and can be exploited remotely through that function. The entry lists the impacted product/version as Totolink A8...

CVE-2026-9456

A vulnerability was found in Totolink A8000RU 7.1cu.643b20200521. Impacted is the function setOpenVpnCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument enabled results in os command injection. The attack can be executed remotely. The...

CVE-2026-30816

An external control of configuration vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary file when a malicious configuration file is processed. Successful exploitation may allow unauthorized access to arbitrary files on the device,...

CVE-2024-1490

CVE-2024-1490 affects WAGO PLCs via the web-based management interface (WBM) OpenVPN configuration. An authenticated remote attacker with high privileges can exploit the WBM to cause OpenVPN to execute arbitrary shell commands if user-defined scripts are allowed, enabling remote command execution...

CVE-2026-30816

An external control of configuration vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary file when a malicious configuration file is processed. Successful exploitation may allow unauthorized access to arbitrary files on the device,...

EUVD-2021-20218

Malware in sbrugna...

EUVD-2017-8960

Malware in sbrugna...

EUVD-2022-29909

Malicious code in bioql PyPI...

EUVD-2022-47775

Malicious code in bioql PyPI...

CVE-2022-44844

TOTOlink A7100RU V7.4cu.2313B20191024 was discovered to contain a command injection vulnerability via the pass parameter in the setting/setOpenVpnCfg function...

CVE-2021-20145

Gryphon Tower routers contain an unprotected openvpn configuration file which can grant attackers access to the Gryphon homebound VPN network which exposes the LAN interfaces of other users' devices connected to the same service. An attacker could leverage this to make configuration changes to, o...

CVE-2017-17809

In Golden Frog VyprVPN before 2.15.0.5828 for macOS, the vyprvpnservice launch daemon has an unprotected XPC service that allows attackers to update the underlying OpenVPN configuration and the arguments passed to the OpenVPN binary when executed. An attacker can abuse this vulnerability by forci...

CVE-2025-3908

The configuration initialization tool in OpenVPN 3 Linux v20 through v24 on Linux allows a local attacker to use symlinks pointing at an arbitrary directory which will change the ownership and permissions of that destination directory...

Cosy+ firmware 21.2s7 - Command Injection

Exploit Title: Cosy+ firmware 21.2s7 - Command Injection Google Dork: N/A Date: 2024-8-20 Exploit Author: CodeB0ss Contact: t.me/codeb0ss / [email protected] Version: 21.2s7 Tested on: Windows 11 Home Edition CVE: CVE-2024-33896 import socket import subprocess import time def...

CVE-2024-39800

Multiple external config control vulnerabilities exists in the openvpn.cgi openvpnserversetup functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these...

PT-2024-8829 · Openvpn +1 · Openvpn +1

Name of the Vulnerable Software and Affected Versions: D-Link DWR 2000M versions prior to the fixed version DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 version DWR-2000M 1.34ME Description: The issue exists due to the lack of protection for the web page structure in the VPN configuration module's...

ASUS多款产品安全漏洞

ASUS RT-AX3000 and others are products of Asus China.ASUS RT-AX3000 is a router.ASUS RT-AX88U is a wireless router.ASUS RT-AC68U is a router. A security vulnerability exists in multiple ASUS products that stems from a susceptibility to a code execution vulnerability that could allow a remote...

Milesight MilesightVPN requestHandlers.js detail_device cross-site scripting (XSS) vulnerabilities

Talos Vulnerability Report TALOS-2023-1704 Milesight MilesightVPN requestHandlers.js detaildevice cross-site scripting XSS vulnerabilities July 6, 2023 CVE Number CVE-2023-24497,CVE-2023-24496 SUMMARY Cross-site scripting xss vulnerabilities exist in the requestHandlers.js detaildevice...

PT-2022-27322 · Totolink · Totolink A7100Ru

Name of the Vulnerable Software and Affected Versions: TOTOlink A7100RU version 7.4cu.2313 B20191024 Description: A command injection issue was found via the port parameter in the setting/setOpenVpnClientCfg function. This allows for potential command injection attacks. Recommendations: For...

TOTOLINK A7100RU 操作系统命令注入漏洞

The TOTOLINK A7100RU is a wireless router from China's Gion Electronics TOTOLINK. An operating system command injection vulnerability exists in the TOTOLINK A7100RU V7.4cu.2313B20191024 version, which stems from the discovery that the pass parameter of the ssetting/setOpenVpnCfg function contains...