38 matches found
EUVD-2026-36751
Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function actionunlocksim via the pin parameter...
CVE-2026-38060
Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function actionunlocksim via the pin parameter...
CVE-2026-38060
Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function actionunlocksim via the pin parameter...
PT-2026-49291
Name of the Vulnerable Software and Affected Versions Tenda 5G03 version V05.03.02.04 Version 1.0 Description Command injection is possible in the action unlock sim function through the pin parameter. Recommendations At the moment, there is no information about a newer version that contains a fix...
CVE-2026-38060
The CVE-2026-38060 entry concerns Tenda 5G03 V05.03.02.04 (Version 1.0) with a vulnerability in the function action_unlock_sim, exploitable via the pin parameter to enable command injection. The mapped CVSS 3.1 base score is 9.8 (CRITICAL) with Network attack vector, no privileges required, no us...
EUVD-2026-27117
WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the wireless.cgi binary that allow unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the sz11gChannel or PIN POST parameters. Attackers can...
PT-2026-36910
Name of the Vulnerable Software and Affected Versions WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 Description An OS command injection issue exists in the 'wireless.cgi' binary. Unauthenticated remote attackers can execute arbitrary shell commands by injecting malicious input into the...
PT-2026-35165
A vulnerability was identified in Linksys MR9600 2.0.6.206937. This affects the function BTRequestGetSmartConnectStatus of the file /etc/init.d/run central2.sh of the component JNAP Action Handler. The manipulation of the argument pin leads to os command injection. The attack may be initiated...
EUVD-2025-23538
Malicious code in bioql PyPI...
TOTOLINK N600R Command Injection Vulnerability
TOTOLINK N600R is a dual-band wireless router launched by Korean brand TOTOLINK in 2013, which supports 2.4GHz and 5GHz bands to work concurrently, with a maximum wireless transmission rate of up to 300Mbps. The TOTOLINK N600R suffers from a command injection vulnerability that stems from the pin...
CVE-2025-51390
TOTOLINK N600R V4.3.0cu.7647B20210106 was discovered to contain a command injection vulnerability via the pin parameter in the setWiFiWpsConfig function...
TOTOLINK N600R 安全漏洞
TOTOLINK N600R is a dual-band wireless router launched by Korean brand TOTOLINK in 2013, which supports 2.4GHz and 5GHz bands to work concurrently, with a maximum wireless transmission rate of up to 300Mbps. The TOTOLINK N600R suffers from a command injection vulnerability that stems from the pin...
PT-2025-31840 · Totolink · Totolink N600R
Name of the Vulnerable Software and Affected Versions: TOTOLINK N600R version 4.3.0cu.7647 B20210106 Description: The TOTOLINK N600R router firmware contains a command injection vulnerability. This issue is located in the setWiFiWpsConfig function and is triggered through the pin parameter...
Belkin F9K1122 安全漏洞
The Belkin F9K1122 is a WiFi signal extender from Belkin Canada. The Belkin F9K1122 suffers from a stack buffer overflow vulnerability that originates from the incorrect operation of the parameter wpsenroleepin/webpage in the file /goform/formWlanSetupWPS, no details of the vulnerability are...
TOTOLINK CA300-PoE 命令注入漏洞
TOTOLINK CA300-PoE is a wireless access point from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK CA300-PoE wps.so file, which originates from the parameter PIN of the file wps.so failing to correctly filter constructed command special characters,...
Linksys多款产品 注入漏洞
Linksys RE6300 and others are products of Linksys, Inc.Linksys RE6300 is a wireless network signal extender.Linksys RE6250 is a wireless extender.Linksys RE6500 is a wireless extender. An injection vulnerability exists in various Linksys products, which stems from a command injection due to...
CVE-2022-42161
D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the /SetTriggerWPS/PIN parameter at function SetTriggerWPS...
CVE-2025-22903
TOTOLINK N600R V4.3.0cu.7647B20210106 was discovered to contain a stack overflow via the pin parameter in the function setWiFiWpsConfig...
CVE-2025-22903
Summary: CVE-2025-22903 affects TOTOLINK N600R, version 4.3.0cu.7647_B20210106, with a stack/ buffer overflow in setWiFiWpsConfig triggered by the pin parameter. Root cause (per sources): improper validation of input length in the pin parameter leading to overflow. Documented impact: potential de...
CVE-2025-22903
TOTOLINK N600R V4.3.0cu.7647B20210106 was discovered to contain a stack overflow via the pin parameter in the function setWiFiWpsConfig...