29 matches found
CVE-2021-35402
PROLiNK PRC2402M 20190909 before 2021-06-13 allows liveapi.cgi?page=satellitelist OS command injection via shell metacharacters in the ip parameter for satellitestatus...
CVE-2021-35402
PROLiNK PRC2402M 20190909 before 2021-06-13 allows liveapi.cgi?page=satellitelist OS command injection via shell metacharacters in the ip parameter for satellitestatus...
CVE-2021-35402
PROLiNK PRC2402M 20190909 before 2021-06-13 allows liveapi.cgi?page=satellitelist OS command injection via shell metacharacters in the ip parameter for satellitestatus...
CVE-2021-35402
CVE-2021-35402 affects PROLiNK PRC2402M firmware prior to 2021-06-13. The issue is an OS command injection in live_api.cgi when handling page=satellite_list (satellite_status) via the ip parameter, caused by shell metacharacters in user input. Impact is arbitrary command execution on vulnerable d...
CVE-2021-35402
PROLiNK PRC2402M 20190909 before 2021-06-13 allows liveapi.cgi?page=satellitelist OS command injection via shell metacharacters in the ip parameter for satellitestatus...
EUVD-2021-23303
Malware in sbrugna...
CVE-2021-36705
In ProLink PRC2402M V1.0.18 and older, the setTR069 function in the adm.cgi binary, accessible with a page parameter value of TR069 contains a trivial command injection where the value of the TR069localport parameter is passed directly to system...
CVE-2021-36708
In ProLink PRC2402M V1.0.18 and older, the setsysinit function in the login.cgi binary allows an attacker to reset the password to the administrative interface of the router...
CVE-2021-36707
In ProLink PRC2402M V1.0.18 and older, the setledonoff function in the adm.cgi binary, accessible with a page parameter value of ledonoff contains a trivial command injection where the value of the ledcmd parameter is passed directly to dosystem...
VulnCheck KEV: CVE-2021-35402
A vulnerability is present in Prolink PRC2402M that could allow unauthenticated remote adversaries to inject commands due to improper checks on input supplied to 'liveapi.cgi'...
ProLink PRC2402M Command Injection Vulnerability (CNVD-2021-68447)
ProLink PRC2402M is a router from ProLink Singapore. A command injection vulnerability exists in the setsyscmd function in the adm.cgi binary file of ProLink PRC2402M 1.0.18 and prior versions. An attacker could exploit this vulnerability to cause command injection by passing the command paramete...
ProLink PRC2402M Command Injection Vulnerability
ProLink PRC2402M is a router from ProLink Singapore. A command injection vulnerability exists in the setledonoff function in the adm.cgi binary file of ProLink PRC2402M 1.0.18 and prior versions. An attacker can exploit this vulnerability to cause command injection by passing the ledcmd parameter...
ProLink PRC2402M Information Disclosure Vulnerability (CVE-2021-36708)
ProLink PRC2402M is a router from ProLink Singapore. An information disclosure vulnerability exists in the setsysinit function in the login.cgi binary file of ProLink PRC2402M 1.0.18 and prior versions. An attacker can exploit this vulnerability to reset the password in the administrator interfac...
ProLink PRC2402M Command Injection Vulnerability (CNVD-2021-68446)
ProLink PRC2402M is a router from ProLink Singapore. A command injection vulnerability exists in the setTR069 function in the adm.cgi binary file of ProLink PRC2402M 1.0.18 and prior versions. An attacker can exploit this vulnerability to cause command injection by passing the TR069localport...
CVE-2021-36707
In ProLink PRC2402M V1.0.18 and older, the setledonoff function in the adm.cgi binary, accessible with a page parameter value of ledonoff contains a trivial command injection where the value of the ledcmd parameter is passed directly to dosystem...
CVE-2021-36705
In ProLink PRC2402M V1.0.18 and older, the setTR069 function in the adm.cgi binary, accessible with a page parameter value of TR069 contains a trivial command injection where the value of the TR069localport parameter is passed directly to system...
CVE-2021-36706
In ProLink PRC2402M V1.0.18 and older, the setsyscmd function in the adm.cgi binary, accessible with a page parameter value of sysCMD contains a trivial command injection where the value of the command parameter is passed directly to system...
CVE-2021-36708
In ProLink PRC2402M V1.0.18 and older, the setsysinit function in the login.cgi binary allows an attacker to reset the password to the administrative interface of the router...
CVE-2021-36705
In ProLink PRC2402M V1.0.18 and older, the setTR069 function in the adm.cgi binary, accessible with a page parameter value of TR069 contains a trivial command injection where the value of the TR069localport parameter is passed directly to system...
CVE-2021-36707
In ProLink PRC2402M V1.0.18 and older, the setledonoff function in the adm.cgi binary, accessible with a page parameter value of ledonoff contains a trivial command injection where the value of the ledcmd parameter is passed directly to dosystem...