CVE-2025-60698

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1FW102B02 within the prog.cgi and rc binaries. The sub432F60 function in prog.cgi stores user-supplied SetSysLogSettings/IPAddress values in NVRAM via nvramsafeset"SysLogRemoteIPAddress", .... These values are...

CVE-2025-60701

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1FW102B02 within the prog.cgi and rc binaries. The sub433188 function in prog.cgi stores user-supplied email configuration parameters EmailFrom, EmailTo, SMTPServerAddress, SMTPServerPort, AccountName in NVRAM v...

CVE-2025-60697

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1FW102B02 within the prog.cgi and rc binaries. The sub4438A4 function in prog.cgi stores user-supplied DDNS parameters ServerAddress and Hostname in NVRAM via nvramsafeset. These values are later retrieved in th...

CVE-2025-60698

The CVE-2025-60698 issue affects D-Link DIR-882 router firmware DIR882A1_FW102B02, where SetSysLogSettings/IPAddress stored in NVRAM via nvram_safe_set can be read and concatenated into a shell command executed by twsystem() in the rc binary. The root cause is un-sanitized retrieval of nvram valu...

CVE-2025-60698

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1FW102B02 within the prog.cgi and rc binaries. The sub432F60 function in prog.cgi stores user-supplied SetSysLogSettings/IPAddress values in NVRAM via nvramsafeset"SysLogRemoteIPAddress", .... These values are...

CVE-2025-60701

The CVE-2025-60701 issue affects the D-Link DIR-882 router, specifically firmware DIR882A1_FW102B02. The vulnerability stems from the prog.cgi function sub_433188 and the rc binary’s sub_448FDC, where user-supplied EmailFrom, EmailTo, SMTPServerAddress, SMTPServerPort, and AccountName are stored ...

CVE-2025-29570

An issue in Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 allows a local attacker to escalate privileges via the function tftpimagecheck of a binary named rc...

Shenzhen Libituo Technology LBT-T300-T400 安全漏洞

Shenzhen Libituo Technology LBT-T300-T400 is an industrial router from Shenzhen Libituo Technology China. A security vulnerability exists in the Shenzhen Libituo Technology LBT-T300-T400 version 3.2, which stems from a flaw in the tftpimagecheck function in the rc binary, which could lead to...

PT-2025-14789 · Unknown · Lbt-T300-T400

Name of the Vulnerable Software and Affected Versions: Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 version 3.2 Description: An issue in Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 version 3.2 allows a local attacker to escalate privileges via the tftp image check function of a binar...

CVE-2025-29570

CVE-2025-29570 concerns Shenzhen Libituo Technology Co., Ltd. LBT-T300-T400, version 3.2. Multiple sources describe a local privilege-escalation issue in the tftp_image_check function of the binary named rc . The root cause is not deeply detailed across the documents, but the vulnerability is ass...