Lucene search
K

16 matches found

EUVD
EUVD
added 2026/07/08 3:32 p.m.6 views

EUVD-2026-42292

An OS command injection vulnerability exists in the startlltd function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The machinename configuration parameter is not properly sanitized, which could allow an authenticated remote...

7.2CVSS6.2AI score0.0128EPSS
Exploits1References2
NVD
NVD
added 2026/07/08 3:16 p.m.10 views

CVE-2026-24697

An OS command injection vulnerability exists in the startbonjour function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The wanhostname configuration parameter is not properly sanitized, which could allow an authenticated remot...

7.2CVSS0.00957EPSS
Exploits0References1
NVD
NVD
added 2026/07/08 3:16 p.m.8 views

CVE-2026-24699

An OS command injection vulnerability exists in the sub34984 function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The lanipv6prefixlen configuration parameter is not properly sanitized, which could allow an authenticated remo...

7.2CVSS0.00957EPSS
Exploits0References1
CVE
CVE
added 2026/07/08 12:0 a.m.7 views

CVE-2026-24700

Cisco CVE-2026-24700 affects the RC binary’s start_lltd() on Cisco RV130/RV130W (firmware 1.0.3.55) and RV110W (firmware 1.2.2.5 / 1.2.2.8). The machine_name parameter is not properly sanitized, enabling OS command injection by an authenticated remote attacker with root privileges. Documented imp...

7.2CVSS6.2AI score0.0128EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/07/08 12:0 a.m.33 views

CVE-2026-24697

An OS command injection vulnerability exists in the startbonjour function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The wanhostname configuration parameter is not properly sanitized, which could allow an authenticated remot...

0.00957EPSS
Exploits0References1
CVE
CVE
added 2026/07/08 12:0 a.m.8 views

CVE-2026-24697

Summary: CVE-2026-24697 is an OS command injection in the rc binary's start_bonjour() on Cisco RV130/RV130W (firmware 1.0.3.55) and RV110W (firmware 1.2.2.5 / 1.2.2.8). The issue stems from improper sanitization of the wan_hostname configuration parameter, potentially allowing an authenticated re...

7.2CVSS6.2AI score0.00957EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/14 12:1 a.m.6 views

CVE-2025-60698

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1FW102B02 within the prog.cgi and rc binaries. The sub432F60 function in prog.cgi stores user-supplied SetSysLogSettings/IPAddress values in NVRAM via nvramsafeset"SysLogRemoteIPAddress", .... These values are...

7.3CVSS8.5AI score0.03929EPSS
Exploits1References1
NVD
NVD
added 2025/11/13 6:15 p.m.6 views

CVE-2025-60701

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1FW102B02 within the prog.cgi and rc binaries. The sub433188 function in prog.cgi stores user-supplied email configuration parameters EmailFrom, EmailTo, SMTPServerAddress, SMTPServerPort, AccountName in NVRAM v...

6.5CVSS0.03155EPSS
Exploits1References4
OSV
OSV
added 2025/11/13 6:15 p.m.6 views

CVE-2025-60697

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1FW102B02 within the prog.cgi and rc binaries. The sub4438A4 function in prog.cgi stores user-supplied DDNS parameters ServerAddress and Hostname in NVRAM via nvramsafeset. These values are later retrieved in th...

7.3CVSS6.2AI score0.0382EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/11/13 12:0 a.m.5 views

CVE-2025-60698

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1FW102B02 within the prog.cgi and rc binaries. The sub432F60 function in prog.cgi stores user-supplied SetSysLogSettings/IPAddress values in NVRAM via nvramsafeset"SysLogRemoteIPAddress", .... These values are...

8.1AI score0.03929EPSS
Exploits1References4
CVE
CVE
added 2025/11/13 12:0 a.m.23 views

CVE-2025-60698

The CVE-2025-60698 issue affects D-Link DIR-882 router firmware DIR882A1_FW102B02, where SetSysLogSettings/IPAddress stored in NVRAM via nvram_safe_set can be read and concatenated into a shell command executed by twsystem() in the rc binary. The root cause is un-sanitized retrieval of nvram valu...

7.3CVSS8.1AI score0.03929EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2025/11/13 12:0 a.m.16 views

CVE-2025-60701

The CVE-2025-60701 issue affects the D-Link DIR-882 router, specifically firmware DIR882A1_FW102B02. The vulnerability stems from the prog.cgi function sub_433188 and the rc binary’s sub_448FDC, where user-supplied EmailFrom, EmailTo, SMTPServerAddress, SMTPServerPort, and AccountName are stored ...

6.5CVSS8.1AI score0.03155EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2025/04/03 8:15 p.m.2 views

CVE-2025-29570

An issue in Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 allows a local attacker to escalate privileges via the function tftpimagecheck of a binary named rc...

7.8CVSS5.8AI score0.00192EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/04/03 12:0 a.m.5 views

Shenzhen Libituo Technology LBT-T300-T400 安全漏洞

Shenzhen Libituo Technology LBT-T300-T400 is an industrial router from Shenzhen Libituo Technology China. A security vulnerability exists in the Shenzhen Libituo Technology LBT-T300-T400 version 3.2, which stems from a flaw in the tftpimagecheck function in the rc binary, which could lead to...

7.8CVSS6.7AI score0.00192EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/04/03 12:0 a.m.5 views

PT-2025-14789 · Unknown · Lbt-T300-T400

Name of the Vulnerable Software and Affected Versions: Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 version 3.2 Description: An issue in Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 version 3.2 allows a local attacker to escalate privileges via the tftp image check function of a binar...

7.8CVSS6.1AI score0.00192EPSS
Exploits1References7
CVE
CVE
added 2025/04/03 12:0 a.m.44 views

CVE-2025-29570

CVE-2025-29570 concerns Shenzhen Libituo Technology Co., Ltd. LBT-T300-T400, version 3.2. Multiple sources describe a local privilege-escalation issue in the tftp_image_check function of the binary named rc . The root cause is not deeply detailed across the documents, but the vulnerability is ass...

7.8CVSS7.1AI score0.00192EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder