CVE-2026-2528 Wavlink WL-WN579A3 wireless.cgi Delete_Mac_list command injection

A vulnerability was identified in Wavlink WL-WN579A3 up to 20210219. Affected by this vulnerability is the function DeleteMaclist of the file /cgi-bin/wireless.cgi. The manipulation of the argument deletelist leads to command injection. Remote exploitation of the attack is possible. The exploit i...

CVE-2026-2526

A vulnerability was found in Wavlink WL-WN579A3 up to 20210219. This impacts the function multissid of the file /cgi-bin/wireless.cgi. Performing a manipulation of the argument SSID2G2 results in command injection. The attack may be initiated remotely. The exploit has been made public and could b...

CVE-2026-2526 Wavlink WL-WN579A3 wireless.cgi multi_ssid command injection

A vulnerability was found in Wavlink WL-WN579A3 up to 20210219. This impacts the function multissid of the file /cgi-bin/wireless.cgi. Performing a manipulation of the argument SSID2G2 results in command injection. The attack may be initiated remotely. The exploit has been made public and could b...

PT-2026-8303

Name of the Vulnerable Software and Affected Versions Wavlink WL-WN579A3 versions up to 20210219 Description A security flaw exists in Wavlink WL-WN579A3. The issue is due to command injection within the DeleteMac function located in the /cgi-bin/wireless.cgi file. Manipulation of the delete list...

PT-2026-8322

Name of the Vulnerable Software and Affected Versions WAYOS FBM-220G version 24.10.19 Description A flaw exists in WAYOS FBM-220G version 24.10.19 related to command injection. Manipulation of the arguments upnp waniface, upnp ssdp interval, and upnp max age within the sub 40F820 function of the ...

PT-2026-8301

Name of the Vulnerable Software and Affected Versions Wavlink WL-WN579A3 versions up to 20210219 Description A command injection issue exists in the file /cgi-bin/login.cgi. Manipulating the key argument can allow for remote code execution. The vulnerability has been publicly disclosed. The vendo...

PT-2026-8306

Name of the Vulnerable Software and Affected Versions Wavlink WL-WN579A3 versions up to 20210219 Description A flaw exists in Wavlink WL-WN579A3 that allows for remote command injection. The issue is located in the AddMac function within the /cgi-bin/wireless.cgi file. Manipulation of the macAddr...

CVE-2026-2227

A vulnerability was found in D-Link DCS-931L up to 1.13.0. Impacted is the function doSystem of the file /setSystemAdmin. Performing a manipulation of the argument AdminID results in command injection. The attack may be initiated remotely. The exploit has been made public and could be used. This...

CVE-2026-2210

A vulnerability has been found in D-Link DIR-823X 250416. This affects the function sub4211C8 of the file /goform/setfiltering. Such manipulation leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used...

CVE-2026-2260

A vulnerability was found in D-Link DCS-931L up to 1.13.0. This affects an unknown part of the file /goform/setSysAdmin. The manipulation of the argument AdminID results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. This...

CVE-2026-2260 D-Link DCS-931L setSysAdmin os command injection

A vulnerability was found in D-Link DCS-931L up to 1.13.0. This affects an unknown part of the file /goform/setSysAdmin. The manipulation of the argument AdminID results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. This...

CVE-2026-2188

A vulnerability was determined in UTT 进取 521G 3.1.1-190816. The impacted element is the function sub446B18 of the file /goform/formPdbUpConfig. Executing a manipulation of the argument policyNames can lead to os command injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2026-2193

A vulnerability was detected in D-Link DI-7100G C1 24.04.18D1. Affected by this issue is the function setjhttpdinfo. Performing a manipulation of the argument usbusername results in command injection. Remote exploitation of the attack is possible...

CVE-2026-2184

A vulnerability was detected in Great Developers Certificate Generation System up to 97171bb0e5e22e52eacf4e4fa81773e5f3cffb73. This vulnerability affects unknown code of the file /restructured/csv.php. The manipulation of the argument photo results in os command injection. The attack can be...

CVE-2026-2194

A flaw has been found in D-Link DI-7100G C1 24.04.18D1. This affects the function startproxyclientemail. Executing a manipulation can lead to command injection. The attack can be executed remotely. The exploit has been published and may be used...

CVE-2026-2163

A vulnerability was identified in D-Link DIR-600 up to 2.15WWb02. This vulnerability affects unknown code of the file ssdp.cgi. Such manipulation of the argument HTTPST/REMOTEADDR/REMOTEPORT/SERVERID leads to command injection. The attack may be launched remotely. The exploit is publicly availabl...

CVE-2026-2167

A vulnerability was detected in Totolink WA300 5.2cu.7112B20190227. The impacted element is the function setAPNetwork of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument Ipaddr results in os command injection. The attack may be performed from remote. The exploit is now public and m...

CVE-2026-2168

A flaw has been found in D-Link DWR-M921 1.1.50. This affects the function sub419920 of the file /boafrm/formLtefotaUpgradeQuectel. This manipulation of the argument fotaurl causes command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used...

CVE-2026-2155

A security flaw has been discovered in D-Link DIR-823X 250416. The affected element is the function sub4208A0 of the file /goform/setdmz of the component Configuration Handler. The manipulation of the argument dmzhost/dmzenable results in os command injection. The attack can be executed remotely...

CVE-2026-2157

A security vulnerability has been detected in D-Link DIR-823X 250416. This affects the function sub4175CC of the file /goform/setstaticroutetable. Such manipulation of the argument interface/destip/netmask/gateway/metric leads to os command injection. The attack may be performed from remote. The...