CVE-2025-15139

TRENDnet TEW-822DRE routers (versions 1.00B21 and 1.01B06) are affected by a command-injection vulnerability in the sub_43ACF4 function of /boafrm/formWsc, caused by manipulation of the peerPin argument. This allows remote code execution and has been publicly disclosed; exploitation is possible w...

CVE-2025-15136

A security vulnerability has been detected in TRENDnet TEW-800MB 1.0.1.0. Affected is the function dosetWizardasp of the file /goform/wizardset of the component Management Interface. The manipulation of the argument WizardConfigured leads to command injection. The attack may be initiated remotely...

CVE-2025-15136

A security vulnerability has been detected in TRENDnet TEW-800MB 1.0.1.0. Affected is the function dosetWizardasp of the file /goform/wizardset of the component Management Interface. The manipulation of the argument WizardConfigured leads to command injection. The attack may be initiated remotely...

CVE-2025-15137 TRENDnet TEW-800MB NTPSyncWithHost.cgi sub_F934  command injection

A vulnerability was detected in TRENDnet TEW-800MB 1.0.1.0. Affected by this vulnerability is the function subF934 of the file NTPSyncWithHost.cgi. The manipulation results in command injection. The attack may be launched remotely. The exploit is now public and may be used. The vendor was...

CVE-2025-15137 TRENDnet TEW-800MB NTPSyncWithHost.cgi sub_F934  command injection

A vulnerability was detected in TRENDnet TEW-800MB 1.0.1.0. Affected by this vulnerability is the function subF934 of the file NTPSyncWithHost.cgi. The manipulation results in command injection. The attack may be launched remotely. The exploit is now public and may be used. The vendor was...

CVE-2025-15136 TRENDnet TEW-800MB Management wizardset do_setWizard_asp command injection

A security vulnerability has been detected in TRENDnet TEW-800MB 1.0.1.0. Affected is the function dosetWizardasp of the file /goform/wizardset of the component Management Interface. The manipulation of the argument WizardConfigured leads to command injection. The attack may be initiated remotely...

CVE-2025-15136 TRENDnet TEW-800MB Management wizardset do_setWizard_asp command injection

A security vulnerability has been detected in TRENDnet TEW-800MB 1.0.1.0. Affected is the function dosetWizardasp of the file /goform/wizardset of the component Management Interface. The manipulation of the argument WizardConfigured leads to command injection. The attack may be initiated remotely...

EUVD-2025-205505

A vulnerability was found in ZSPACE Z4Pro+ 1.0.0440024. Impacted is the function zfilev2apiSafeStatus of the file /v2/file/safe/status of the component HTTP POST Request Handler. The manipulation results in command injection. The attack may be performed from remote. The exploit has been made publ...

EUVD-2025-205504

A vulnerability was determined in ZSPACE Z4Pro+ 1.0.0440024. The affected element is the function zfilev2apiopen of the file /v2/file/safe/open of the component HTTP POST Request Handler. This manipulation causes command injection. It is possible to initiate the attack remotely. The exploit has...

CVE-2025-15133

A vulnerability was identified in ZSPACE Z4Pro+ 1.0.0440024. The impacted element is the function zfilev2apiCloseSafe of the file /v2/file/safe/close of the component HTTP POST Request Handler. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit...

CVE-2025-15133

A vulnerability was identified in ZSPACE Z4Pro+ 1.0.0440024. The impacted element is the function zfilev2apiCloseSafe of the file /v2/file/safe/close of the component HTTP POST Request Handler. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit...

CVE-2025-15132

A vulnerability was determined in ZSPACE Z4Pro+ 1.0.0440024. The affected element is the function zfilev2apiopen of the file /v2/file/safe/open of the component HTTP POST Request Handler. This manipulation causes command injection. It is possible to initiate the attack remotely. The exploit has...

CVE-2025-15133 ZSPACE Z4Pro+ HTTP POST Request close zfilev2_api_CloseSafe command injection

A vulnerability was identified in ZSPACE Z4Pro+ 1.0.0440024. The impacted element is the function zfilev2apiCloseSafe of the file /v2/file/safe/close of the component HTTP POST Request Handler. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit...

CVE-2025-15133 ZSPACE Z4Pro+ HTTP POST Request close zfilev2_api_CloseSafe command injection

A vulnerability was identified in ZSPACE Z4Pro+ 1.0.0440024. The impacted element is the function zfilev2apiCloseSafe of the file /v2/file/safe/close of the component HTTP POST Request Handler. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit...

CVE-2025-15132 ZSPACE Z4Pro+ HTTP POST Request open zfilev2_api_open command injection

A vulnerability was determined in ZSPACE Z4Pro+ 1.0.0440024. The affected element is the function zfilev2apiopen of the file /v2/file/safe/open of the component HTTP POST Request Handler. This manipulation causes command injection. It is possible to initiate the attack remotely. The exploit has...

CVE-2025-15131

A vulnerability was found in ZSPACE Z4Pro+ 1.0.0440024. Impacted is the function zfilev2apiSafeStatus of the file /v2/file/safe/status of the component HTTP POST Request Handler. The manipulation results in command injection. The attack may be performed from remote. The exploit has been made publ...

CVE-2025-15131

A vulnerability was found in ZSPACE Z4Pro+ 1.0.0440024. Impacted is the function zfilev2apiSafeStatus of the file /v2/file/safe/status of the component HTTP POST Request Handler. The manipulation results in command injection. The attack may be performed from remote. The exploit has been made publ...

CVE-2025-15131 ZSPACE Z4Pro+ HTTP POST Request status zfilev2_api_SafeStatus command injection

A vulnerability was found in ZSPACE Z4Pro+ 1.0.0440024. Impacted is the function zfilev2apiSafeStatus of the file /v2/file/safe/status of the component HTTP POST Request Handler. The manipulation results in command injection. The attack may be performed from remote. The exploit has been made publ...

PT-2025-53652

Name of the Vulnerable Software and Affected Versions TRENDnet TEW-822DRE versions 1.00B21 and 1.01B06 Description A flaw exists in TRENDnet TEW-822DRE routers that allows for remote command injection. The issue is related to the manipulation of the peerPin argument within the sub 43ACF4 function...

PT-2025-53648

Name of the Vulnerable Software and Affected Versions ZSPACE Z4Pro+ version 1.0.0440024 Description A command injection issue exists in ZSPACE Z4Pro+. The affected component is the HTTP POST Request Handler, specifically within the zfilev2 api CloseSafe function located in the file...