CVE-2025-11100

A vulnerability was identified in D-Link DIR-823X 250416. This affects the function uciset of the file /goform/setwifiblacklists. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used...

CVE-2025-11099

A vulnerability was determined in D-Link DIR-823X 250416. The impacted element is the function ucidel of the file /goform/deleteprohibiting. This manipulation of the argument delvalue causes command injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed...

CVE-2025-11098

A vulnerability was found in D-Link DIR-823X 250416. The affected element is an unknown function of the file /goform/setwifiblacklists. The manipulation of the argument macList results in command injection. The attack may be performed from remote. The exploit has been made public and could be use...

CVE-2025-11096

A flaw has been found in D-Link DIR-823X 250416. This issue affects some unknown processing of the file /goform/diagtraceroute. Executing manipulation of the argument targetaddr can lead to command injection. The attack can be executed remotely. The exploit has been published and may be used...

CVE-2025-11141

Ruijie NBR2100G-E (up to 20250919) is affected. The vulnerability resides in the listAction function (file /itbox_pi/branch_passw.php?a=list), where manipulating the city parameter triggers OS command injection. The issue enables remote execution, with exploitation reported publicly. Other parame...

CVE-2025-11138

A vulnerability was found in mirweiye wenkucms up to 3.4. This impacts the function createPathOne of the file app/common/common.php. The manipulation results in os command injection. The attack may be launched remotely. The exploit has been made public and could be used...

CVE-2025-11092

A weakness has been identified in D-Link DIR-823X 250416. Affected by this issue is the function sub412E7C of the file /goform/setswitchsettings. This manipulation of the argument port causes command injection. The attack may be initiated remotely. The exploit has been made available to the publi...

D-Link DIR-823X Command Injection Vulnerability (CNVD-2025-23370)

The D-Link DIR-823X is a wireless router from China's AUO D-Link. The D-Link DIR-823X suffers from a command injection vulnerability that stems from a misuse of the parameter mac in the file /goform/setdevicename, which can be exploited by an attacker to cause remote command injection...

D-Link DIR-823X Command Injection Vulnerability (CNVD-2025-23467)

The D-Link DIR-823X is a wireless router from China's AUO D-Link. The D-Link DIR-823X suffers from a command injection vulnerability, which is a result of incorrect manipulation of the parameter port of the function sub412E7C in the file /goform/setswitchsettings, which can be exploited by an...

PT-2025-39811

Name of the Vulnerable Software and Affected Versions Ruijie NBR2100G-E versions up to 20250919 Description A security flaw exists in Ruijie NBR2100G-E. The issue is related to os command injection. This occurs through manipulation of the city argument in the listAction function within the file...

CVE-2025-11121

A security vulnerability has been detected in Tenda AC18 15.03.05.19. The impacted element is an unknown function of the file /goform/AdvSetLanip. The manipulation of the argument lanIp leads to command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and m...

CVE-2025-11100

A vulnerability was identified in D-Link DIR-823X 250416. This affects the function uciset of the file /goform/setwifiblacklists. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used...

CVE-2025-11100

CVE-2025-11100 affects D-Link DIR-823X (firmware 250416). The uci_set function in /goform/set_wifi_blacklists is vulnerable to remote command injection; exploitation can occur over the network and a public exploit exists. Several sources (NVD, Red Hat, CNVD, CVE lists) confirm remote exploitation...

CVE-2025-11098

A vulnerability was found in D-Link DIR-823X 250416. The affected element is an unknown function of the file /goform/setwifiblacklists. The manipulation of the argument macList results in command injection. The attack may be performed from remote. The exploit has been made public and could be use...

CVE-2025-11098 D-Link DIR-823X set_wifi_blacklists command injection

A vulnerability was found in D-Link DIR-823X 250416. The affected element is an unknown function of the file /goform/setwifiblacklists. The manipulation of the argument macList results in command injection. The attack may be performed from remote. The exploit has been made public and could be use...

CVE-2025-11097 D-Link DIR-823X set_device_name command injection

A vulnerability has been found in D-Link DIR-823X 250416. Impacted is an unknown function of the file /goform/setdevicename. The manipulation of the argument mac leads to command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be...

CVE-2025-11096 D-Link DIR-823X diag_traceroute command injection

A flaw has been found in D-Link DIR-823X 250416. This issue affects some unknown processing of the file /goform/diagtraceroute. Executing manipulation of the argument targetaddr can lead to command injection. The attack can be executed remotely. The exploit has been published and may be used...

CVE-2025-11095 D-Link DIR-823X delete_offline_device command injection

A vulnerability was detected in D-Link DIR-823X 250416. This vulnerability affects unknown code of the file /goform/deleteofflinedevice. Performing manipulation of the argument delvalue results in command injection. Remote exploitation of the attack is possible. The exploit is now public and may ...

PT-2025-39758

Name of the Vulnerable Software and Affected Versions D-Link DIR-823X version 250416 Description A flaw exists in the processing of the /goform/diag traceroute file within D-Link DIR-823X version 250416. Manipulation of the target addr argument can lead to command injection, allowing for remote...

PT-2025-39761

Name of the Vulnerable Software and Affected Versions D-Link DIR-823X version 250416 Description A flaw exists in the D-Link DIR-823X router. Specifically, manipulating the delvalue argument within the uci del function in the /goform/delete prohibiting file can lead to command injection. This...