CVE-2025-10814

A vulnerability was determined in D-Link DIR-823X 240126/240802/250416. Affected by this vulnerability is an unknown functionality of the file /usr/sbin/goahead. This manipulation of the argument port causes command injection. The attack can be initiated remotely. The exploit has been publicly...

CVE-2025-10774

A weakness has been identified in Ruijie 6000-E10 up to 2.4.3.6-20171117. This affects an unknown part of the file /view/vpn/autovpn/subcommit.php. This manipulation of the argument key causes os command injection. It is possible to initiate the attack remotely. The exploit has been made availabl...

CVE-2025-10775

A security vulnerability has been detected in Wavlink WL-NU516U1 240425. This vulnerability affects the function sub4012A0 of the file /cgi-bin/login.cgi. Such manipulation of the argument ipaddr leads to os command injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-10775

A security vulnerability has been detected in Wavlink WL-NU516U1 240425. This vulnerability affects the function sub4012A0 of the file /cgi-bin/login.cgi. Such manipulation of the argument ipaddr leads to os command injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-10775 Wavlink WL-NU516U1 login.cgi sub_4012A0 os command injection

A security vulnerability has been detected in Wavlink WL-NU516U1 240425. This vulnerability affects the function sub4012A0 of the file /cgi-bin/login.cgi. Such manipulation of the argument ipaddr leads to os command injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-10774 Ruijie 6000-E10 sub_commit.php os command injection

A weakness has been identified in Ruijie 6000-E10 up to 2.4.3.6-20171117. This affects an unknown part of the file /view/vpn/autovpn/subcommit.php. This manipulation of the argument key causes os command injection. It is possible to initiate the attack remotely. The exploit has been made availabl...

CVE-2025-10774

CVE-2025-10774 affects Ruijie 6000-E10, up to version 2.4.3.6-20171117. The issue resides in an unknown portion of the file /view/vpn/autovpn/sub_commit.php, where manipulation of the keyword parameter (key) enables an OS command injection. The vulnerability can be exploited remotely and has seen...

PT-2025-38672

Name of the Vulnerable Software and Affected Versions Ruijie 6000-E10 versions through 2.4.3.6-20171117 Description A weakness exists in Ruijie 6000-E10. The issue affects an unknown part of the file /view/vpn/autovpn/sub commit.php. Manipulation of the key argument can lead to operating system...

WAVLINK WL-NU516U1 安全漏洞

WAVLINK WL-NU516U1 is a wireless print server from China Ruiyin WAVLINK. A security vulnerability exists in the Wavlink WL-NU516U1 version 240425, which originates from the incorrect operation of the parameter ipaddr in the file /cgi-bin/login.cgi, which could lead to a remote os command injectio...

PT-2025-39076

Name of the Vulnerable Software and Affected Versions D-Link DIR-823X versions 240126/240802/250416 Description A flaw exists in D-Link DIR-823X that allows for command injection. This occurs due to manipulation of the port argument within an unknown functionality of the file /usr/sbin/goahead. T...

PT-2025-38673

Name of the Vulnerable Software and Affected Versions: Wavlink WL-NU516U1 version 240425 Description: A security issue has been identified in the sub 4012A0 function of the /cgi-bin/login.cgi file. Manipulation of the ipaddr argument can lead to operating system command injection. This attack is...

CVE-2025-10689

A vulnerability was identified in D-Link DIR-645 105B01. This issue affects the function soapcgimain of the file /soap.cgi. Such manipulation of the argument service leads to command injection. The attack can be launched remotely. The exploit is publicly available and might be used. This...

CVE-2025-10689

The CVE-2025-10689 entry concerns D-Link DIR-645 firmware (model 105B01). A vulnerability exists in the soapcgi_main function within /soap.cgi where manipulation of the service argument enables remote command injection. The issue can be exploited remotely and publicly available exploit code is no...

CVE-2025-10689 D-Link DIR-645 soap.cgi soapcgi_main command injection

A vulnerability was identified in D-Link DIR-645 105B01. This issue affects the function soapcgimain of the file /soap.cgi. Such manipulation of the argument service leads to command injection. The attack can be launched remotely. The exploit is publicly available and might be used. This...

CVE-2025-10634

A weakness has been identified in D-Link DIR-823X 240126/240802/250416. The impacted element is the function sub412E7C of the file /usr/sbin/goahead of the component Environment Variable Handler. This manipulation of the argument terminaladdr/serverip/serverport causes command injection. The atta...

CVE-2025-10629

A vulnerability was determined in D-Link DIR-852 1.00CN B09. This issue affects the function ssdpcgimain of the file htodcs/cgibin of the component Simple Service Discovery Protocol Service. Executing manipulation of the argument ST can lead to command injection. The attack may be performed from...

CVE-2025-10629

A vulnerability was determined in D-Link DIR-852 1.00CN B09. This issue affects the function ssdpcgimain of the file htodcs/cgibin of the component Simple Service Discovery Protocol Service. Executing manipulation of the argument ST can lead to command injection. The attack may be performed from...

CVE-2025-10628

A vulnerability was found in D-Link DIR-852 1.00CN B09. This vulnerability affects unknown code of the file /htdocs/cgibin/hedwig.cgi of the component Web Management Interface. Performing manipulation results in command injection. The attack is possible to be carried out remotely. The exploit has...

CVE-2025-10634

CVE-2025-10634 affects D-Link DIR-823X routers (versions 240126, 240802, 250416). The issue is in the Environment Variable Handler’s /usr/sbin/goahead component, specifically function sub_412E7C, where manipulating arguments terminal_addr/server_ip/server_port enables remote command injection. Th...

CVE-2025-10629 D-Link DIR-852 Simple Service Discovery Protocol Service cgibin ssdpcgi_main command injection

A vulnerability was determined in D-Link DIR-852 1.00CN B09. This issue affects the function ssdpcgimain of the file htodcs/cgibin of the component Simple Service Discovery Protocol Service. Executing manipulation of the argument ST can lead to command injection. The attack may be performed from...