PT-2025-35124

Name of the Vulnerable Software and Affected Versions Linksys RE6250 version 1.0.013.001 Linksys RE6250 version 1.0.04.001 Linksys RE6250 version 1.0.04.002 Linksys RE6250 version 1.1.05.003 Linksys RE6250 version 1.2.07.001 Linksys RE6300 version 1.0.013.001 Linksys RE6300 version 1.0.04.001...

PT-2025-35128

Name of the Vulnerable Software and Affected Versions: LB-LINK BL-X26 version 1.2.8 Description: A weakness exists in the HTTP Handler component due to the manipulation of the enable argument within the /goform/set hidessid cfg file, leading to os command injection. This issue can be exploited...

PT-2025-35142

Name of the Vulnerable Software and Affected Versions Comfast CF-N1 version 2.6.0 Description A vulnerability was identified in the wireless device dissoc function of the /usr/bin/webmgnt file. Manipulation of the mac argument leads to command injection. The attack may be performed remotely. The...

PT-2025-35135

Name of the Vulnerable Software and Affected Versions: Comfast CF-N1 version 2.6.0 Description: A vulnerability exists in the ping config function of the /usr/bin/webmgnt file, which can lead to command injection. Remote exploitation is possible. The exploit has been publicly disclosed...

PT-2025-35137

Name of the Vulnerable Software and Affected Versions: Comfast CF-N1 version 2.6.0 Description: A vulnerability exists in Comfast CF-N1 version 2.6.0 due to command injection. Manipulation of the portal delete picname argument within the wifilith delete pic file function, located in the...

PT-2025-35136

Name of the Vulnerable Software and Affected Versions: Comfast CF-N1 version 2.6.0 Description: A vulnerability exists in Comfast CF-N1 version 2.6.0 due to command injection. The issue is located in the update interface png function within the /usr/bin/webmgnt file. Manipulation of the...

CVE-2025-9528

A vulnerability was determined in Linksys E1700 1.0.0.4.003. This vulnerability affects the function systemCommand of the file /goform/systemCommand. Executing manipulation of the argument command can lead to os command injection. The attack may be launched remotely. The exploit has been publicly...

CVE-2025-9528 Linksys E1700 systemCommand os command injection

A vulnerability was determined in Linksys E1700 1.0.0.4.003. This vulnerability affects the function systemCommand of the file /goform/systemCommand. Executing manipulation of the argument command can lead to os command injection. The attack may be launched remotely. The exploit has been publicly...

CVE-2025-9528

CVE-2025-9528 affects Linksys E1700 router (version 1.0.0.4.003). The vulnerability targets the function systemCommand in /goform/systemCommand; manipulating the command argument can cause an OS command injection. The attack can be launched remotely, and exploitation has been publicly disclosed. ...

CVE-2025-9387

A vulnerability was found in DCN DCME-720 9.1.5.11. This affects an unknown function of the file /usr/local/www/function/audit/newstatistics/ipblock.php of the component Web Management Backend. Performing manipulation of the argument ip results in os command injection. It is possible to initiate...

PT-2025-34797 · Ipfire · Ipfire

Name of the Vulnerable Software and Affected Versions: IPFire version 2.29 Description: The Calamaris log exporter CGI script /cgi-bin/logs.cgi/calamaris.dat does not properly sanitize user-supplied input before using it in shell commands. This allows a remote, unauthenticated attacker to inject...

CVE-2025-9424

A vulnerability was identified in Ruijie WS7204-A 2017.06.15. Affected by this vulnerability is an unknown functionality of the file /itboxpi/branchimport.php?a=branchlist. Such manipulation of the argument province leads to os command injection. The attack can be executed remotely. The exploit i...

CVE-2025-9424

A vulnerability was identified in Ruijie WS7204-A 2017.06.15. Affected by this vulnerability is an unknown functionality of the file /itboxpi/branchimport.php?a=branchlist. Such manipulation of the argument province leads to os command injection. The attack can be executed remotely. The exploit i...

CVE-2025-9424 Ruijie WS7204-A branch_import.php os command injection

A vulnerability was identified in Ruijie WS7204-A 2017.06.15. Affected by this vulnerability is an unknown functionality of the file /itboxpi/branchimport.php?a=branchlist. Such manipulation of the argument province leads to os command injection. The attack can be executed remotely. The exploit i...

CVE-2025-9387 DCN DCME-720 Web Management Backend ip_block.php os command injection

A vulnerability was found in DCN DCME-720 9.1.5.11. This affects an unknown function of the file /usr/local/www/function/audit/newstatistics/ipblock.php of the component Web Management Backend. Performing manipulation of the argument ip results in os command injection. It is possible to initiate...

CVE-2025-9262

A flaw has been found in wong2 mcp-cli 1.13.0. Affected is the function redirectToAuthorization of the file /src/oauth/provider.js of the component oAuth Handler. This manipulation causes os command injection. The attack may be initiated remotely. The attack is considered to have high complexity...

CVE-2025-9244

A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function addStaticRoute of the file /goform/addStaticRoute. Such manipulation of the argument...

CVE-2025-9149

A vulnerability was determined in Wavlink WL-NU516U1 M16U1V240425. This impacts the function sub4032E4 of the file /cgi-bin/wireless.cgi. This manipulation of the argument Guestssid causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclose...

CVE-2025-24285

Multiple Improper Input Validation vulnerabilities in UniFi Connect EV Station Lite may allow a Command Injection by a malicious actor with network access to the UniFi Connect EV Station Lite. Affected Products: UniFi Connect EV Station Lite Version 1.5.1 and earlier Mitigation: Update UniFi...

CVE-2025-9262

A flaw has been found in wong2 mcp-cli 1.13.0. Affected is the function redirectToAuthorization of the file /src/oauth/provider.js of the component oAuth Handler. This manipulation causes os command injection. The attack may be initiated remotely. The attack is considered to have high complexity...