CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2025/08/16 5:29 a.m.•16 views

CVE-2025-8937

A vulnerability has been found in TOTOLINK N350R 1.2.3-B20130826. This vulnerability affects unknown code of the file /boafrm/formSysCmd. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used...

6.5CVSS7.9AI score0.02425EPSS

Exploits0References1

NVD•added 2025/08/15 10:15 a.m.•8 views

CVE-2025-9026

A vulnerability was identified in D-Link DIR-860L 2.04.B04. This affects the function ssdpcgimain of the file htdocs/cgibin of the component Simple Service Discovery Protocol. The manipulation leads to os command injection. It is possible to initiate the attack remotely. The exploit has been...

9.8CVSS0.03916EPSS

OSV•added 2025/08/15 10:15 a.m.•8 views

CVE-2025-9026

9.8CVSS5.5AI score

Exploits0References5

CVE•added 2025/08/15 9:32 a.m.•19 views

CVE-2025-9026

CVE-2025-9026 affects D-Link DIR-860L (firmware 2.04.B04). The vulnerability is in the Simple Service Discovery Protocol component, specifically the ssdpcgi_main function in htdocs/cgibin, enabling remote OS command injection. Publicly disclosed exploit indicates active risk, with impact on confi...

9.8CVSS7.7AI score0.03916EPSS

Exploits1References5Affected Software1

Vulnrichment•added 2025/08/15 9:32 a.m.•3 views

CVE-2025-9026 D-Link DIR-860L Simple Service Discovery Protocol cgibin ssdpcgi_main os command injection

7.5CVSS7.8AI score0.03916EPSS

NVD•added 2025/08/14 10:15 a.m.•43 views

CVE-2025-8956

8.8CVSS0.18145EPSS

OSV•added 2025/08/14 10:15 a.m.•2 views

CVE-2025-8956

8.8CVSS5.4AI score0.18145EPSS

CVE•added 2025/08/14 10:2 a.m.•22 views

CVE-2025-8956

D-Link DIR-818L firmware up to 1.05B01 is affected by a vulnerability in the getenv function of /htdocs/cgibin (ssdpcgi), enabling remote command injection. The issue allows an attacker to remotely exploit the vulnerability; the public exploit has been disclosed. Remediation: upgrade to a version...

8.8CVSS7.7AI score0.18145EPSS

Exploits1References5Affected Software1

NVD•added 2025/08/14 5:15 a.m.•7 views

CVE-2025-8937

8.8CVSS0.02425EPSS

Exploits0References7

CVE•added 2025/08/14 4:32 a.m.•16 views

CVE-2025-8937

CVE-2025-8937 affects TOTOLINK N350R, specifically the component/file at /boafrm/formSysCmd. The documented issue is a command injection vulnerability in unknown code, exploitable remotely, with exploit publicly disclosed. The primary affected device is TOTOLINK N350R version 1.2.3-B20130826. Sev...

8.8CVSS7.9AI score0.02425EPSS

In wildExploits0References7Affected Software1

Cvelist•added 2025/08/14 4:32 a.m.•7 views

CVE-2025-8937 TOTOLINK N350R formSysCmd command injection

6.5CVSS0.02425EPSS

Exploits0References7

Positive Technologies•added 2025/08/14 12:0 a.m.•8 views

PT-2025-33148 · D Link · D-Link Dir-818Lw

Name of the Vulnerable Software and Affected Versions: D-Link DIR-818L versions up to 1.05B01 Description: A vulnerability exists in D-Link DIR-818L that allows for remote command injection. The issue is located within the getenv function of the /htdocs/cgibin file, specifically in the ssdpcgi...

8.8CVSS6.5AI score0.18145EPSS

Exploits1References9

RedhatCVE•added 2025/08/13 4:29 a.m.•6 views

CVE-2025-8828

A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected is the function ipv6cmd of the file /goform/setIpv6. The manipulation of the argument...

RedhatCVE•added 2025/08/13 4:29 a.m.•11 views

CVE-2025-8829

A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this vulnerability is the function umred of the file /goform/RPsetBasicAuto. The manipulation of the argument hname leads to os command injection. The attack can be launched...

RedhatCVE•added 2025/08/13 2:12 a.m.•6 views

CVE-2025-8825

A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This affects the function RPsetBasicAuto of the file /goform/RPsetBasicAuto. The manipulation of the argument staticIp/staticNetmask leads to os command injection. It is possible to initiat...

RedhatCVE•added 2025/08/13 1:31 a.m.•4 views

CVE-2025-8823

A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this vulnerability is the function setDeviceName of the file /goform/setDeviceName. The manipulation of the argument DeviceName leads to os command injection. The attack can be...

RedhatCVE•added 2025/08/13 12:11 a.m.•14 views

CVE-2025-8821

A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This issue affects the function RPsetBasic of the file /goform/RPsetBasic. The manipulation of the argument bssid leads to os command injection. The attack may be initiated remotely. The...

Positive Technologies•added 2025/08/13 12:0 a.m.•7 views

PT-2025-33121

Name of the Vulnerable Software and Affected Versions: TOTOLINK N350R version 1.2.3-B20130826 Description: A vulnerability exists in TOTOLINK N350R that allows for remote command injection. The issue affects unknown code within the /boafrm/formSysCmd file. Manipulation of this file can lead to th...

8.8CVSS6.8AI score0.02425EPSS

Exploits0References18

RedhatCVE•added 2025/08/12 11:11 p.m.•10 views

CVE-2025-8818

A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this issue is the function setDFSSetting of the file /goform/setLan. The manipulation of the argument lanNetmask/lanIp leads to os command injection. The attack may be launched...

8.8CVSS7.6AI score0.07659EPSS