CVE-2025-41673 Remote Command Injection in send_sms Action Due to Improper Input Neutralization

A high privileged remote attacker can execute arbitrary system commands via POST requests in the sendsms action due to improper neutralization of special elements used in an OS command...

CVE-2025-41673 Remote Command Injection in send_sms Action Due to Improper Input Neutralization

A high privileged remote attacker can execute arbitrary system commands via POST requests in the sendsms action due to improper neutralization of special elements used in an OS command...

CVE-2025-41673

CVE-2025-41673 affects MB CONNECT LINE mbNET.mini (industrial router). The vulnerability is an OS command-injection in the send_sms operation caused by improper neutralization of special elements, enabling remote execution of system commands via POST requests. Vulnerable versions are prior to 2.3...

VulnCheck KEV: CVE-2023-5683

A vulnerability was found in Byzoro Smart S85F Management Platform up to 20231010 and classified as critical. This issue affects some unknown processing of the file /sysmanage/importconf.php. The manipulation of the argument btnfilerenew leads to os command injection. The attack may be initiated...

CVE-2025-7836

A vulnerability has been found in D-Link DIR-816L up to 2.06B01 and classified as critical. Affected by this vulnerability is the function lxmldbcsystem of the file /htdocs/cgibin of the component Environment Variable Handler. The manipulation leads to command injection. The attack can be launche...

CVE-2025-7788

CVE-2025-7788 affects Xuxueli xxl-job up to 3.1.1. The vulnerable component is the commandJobHandler function in SampleXxlJob.java, enabling OS command injection with remote access. Exploit-public disclosures exist. Remediation: upgrade to a version beyond 3.1.1 and, as a workaround, restrict acc...

PT-2025-30007 · Ubiquiti · Unifi Access +1

Name of the Vulnerable Software and Affected Versions: UniFi Access Reader Pro versions 2.14.21 and earlier UniFi Access G2 Reader Pro versions 1.10.32 and earlier UniFi Access G3 Reader Pro versions 1.10.30 and earlier UniFi Access Intercom versions 1.7.28 and earlier UniFi Access G3 Intercom...

CVE-2025-7553

A vulnerability classified as critical has been found in D-Link DIR-818LW up to 20191215. This affects an unknown part of the component System Time Page. The manipulation of the argument NTP Server leads to os command injection. It is possible to initiate the attack remotely. The exploit has been...

CVE-2025-7615

A vulnerability classified as critical was found in TOTOLINK T6 4.1.5cu.748. Affected by this vulnerability is the function clearPairCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ip leads to command injection. The attack can be...

CVE-2025-7613

A vulnerability was found in TOTOLINK T6 4.1.5cu.748. It has been rated as critical. This issue affects the function CloudSrvVersionCheck of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ip leads to command injection. The attack may be...

VulnCheck KEV: CVE-2024-0292

A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619B20230130. Affected is the function setOpModeCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to os command injection. It is possible to launch the attack remotely. The explo...

CVE-2025-7414

CVE-2025-7414 affects Tenda O3V2 1.0.0.12(3880). The vulnerability is in the httpd component’s file /goform/setPingInfo, specifically the fromNetToolGet function, where manipulation of the domain argument leads to operating system command injection. This can be exploited remotely and publicly dis...

CVE-2025-7407

A vulnerability, which was classified as critical, was found in Netgear D6400 1.0.0.114. This affects an unknown part of the file diag.cgi. The manipulation of the argument hostname leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to th...

CVE-2025-7083

A vulnerability was found in Belkin F9K1122 1.00.33. It has been classified as critical. This affects the function mp of the file /goform/mp of the component webs. The manipulation of the argument command leads to os command injection. It is possible to initiate the attack remotely. The exploit h...

CVE-2025-7083

CVE-2025-7083 affects Belkin F9K1122 with firmware 1.00.33. A vulnerability in the function mp of the file /goform/mp allows OS command injection via manipulation of the command argument, with remote exploitation possible. The CVE entries consistently describe a critical impact (CWE-like risk: ar...

CVE-2025-7082

A vulnerability was found in Belkin F9K1122 1.00.33 and classified as critical. Affected by this issue is the function formBSSetSitesurvey of the file /goform/formBSSetSitesurvey of the component webs. The manipulation of the argument wanipaddr/wannetmask/wangateway/wlssid is directly passed by t...

CVE-2025-7081

A vulnerability has been found in Belkin F9K1122 1.00.33 and classified as critical. Affected by this vulnerability is the function formSetWanStatic of the file /goform/formSetWanStatic of the component webs. The manipulation of the argument...

CVE-2025-7081

A vulnerability has been found in Belkin F9K1122 1.00.33 and classified as critical. Affected by this vulnerability is the function formSetWanStatic of the file /goform/formSetWanStatic of the component webs. The manipulation of the argument...

CVE-2025-34044

A remote command injection vulnerability exists in the confirm.php interface of the WIFISKY 7-layer Flow Control Router via a specially-crafted HTTP GET request to the t parameter. Insufficient input validation allows unauthenticated attackers to execute arbitrary OS commands. Exploitation eviden...

CVE-2025-34043

A remote command injection vulnerability exists in Vacron Network Video Recorder NVR devices v1.4 due to improper input sanitization in the board.cgi script. The vulnerability allows unauthenticated attackers to pass arbitrary commands to the underlying operating system via crafted HTTP requests...