CVE-2025-34043

A remote command injection vulnerability exists in Vacron Network Video Recorder NVR devices v1.4 due to improper input sanitization in the board.cgi script. The vulnerability allows unauthenticated attackers to pass arbitrary commands to the underlying operating system via crafted HTTP requests...

CVE-2025-34044

A remote command injection vulnerability exists in the confirm.php interface of the WIFISKY 7-layer Flow Control Router via a specially-crafted HTTP GET request to the t parameter. Insufficient input validation allows unauthenticated attackers to execute arbitrary OS commands. Exploitation eviden...

CVE-2025-34044

A remote command injection vulnerability exists in the confirm.php interface of the WIFISKY 7-layer Flow Control Router via a specially-crafted HTTP GET request to the t parameter. Insufficient input validation allows unauthenticated attackers to execute arbitrary OS commands. Exploitation eviden...

CVE-2025-34044

The CVE-2025-34044 issue affects the WIFISKY 7-layer Flow Control Router, specifically the confirm.php interface. A vulnerability in input validation on the t HTTP GET parameter allows unauthenticated attackers to execute arbitrary OS commands (remote command injection). Exploitation evidence was...

CVE-2025-34043 Vacron NVR Remote Command Execution

A remote command injection vulnerability exists in Vacron Network Video Recorder NVR devices v1.4 due to improper input sanitization in the board.cgi script. The vulnerability allows unauthenticated attackers to pass arbitrary commands to the underlying operating system via crafted HTTP requests...

CVE-2025-34043

Vacron NVR devices (v1.4) are affected by a remote command injection due to improper input sanitization in the board.cgi script. The issue allows unauthenticated attackers to pass arbitrary commands to the underlying OS via crafted HTTP requests, resulting in remote code execution with the web se...

PT-2025-26992

Name of the Vulnerable Software and Affected Versions: Vacron Network Video Recorder NVR devices version 1.4 Description: A remote command injection issue exists due to improper input sanitization in the board.cgi script. This allows unauthenticated attackers to pass arbitrary commands to the...

PT-2025-26993

Name of the Vulnerable Software and Affected Versions: WIFISKY 7-layer Flow Control Router affected versions not specified Description: A remote command injection issue exists in the confirm.php interface of the WIFISKY 7-layer Flow Control Router. This is due to insufficient input validation,...

VulnCheck KEV: CVE-2025-34044

A remote command injection vulnerability exists in the confirm.php interface of the WIFISKY 7-layer Flow Control Router via a specially-crafted HTTP GET request to the t parameter. Insufficient input validation allows unauthenticated attackers to execute arbitrary OS commands. Exploitation eviden...

CVE-2025-6621

A vulnerability classified as critical has been found in TOTOLINK CA300-PoE 6.2c.884. This affects the function QuickSetting of the file ap.so. The manipulation of the argument hour/minute leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclose...

CVE-2025-6619

A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been declared as critical. Affected by this vulnerability is the function setUpgradeFW of the file upgrade.so. The manipulation of the argument FileName leads to os command injection. The attack can be launched remotely. The exploit...

CVE-2025-6618

A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been classified as critical. Affected is the function SetWLanApcliSettings of the file wps.so. The manipulation of the argument PIN leads to os command injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-6618

CVE-2025-6618 affects TOTOLINK CA300-PoE 6.2c.884. The vulnerability resides in the wps.so library, within the SetWLanApcliSettings function, where improper handling of the PIN parameter enables os command injection. It is exploitable remotely, and public disclosures have occurred. Multiple sourc...

CVE-2025-6299

A vulnerability classified as critical has been found in TOTOLINK N150RT 3.4.0-B20190525. This affects an unknown part of the file /boa/formWSC. The manipulation of the argument targetAPSsid leads to os command injection. It is possible to initiate the attack remotely. The exploit has been...

CVE-2025-6485

A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been classified as critical. This affects the function formWlSiteSurvey of the file /boafrm/formWlSiteSurvey. The manipulation of the argument wlanif leads to os command injection. It is possible to initiate the attack...

CVE-2025-6485

A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been classified as critical. This affects the function formWlSiteSurvey of the file /boafrm/formWlSiteSurvey. The manipulation of the argument wlanif leads to os command injection. It is possible to initiate the attack...

CVE-2025-6335

A vulnerability was found in DedeCMS up to 5.7.2 and classified as critical. This issue affects some unknown processing of the file /include/dedetag.class.php of the component Template Handler. The manipulation of the argument notes leads to command injection. The attack may be initiated remotely...

CVE-2025-6299

A vulnerability classified as critical has been found in TOTOLINK N150RT 3.4.0-B20190525. This affects an unknown part of the file /boa/formWSC. The manipulation of the argument targetAPSsid leads to os command injection. It is possible to initiate the attack remotely. The exploit has been...

VulnCheck KEV: CVE-2021-27692

Command Injection in Tenda G1 and G3 routers with firmware versions v15.11.0.179502CN or v15.11.0.169024CN allows remote attackers to execute arbitrary OS commands via a crafted "action/umountUSBPartition" request. This occurs because the "formSetUSBPartitionUmount" function executes the...

CVE-2025-5763

A vulnerability has been found in Tenda CP3 11.10.00.2311090948 and classified as critical. Affected by this vulnerability is the function subF3C8C of the file apollo. The manipulation leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public an...