CVE-2025-11099

A vulnerability was determined in D-Link DIR-823X 250416. The impacted element is the function ucidel of the file /goform/deleteprohibiting. This manipulation of the argument delvalue causes command injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed...

CVE-2025-11098

A vulnerability was found in D-Link DIR-823X 250416. The affected element is an unknown function of the file /goform/setwifiblacklists. The manipulation of the argument macList results in command injection. The attack may be performed from remote. The exploit has been made public and could be use...

CVE-2025-11096

A flaw has been found in D-Link DIR-823X 250416. This issue affects some unknown processing of the file /goform/diagtraceroute. Executing manipulation of the argument targetaddr can lead to command injection. The attack can be executed remotely. The exploit has been published and may be used...

CVE-2025-11141

Ruijie NBR2100G-E (up to 20250919) is affected. The vulnerability resides in the listAction function (file /itbox_pi/branch_passw.php?a=list), where manipulating the city parameter triggers OS command injection. The issue enables remote execution, with exploitation reported publicly. Other parame...

CVE-2025-11138

A vulnerability was found in mirweiye wenkucms up to 3.4. This impacts the function createPathOne of the file app/common/common.php. The manipulation results in os command injection. The attack may be launched remotely. The exploit has been made public and could be used...

CVE-2025-11138

A vulnerability was found in mirweiye wenkucms up to 3.4. This impacts the function createPathOne of the file app/common/common.php. The manipulation results in os command injection. The attack may be launched remotely. The exploit has been made public and could be used...

CVE-2025-11092

A weakness has been identified in D-Link DIR-823X 250416. Affected by this issue is the function sub412E7C of the file /goform/setswitchsettings. This manipulation of the argument port causes command injection. The attack may be initiated remotely. The exploit has been made available to the publi...

Western Digital My Cloud 安全漏洞

Western Digital My Cloud is a personal cloud storage device from Western Digital. A security vulnerability exists in Western Digital My Cloud versions prior to 5.31.108, which stems from the user interface not handling input correctly and could lead to remote command execution...

D-Link DIR-823X Command Injection Vulnerability (CNVD-2025-23370)

The D-Link DIR-823X is a wireless router from China's AUO D-Link. The D-Link DIR-823X suffers from a command injection vulnerability that stems from a misuse of the parameter mac in the file /goform/setdevicename, which can be exploited by an attacker to cause remote command injection...

D-Link DIR-823X Command Injection Vulnerability (CNVD-2025-23467)

The D-Link DIR-823X is a wireless router from China's AUO D-Link. The D-Link DIR-823X suffers from a command injection vulnerability, which is a result of incorrect manipulation of the parameter port of the function sub412E7C in the file /goform/setswitchsettings, which can be exploited by an...

D-Link DIR-823X Command Injection Vulnerability (CNVD-2025-23367)

The D-Link DIR-823X is a wireless router from China's AUO D-Link. The D-Link DIR-823X suffers from a command injection vulnerability that can be exploited by an attacker to cause remote command execution...

wenkucms 操作系统命令注入漏洞

wenkucms is a content management system by mirweiye personal developer. An OS command injection vulnerability exists in wenkucms 3.4 and earlier versions, which originates from a misuse of the function createPathOne in the file app/common/common.php, which could lead to a remote command injection...

PT-2025-39811

Name of the Vulnerable Software and Affected Versions Ruijie NBR2100G-E versions up to 20250919 Description A security flaw exists in Ruijie NBR2100G-E. The issue is related to os command injection. This occurs through manipulation of the city argument in the listAction function within the file...

CVE-2025-11121

A security vulnerability has been detected in Tenda AC18 15.03.05.19. The impacted element is an unknown function of the file /goform/AdvSetLanip. The manipulation of the argument lanIp leads to command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and m...

CVE-2025-11100

A vulnerability was identified in D-Link DIR-823X 250416. This affects the function uciset of the file /goform/setwifiblacklists. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used...

CVE-2025-11100

CVE-2025-11100 affects D-Link DIR-823X (firmware 250416). The uci_set function in /goform/set_wifi_blacklists is vulnerable to remote command injection; exploitation can occur over the network and a public exploit exists. Several sources (NVD, Red Hat, CNVD, CVE lists) confirm remote exploitation...

CVE-2025-11098

A vulnerability was found in D-Link DIR-823X 250416. The affected element is an unknown function of the file /goform/setwifiblacklists. The manipulation of the argument macList results in command injection. The attack may be performed from remote. The exploit has been made public and could be use...

CVE-2025-11098 D-Link DIR-823X set_wifi_blacklists command injection

A vulnerability was found in D-Link DIR-823X 250416. The affected element is an unknown function of the file /goform/setwifiblacklists. The manipulation of the argument macList results in command injection. The attack may be performed from remote. The exploit has been made public and could be use...

CVE-2025-11096

A flaw has been found in D-Link DIR-823X 250416. This issue affects some unknown processing of the file /goform/diagtraceroute. Executing manipulation of the argument targetaddr can lead to command injection. The attack can be executed remotely. The exploit has been published and may be used...

CVE-2025-11097 D-Link DIR-823X set_device_name command injection

A vulnerability has been found in D-Link DIR-823X 250416. Impacted is an unknown function of the file /goform/setdevicename. The manipulation of the argument mac leads to command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be...