CVE-2025-11096 D-Link DIR-823X diag_traceroute command injection

A flaw has been found in D-Link DIR-823X 250416. This issue affects some unknown processing of the file /goform/diagtraceroute. Executing manipulation of the argument targetaddr can lead to command injection. The attack can be executed remotely. The exploit has been published and may be used...

CVE-2025-11095 D-Link DIR-823X delete_offline_device command injection

A vulnerability was detected in D-Link DIR-823X 250416. This vulnerability affects unknown code of the file /goform/deleteofflinedevice. Performing manipulation of the argument delvalue results in command injection. Remote exploitation of the attack is possible. The exploit is now public and may ...

PT-2025-39758

Name of the Vulnerable Software and Affected Versions D-Link DIR-823X version 250416 Description A flaw exists in the processing of the /goform/diag traceroute file within D-Link DIR-823X version 250416. Manipulation of the target addr argument can lead to command injection, allowing for remote...

PT-2025-39761

Name of the Vulnerable Software and Affected Versions D-Link DIR-823X version 250416 Description A flaw exists in the D-Link DIR-823X router. Specifically, manipulating the delvalue argument within the uci del function in the /goform/delete prohibiting file can lead to command injection. This...

D-Link DIR-823X 命令注入漏洞

The D-Link DIR-823X is a wireless router from China's AUO D-Link. The D-Link DIR-823X suffers from a command injection vulnerability that can be exploited by an attacker to cause remote command execution...

D-Link DIR-823X 命令注入漏洞

The D-Link DIR-823X is a wireless router from China's AUO D-Link. The D-Link DIR-823X suffers from a command injection vulnerability that stems from a misuse of the parameter mac in the file /goform/setdevicename, which can be exploited by an attacker to cause remote command injection...

PT-2025-39759

Name of the Vulnerable Software and Affected Versions D-Link DIR-823X version 250416 Description A flaw exists in D-Link DIR-823X 250416 that allows remote command injection. The issue is located in an unknown function of the file /goform/set device name. Manipulating the mac argument can trigger...

D-Link DIR-823X 命令注入漏洞

The D-Link DIR-823X is a wireless router from China's AUO D-Link. The D-Link DIR-823X suffers from a command injection vulnerability that originates from a misuse of the parameter targetaddr in the file /goform/diagtraceroute, which can be exploited by an attacker to cause remote command injectio...

CVE-2025-11073

A vulnerability was detected in Keyfactor RG-EW5100BE EW3.0B11P280EW5100BE-PRO12183019. The affected element is an unknown function of the file /cgi-bin/luci/api/cmd of the component HTTP POST Request Handler. The manipulation of the argument url results in command injection. The attack can be...

CVE-2025-11073 Keyfactor RG-EW5100BE HTTP POST Request cmd command injection

A vulnerability was detected in Keyfactor RG-EW5100BE EW3.0B11P280EW5100BE-PRO12183019. The affected element is an unknown function of the file /cgi-bin/luci/api/cmd of the component HTTP POST Request Handler. The manipulation of the argument url results in command injection. The attack can be...

PT-2025-39737

Name of the Vulnerable Software and Affected Versions Keyfactor RG-EW5100BE EW 3.0B11P280 EW5100BE-PRO 12183019 Description A flaw exists in Keyfactor RG-EW5100BE EW 3.0B11P280 EW5100BE-PRO 12183019. The issue is related to command injection stemming from the manipulation of the url argument with...

Ruijie RG-EW5100BE 命令注入漏洞

The Ruijie RG-EW5100BE is a wireless router from China Ruijie Ruijie. A command injection vulnerability exists in the Ruijie RG-EW5100BE EW3.0B11P280EW5100BE-PRO12183019 version, which originates from the incorrect operation of the parameter url in the file /cgi-bin/luci/api/cmd, and could lead t...

CVE-2025-11045

A vulnerability was identified in WAYOS LQ04, LQ05, LQ06, LQ07 and LQ09 22.03.17. This affects an unknown function of the file /usbpaswd.asp. The manipulation of the argument Name leads to command injection. The attack can be initiated remotely. The exploit is publicly available and might be used...

CVE-2025-11045 WAYOS LQ_04/LQ_05/LQ_06/LQ_07/LQ_09 usb_paswd.asp command injection

A vulnerability was identified in WAYOS LQ04, LQ05, LQ06, LQ07 and LQ09 22.03.17. This affects an unknown function of the file /usbpaswd.asp. The manipulation of the argument Name leads to command injection. The attack can be initiated remotely. The exploit is publicly available and might be used...

CVE-2025-11045 WAYOS LQ_04/LQ_05/LQ_06/LQ_07/LQ_09 usb_paswd.asp command injection

A vulnerability was identified in WAYOS LQ04, LQ05, LQ06, LQ07 and LQ09 22.03.17. This affects an unknown function of the file /usbpaswd.asp. The manipulation of the argument Name leads to command injection. The attack can be initiated remotely. The exploit is publicly available and might be used...

CVE-2025-11045

The CVE-2025-11045 entry concerns WAYOS LQ_04/LQ_05/LQ_06/LQ_07/LQ_09 (version 22.03.17) where the Name parameter in an unknown function of the /usb_paswd.asp file enables remote command injection. Affected products are WAYOS routers in the LQ series; the vulnerability’s root cause is improper ha...

CVE-2025-10963

A security flaw has been discovered in Wavlink NU516U1 M16U1V240425. Affected is the function sub4016F0 of the file /cgi-bin/firewall.cgi. The manipulation of the argument delflag results in command injection. It is possible to launch the attack remotely. The exploit has been released to the publ...

CVE-2025-10964

A weakness has been identified in Wavlink NU516U1. Affected by this vulnerability is the function sub401B30 of the file /cgi-bin/firewall.cgi. This manipulation of the argument remoteManagementEnabled causes command injection. The attack can be initiated remotely. The exploit has been made...

CVE-2025-10960

A vulnerability was found in Wavlink NU516U1 M16U1V240425. The impacted element is the function sub402D1C of the file /cgi-bin/wireless.cgi of the component DeleteMac Page. Performing manipulation of the argument deletelist results in command injection. The attack is possible to be carried out...

CVE-2025-10959

A vulnerability has been found in Wavlink NU516U1 M16U1V240425. The affected element is the function sub401778 of the file /cgi-bin/firewall.cgi. Such manipulation of the argument dmzflag leads to command injection. The attack can be executed remotely. The exploit has been disclosed to the public...