The vulnerability of the cckeckKeepAlive() function in the microprogramming software of the TOTOLink T6 system allows a hacker to execute arbitrary commands.

The vulnerability of the cckeckKeepAlive function in the TOTOLink T6 mesh-system’s software lies in the lack of measures taken to neutralize special elements during the processing of the ipAddr parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the ssdpcgi_main() function (/htdocs/cgibin) in the ssdpcgi component of D-Link DIR-645 router microprogramming software, allowing a hacker to execute arbitrary commands

The vulnerability of the ssdpcgimain function /htdocs/cgibin of the ssdpcgi component in the D-Link DIR-645 router microprogramming system is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability could allow a remote attacker to execute arbitrary commands...

Siemens SCALANCE LPE9403 Improper Neutralization of Special Elements Used in an OS Command (CVE-2025-40582)

A vulnerability has been identified in SCALANCE LPE9403 6GK5998-3GS00-2AC2 All versions with SINEMA Remote Connect Edge Client installed. Affected devices do not properly sanitize configuration parameters. This could allow a non-privileged local attacker to execute root commands on the device. Th...

CVE-2025-41674

A high privileged remote attacker can execute arbitrary system commands via POST requests in the diagnostic action due to improper neutralization of special elements used in an OS command...

The vulnerability of the sub_4197C0() function in TOTOLINK A3300R router microprogramming software allows a intruder to execute arbitrary commands.

The vulnerability of the sub4197C0 function in TOTOLINK A3300R router microprogramming systems is related to the lack of measures taken to neutralize special elements during the processing of mac and desc parameters. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

The vulnerability of the System Time module in the D-LINK DIR-818LW router’s software management web interface allows a hacker to execute arbitrary commands.

The vulnerability of the System Time module in the D-LINK DIR-818LW router’s software management web interface is related to the lack of measures taken to neutralize special elements during the processing of the NTP Server parameter. Exploiting this vulnerability allows a remote attacker to execu...

Netgear D6400 Remote Command Execution Vulnerability

The Netgear D6400 is a wireless modem from NETGEAR. A remote command execution vulnerability exists in the Netgear D6400, which can be exploited by an attacker to execute arbitrary commands on the system...

PT-2025-30551 · Iotgen · Iotgen

Name of the Vulnerable Software and Affected Versions: Apache IoT affected versions not specified Description: An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to improper sanitizing of user input in the Main Web Interface. The vulnerabl...

Exploit for Deserialization of Untrusted Data in Microsoft

ToolShell → CVE‑2025‑53770 Exploit PoC This package allows: 1...

CVE-2025-7952

A vulnerability classified as critical was found in TOTOLINK T6 4.1.5cu.748. This vulnerability affects the function ckeckKeepAlive of the file wireless.so of the component MQTT Packet Handler. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been...

CVE-2025-7932

A vulnerability classified as critical has been found in D-Link DIR‑817L up to 1.04B01. This affects the function lxmldbcsystem of the file ssdpcgi. The manipulation leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be...

CVE-2025-46122

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, where the authenticated diagnostics API endpoint /admin/cmdstat.jsp passes attacker-controlled input to the shell without adequate validation, enabling a remote attacker to specify a target by MAC...

CVE-2025-41673

A high privileged remote attacker can execute arbitrary system commands via POST requests in the sendsms action due to improper neutralization of special elements used in an OS command...

CVE-2025-41675 Remote Command Injection via GET in Cloud Server Communication Script Due to Improper Input Neutralization

A high privileged remote attacker can execute arbitrary system commands via GET requests in the cloud server communication script due to improper neutralization of special elements used in an OS command...

CVE-2025-41675

CVE-2025-41675 concerns MB CONNECT LINE mbNET.mini and Helmholz/mbNET.mini gateways where an OS command injection arises from improper neutralization of special elements in OS commands. The vulnerability allows a high-privilege remote attacker to trigger arbitrary system commands via GET requests...

CVE-2025-41675 Remote Command Injection via GET in Cloud Server Communication Script Due to Improper Input Neutralization

A high privileged remote attacker can execute arbitrary system commands via GET requests in the cloud server communication script due to improper neutralization of special elements used in an OS command...

CVE-2025-41674 Remote Command Injection in diagnostic Action Due to Improper Input Neutralization

A high privileged remote attacker can execute arbitrary system commands via POST requests in the diagnostic action due to improper neutralization of special elements used in an OS command...

CVE-2025-41674 Remote Command Injection in diagnostic Action Due to Improper Input Neutralization

A high privileged remote attacker can execute arbitrary system commands via POST requests in the diagnostic action due to improper neutralization of special elements used in an OS command...

CVE-2025-41674

The CVE-2025-41674 entry matches an OS command injection in MB CONNECT LINE mbNET.mini (industrial router) and Helmholz REX100/mbNET.mini family where improper neutralization of special elements in OS commands enables remote execution of commands via POST to a diagnostic action. Connected sources...

CVE-2025-41673 Remote Command Injection in send_sms Action Due to Improper Input Neutralization

A high privileged remote attacker can execute arbitrary system commands via POST requests in the sendsms action due to improper neutralization of special elements used in an OS command...