PT-2025-29925 · Mingyu · Mingyu Security Gateway

Name of the Vulnerable Software and Affected Versions: Mingyu Security Gateway versions prior to 3.0-5.3p Description: The Mingyu Security Gateway is susceptible to a remote command execution RCE issue. This occurs due to a flaw in the handling of the log type parameter within the /log/fw...

CVE-2025-34125 D-Link DSP-W110A1 Cookie Command Injection

An unauthenticated command injection vulnerability exists in the cookie handling process of the lighttpd web server on D-Link DSP-W110A1 firmware version 1.05B01. This occurs when specially crafted cookie values are processed, allowing remote attackers to execute arbitrary commands on the...

CVE-2025-34300

Sawtooth Software Lighthouse Studio

CVE-2025-7553

A vulnerability classified as critical has been found in D-Link DIR-818LW up to 20191215. This affects an unknown part of the component System Time Page. The manipulation of the argument NTP Server leads to os command injection. It is possible to initiate the attack remotely. The exploit has been...

LILIN Digital Video Recorder 安全漏洞

LILIN Digital Video Recorder is a video recorder from LILIN Corporation of Taiwan, China. A security vulnerability exists in LILIN Digital Video Recorder versions prior to 2.0b6020200207, which stems from a failure of the web service in /z/zbin/dvrbox to properly clean up the inputs to the Server...

CVE-2025-34116

A remote command execution vulnerability exists in IPFire before version 2.19 Core Update 101 via the 'proxy.cgi' CGI interface. An authenticated attacker can inject arbitrary shell commands through crafted values in the NCSA user creation form fields, leading to command execution with web server...

CVE-2025-34068

An unauthenticated remote command execution vulnerability exists in Samsung WLAN AP WEA453e firmware prior to version 5.2.4.T1 via improper input validation in the “Tech Support” diagnostic functionality. The command1 and command2 POST or GET parameters accept arbitrary shell commands that are...

CVE-2025-34068 Samsung WLAN AP WEA453e < 5.2.4.T1 Unauthenticated RCE via command1 and command2 Parameters

An unauthenticated remote command execution vulnerability exists in Samsung WLAN AP WEA453e firmware prior to version 5.2.4.T1 via improper input validation in the “Tech Support” diagnostic functionality. The command1 and command2 POST or GET parameters accept arbitrary shell commands that are...

CVE-2025-34068

Samsung WLAN AP WEA453e is affected by an unauthenticated remote command execution vulnerability in firmware before 5.2.4.T1. The issue stems from improper input validation in the Tech Support diagnostic function, where the command1/command2 POST or GET parameters accept arbitrary shell commands ...

CVE-2025-34116 IPFire < 2.19 Core Update 101 proxy.cgi RCE

A remote command execution vulnerability exists in IPFire before version 2.19 Core Update 101 via the 'proxy.cgi' CGI interface. An authenticated attacker can inject arbitrary shell commands through crafted values in the NCSA user creation form fields, leading to command execution with web server...

CVE-2025-34116

A remote command execution vulnerability exists in IPFire before version 2.19 Core Update 101 via the 'proxy.cgi' CGI interface. An authenticated attacker can inject arbitrary shell commands through crafted values in the NCSA user creation form fields, leading to command execution with web server...

CVE-2025-34116

IPFire before 2.19 Core Update 101 is vulnerable to remote command execution via the proxy.cgi CGI interface. An authenticated attacker can inject arbitrary shell commands through crafted NCSA user creation fields, leading to command execution with web server privileges. Remediation: update to IP...

PT-2025-29557 · Ipfire · Ipfire

Name of the Vulnerable Software and Affected Versions: IPFire versions prior to 2.19 Core Update 101 Description: A remote command execution issue exists in IPFire due to a flaw in the proxy.cgi CGI interface. An authenticated attacker can inject arbitrary shell commands through crafted values in...

IPFire 安全漏洞

IPFire is an open source Linux distribution from the IPFire organization. It is primarily used as a router and firewall. A security vulnerability exists in IPFire that stems from improper validation of proxy.cgi interface inputs, which could lead to remote command execution...

SAMSUNG WLAN AP WEA453e 安全漏洞

The SAMSUNG WLAN AP WEA453e is a wireless LAN access point from Samsung South Korea. A security vulnerability exists in the SAMSUNG WLAN AP WEA453e prior to version 5.2.4.T1, which stems from improper validation of inputs to the Tech Support diagnostic function, which could lead to remote command...

The vulnerability of the IBM Storage Scale cluster file system, related to the lack of data cleaning measures at the management level, allows attackers to escalate their privileges and execute arbitrary commands.

The vulnerability of the IBM Storage Scale cluster file system is related to the lack of measures taken at the management level to clean up data. Exploiting this vulnerability can allow a malicious actor to enhance their privileges and execute arbitrary commands remotely...

PT-2025-29544 · Samsung · Samsung Wlan Ap Wea453E

Name of the Vulnerable Software and Affected Versions: Samsung WLAN AP WEA453e versions prior to 5.2.4.T1 Description: An unauthenticated remote command execution issue exists due to improper input validation in the “Tech Support” diagnostic functionality. The command1 and command2 POST or GET...

CVE-2025-7615

A vulnerability classified as critical was found in TOTOLINK T6 4.1.5cu.748. Affected by this vulnerability is the function clearPairCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ip leads to command injection. The attack can be...

CVE-2025-7613

A vulnerability was found in TOTOLINK T6 4.1.5cu.748. It has been rated as critical. This issue affects the function CloudSrvVersionCheck of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ip leads to command injection. The attack may be...

PT-2025-29408 · Hgiga · Isherlock

Name of the Vulnerable Software and Affected Versions: iSherlock affected versions not specified Description: The iSherlock software by Hgiga contains an OS Command Injection vulnerability. This allows unauthenticated remote attackers to inject and execute arbitrary OS commands on the server. Thi...