CVE-2025-28035

TOTOLINK A830R V4.1.2cu.5182B20201102 was found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter...

CVE-2025-28035

TOTOLINK A830R V4.1.2cu.5182B20201102 was found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter...

CVE-2025-28039

CVE-2025-28039 affects TOTOLINK EX1200T (V4.1.2cu.5232_B20210713). A pre-auth remote command execution vulnerability exists in the setUpgradeFW function via the FileName parameter. CVSSv3.1: 9.8 (CRITICAL); Attack Vector: Network; Privileges Required: None; User Interaction: None; Impact: Confide...

CVE-2025-28038

CVE-2025-28038 affects TOTOLINK EX1200T (version 4.1.2cu.5232_B20210713). A pre-auth remote command execution vulnerability exists in the setWebWlanIdx function via the webWlanIdx parameter, enabling remote code execution without authentication. CVSS v3.1 base score is 9.8 (CRITICAL, Network, no ...

CVE-2025-28036

TOTOLINK A950RG V4.1.2cu.5161B20200903 was found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter...

PT-2025-17570 · Totolink · Totolink A950Rg

Name of the Vulnerable Software and Affected Versions: TOTOLINK A950RG version 4.1.2cu.5161 B20200903 Description: The issue is a pre-auth remote command execution vulnerability. It is located in the setNoticeCfg function and can be exploited through the NoticeUrl parameter. Recommendations: For...

CVE-2025-28036

TOTOLINK A950RG (firmware V4.1.2cu.5161_B20200903) contains a pre-auth remote command execution vulnerability in the setNoticeCfg function via the NoticeUrl parameter. This CVE (CVE-2025-28036) is documented across multiple feeds, with the core detail being arbitrary command execution by a remote...

PT-2025-17569 · Totolink · Totolink A830R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A830R version 4.1.2cu.5182 B20201102 Description: The issue is a pre-auth remote command execution vulnerability. It is located in the setNoticeCfg function and can be exploited through the NoticeUrl parameter. Recommendations: For...

CVE-2025-28035

CVE-2025-28035 affects TOTOLINK A830R (firmware V4.1.2cu.5182_B20201102). It describes a pre-auth remote code execution vulnerability in the setNoticeCfg function via the NoticeUrl parameter, allowing arbitrary commands to be executed with high impact (per CVSS v3.1: Network, Privileges None, Use...

The vulnerability of the SafeInspect privilege control system lies in its failure to eliminate special elements used in the operating system’s command set, allowing a violator to execute arbitrary commands.

The vulnerability of the SafeInspect privilege control system lies in the lack of measures to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor to remotely execute arbitrary commands...

The vulnerability of TOTOLINK A7100RU router’s microprogramming software, which exists due to the lack of measures to neutralize special elements, allows intruders to inject arbitrary commands.

The vulnerability of TOTOLINK A7100RU router microprogramming software exists due to the lack of measures taken to neutralize special elements. Exploiting this vulnerability allows a remote attacker to inject arbitrary commands...

CVE-2025-29659

Yi IOT XY-3820 6.0.24.10 is vulnerable to Remote Command Execution via the "cmdlisten" function located in the "cmd" binary...

CVE-2025-29659

Yi IOT XY-3820 6.0.24.10 is vulnerable to Remote Command Execution via the "cmdlisten" function located in the "cmd" binary...

CVE-2025-29659

Yi IOT XY-3820 6.0.24.10 is vulnerable to Remote Command Execution via the "cmdlisten" function located in the "cmd" binary...

Yi IOT XY-3820 安全漏洞

Yi IOT XY-3820 is a wireless security camera from Yi IOT. A security vulnerability exists in the Yi IOT XY-3820 version 6.0.24.10, which stems from the cmdlisten function in the cmd binary being vulnerable to remote command execution attacks...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : Erlang vulnerability (USN-7443-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has packages installed that are affected by a vulnerability as referenced in the USN-7443-1 advisory. Fabian Bumer, Marcel Maehren, Marcus Brinkmann, and Jrg Schwenk discovered that Erlang OTPs SSH module incorrect handled...

CVE-2025-29659

CVE-2025-29659 affects Yi IOT XY-3820, version 6.0.24.10. The vulnerability is a Remote Command Execution via the cmd_listen function in the cmd binary, with network access and no user interaction required (CVSS v3.1: 9.8, Critical). The reports do not specify a fixed version; a workaround sugges...

PT-2025-17440 · Yi · Yi Iot Xy-3820

Name of the Vulnerable Software and Affected Versions: Yi IOT XY-3820 version 6.0.24.10 Description: The issue concerns a Remote Command Execution vulnerability via the cmd listen function located in the cmd binary. This allows for unauthorized execution of commands, potentially leading to a full...

CVE-2025-3816

A vulnerability classified as critical was found in westboy CicadasCMS 2.0. This vulnerability affects unknown code of the file /system/schedule/save of the component Scheduled Task Handler. The manipulation leads to os command injection. The attack can be initiated remotely. The exploit has been...

The vulnerability of the setNetworkDiag() function in the microprogramming software for TOTOLINK CA300-PoE allows a hacker to execute arbitrary commands.

The vulnerability of the setNetworkDiag function in TOTOLINK CA300-PoE router microprogramming software is related to the lack of measures taken to clean data at the management level when processing the NetDiagPingSize parameter. Exploiting this vulnerability allows a remote attacker to execute...