CVE-2026-25196

CVE-2026-25196 is an OS command injection affecting XWEB Pro before 1.12.1. An authenticated attacker can achieve remote code execution by supplying malicious input in the Wi‑Fi SSID and/or password fields during configuration processing. Multiple sources (Red Hat, NVD, EUVD, CVE records) describ...

CVE-2020-7234

Ruckus ZoneFlex R310 104.0.0.0.1347 devices allow Stored XSS via the SSID field on the Configuration Radio 2.4G Wireless X screen after a successful login to the super account...

EUVD-2020-28362

Malware in sbrugna...

CVE-2025-41378

The SSID field is not parsed correctly and can be used to inject commands into the hostpad.conf file. This can be exploited by an attacker to extend his knowledge of the system and compromise other devices. The information is filtered by the logs function of the web panel...

CVE-2025-41378 Injection vulnerability in Iridium Certus 700

The SSID field is not parsed correctly and can be used to inject commands into the hostpad.conf file. This can be exploited by an attacker to extend his knowledge of the system and compromise other devices. The information is filtered by the logs function of the web panel...

CVE-2025-41378 Injection vulnerability in Iridium Certus 700

The SSID field is not parsed correctly and can be used to inject commands into the hostpad.conf file. This can be exploited by an attacker to extend his knowledge of the system and compromise other devices. The information is filtered by the logs function of the web panel...

CVE-2024-53943

An issue was discovered in NRadio N8-180 NROS-1.9.2.n3.c5 devices. The /cgi-bin/luci/nradio/basic/radio endpoint is vulnerable to XSS via the 2.4 GHz and 5 GHz name parameters, allowing an attacker to execute JavaScript within the context of the current user by injecting JavaScript into the SSID...

CVE-2024-51432

Cross Site Scripting vulnerability in FiberHome HG6544C RP2743 allows an attacker to execute arbitrary code via the SSID field in the WIFI Clients List not being sanitized...

EnGenius ESR580 安全漏洞

The EnGenius ESR580 is a series of wireless access points from EnGenius. A security vulnerability exists in the EnGenius ESR580 that originates from allowing remote attackers to conduct a stored cross-site scripting attack via the Wi-Fi SSID input field, which can lead to arbitrary JavaScript cod...

TOTOLINK AC1200 安全漏洞

TOTOLINK AC1200 is a dual-band Wi-Fi router from China's Gion Electronics TOTOLINK. The TOTOLINK AC1200 suffers from a buffer overflow vulnerability that originates from the formWlEncrypt CGI handler in the boa program that fails to limit the length of the wlanssid field entered by the user. An...

CVE-2020-7249

SMC D3G0804W 3.5.2.5-LATGA devices allow XSS via the SSID field on the WiFi Network Configuration page after a successful login to the admin account...

CVE-2020-7234

Ruckus ZoneFlex R310 104.0.0.0.1347 devices allow Stored XSS via the SSID field on the Configuration Radio 2.4G Wireless X screen after a successful login to the super account...

CVE-2020-7234

Ruckus ZoneFlex R310 104.0.0.0.1347 devices allow Stored XSS via the SSID field on the Configuration Radio 2.4G Wireless X screen after a successful login to the super account...

CVE-2020-7234

Ruckus ZoneFlex R310 104.0.0.0.1347 devices allow Stored XSS via the SSID field on the Configuration Radio 2.4G Wireless X screen after a successful login to the super account...

Edimax EW-7438RPn Mini Cross-Site Scripting Vulnerability

Edimax EW-7438RPn Mini is a wireless router product from Edimax Technology. A cross-site scripting vulnerability exists in the SSID field in the Edimax EW-7438RPn Mini v2 prior to version 1.26. A remote attacker can exploit this vulnerability to perform a phishing attack...

Design/Logic Flaw

An issue was discovered in Edimax EW-7438RPn Mini v2 before version 1.26. There is XSS in an SSID field...