25 matches found
TOTOLINK T8 命令注入漏洞
TOTOLINK T8 is a wireless dual-band router that is mainly used for internet connection and data transmission. The TOTOLINK T8 suffers from a command injection vulnerability that stems from the serverIp parameter of the meshSlaveDlfw method failing to properly filter constructed command special...
CVE-2023-24150
A command injection vulnerability in the serverIp parameter in the function meshSlaveDlfw of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet...
CVE-2020-15426
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxmigrationcpanel.php. When parsing the serverip parameter, the...
Design/Logic Flaw
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxmigrationcpanel.php. When parsing the serverip parameter, the...
ZyXEL P660HN-T v2 Router Unauthenticated Remote Command Execution Vulnerability
The ZyXEL P660HN-T v2 is a router manufactured by Hutchinson Technology. The ZyXEL P660HN-T v2 router suffers from an unauthenticated remote command execution vulnerability. Command injection in the ServerIP parameter and the presence of a default account on the device allow an attacker to exploi...