TOTOLINK A3300R pppoeServiceName Parameter Command Injection Vulnerability

TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A3300R pppoeServiceName parameter suffers from a command injection vulnerability that stems from the cstecgi.cgi file failing to properly validate the pppoeServiceName parameter, which can be exploited by an...

EUVD-2026-25243

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the pppoeServiceName parameter to /cgi-bin/cstecgi.cgi...

CVE-2026-33457

Livestatus injection in the prediction graph page in Checkmk 2.5.0b4, 2.4.0p26, and 2.3.0p47 allows an authenticated user to inject arbitrary Livestatus commands via a crafted service name parameter due to insufficient sanitization of the service description value...

PT-2026-32240

Name of the Vulnerable Software and Affected Versions Totolink A7100RU version 7.4cu.2313 Description A weakness exists in the CGI Handler component of Totolink A7100RU version 7.4cu.2313. Manipulation of the pppoeServiceName argument within the setWanCfg function in the /cgi-bin/cstecgi.cgi file...

CVE-2025-70747

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the serviceName parameter of the sub65A28 function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

CVE-2025-6815

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘servicename’ parameter in all versions up to, and including, 5.1.94 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-6815

CVE-2025-6815: LatePoint – Calendar Booking Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the service[name] parameter in all versions up to 5.1.94. Exploitation requires authenticated administrator access; the flaw arises from insufficient input sanitization and output esc...

CVE-2025-6815 LatePoint <= 5.1.94 - Authenticated (Administrator+) Stored Cross-Site Scripting

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘servicename’ parameter in all versions up to, and including, 5.1.94 due to insufficient input sanitization and output escaping. This makes it possible for...

PT-2025-39954

Name of the Vulnerable Software and Affected Versions LatePoint – Calendar Booking Plugin for Appointments and Events versions through 5.1.94 Description The LatePoint – Calendar Booking Plugin for Appointments and Events for WordPress is susceptible to Stored Cross-Site Scripting. The issue stem...

Incorta 安全漏洞

Incorta is an enterprise-grade data analytics and business intelligence platform from Incorta USA that rapidly enables data insights and decision support. A security vulnerability exists in Incorta version 2023.4.3, which stems from improper handling of the Service Name parameter in the Edit...

Tenda Ax3 缓冲区错误漏洞

Tenda Ax3 is an Ax1800 Gigabit Port Dual Band Wifi 6 Wireless Router from Tenda China. A buffer overflow vulnerability exists in Tenda AX3 v16.03.12.10CN, which can be exploited by an attacker to cause a Denial of Service DoS via the wanMTU, wanSpeed, cloneType, mac, and serviceName parameters...

The vulnerability of the “Service Name” parameter in the TP-Link M7350 route blocker software exists because measures to neutralize special elements used in the operating system are not taken. This allows a hacker to execute arbitrary commands.

The vulnerability of the “Service Name” parameter in the TP-Link M7350 route switch software exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...