D-Link DIR-816 A2 Code Execution Vulnerability

The D-Link DIR-816 A2 is a wireless router from China's AUO D-Link. The D-Link DIR-816 A2 suffers from a code execution vulnerability that originates from an unverified system function in the bin/goahead file, which can be exploited by an attacker to cause remote code execution...

CVE-2025-45931

An issue D-Link DIR-816-A2 DIR-816A2FWv1.10CNB05R1B011D88210 allows a remote attacker to execute arbitrary code via system function in the bin/goahead file...

CVE-2025-45931

An issue D-Link DIR-816-A2 DIR-816A2FWv1.10CNB05R1B011D88210 allows a remote attacker to execute arbitrary code via system function in the bin/goahead file...

CVE-2025-45931

An issue D-Link DIR-816-A2 DIR-816A2FWv1.10CNB05R1B011D88210 allows a remote attacker to execute arbitrary code via system function in the bin/goahead file...

CVE-2025-45931

An issue in D-Link DIR-816-A2 (DIR-816A2_FWv1.10CNB05_R1B011D88210) allows remote code execution via the system() function in bin/goahead, caused by unverified/system() usage. Impact is remote arbitrary code execution on affected devices. Exploitation status is not detailed in the provided connec...

PT-2025-27456 · D Link · D-Link Dir-816 A2

Name of the Vulnerable Software and Affected Versions: D-Link DIR-816-A2 version DIR-816A2 FWv1.10CNB05 R1B011D88210 Description: An issue in the D-Link DIR-816-A2 allows a remote attacker to execute arbitrary code via the system function in the bin/goahead file. This enables the attacker to run...

CVE-2025-45931

An issue D-Link DIR-816-A2 DIR-816A2FWv1.10CNB05R1B011D88210 allows a remote attacker to execute arbitrary code via system function in the bin/goahead file...

CVE-2023-0164

OrangeScrum version 2.0.11 allows an authenticated external attacker to execute arbitrary commands on the server. This is possible because the application injects an attacker-controlled parameter into a system function...

CVE-2018-17879

An issue was discovered on certain ABUS TVIP cameras. The CGI scripts allow remote attackers to execute code via system as root. There are several injection points in various scripts...

CVE-2019-8317

An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST...

CVE-2025-3803

The CVE-2025-3803 vulnerability affects Tenda W12 and i24 firmware 3.0.0.4(2887)–3.0.0.5(3644). The issue resides in the cgiSysScheduleRebootSet function in /bin/httpd where manipulating the rebootDate argument causes a stack-based buffer overflow. It can be exploited remotely, and multiple sourc...

CVE-2024-5598

The Advanced File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.4 via the 'fmalocalfilesystem' function. This makes it possible for unauthenticated attackers to extract sensitive data including backups or other sensitive...

CVE-2024-41992

The CVE-2024-41992 entry concerns the Wi‑Fi Alliance’s wfa_dut (Wi‑Fi Test Suite) up to version 9.0.0, where OS command injection is possible because the code uses the system() library function. Affected Arcadyan FMIMG51AX000J devices can achieve remote code execution as root (example: wfaTGSendP...

CVE-2024-48074

An authorized RCE vulnerability exists in the DrayTek Vigor2960 router version 1.4.4, where an attacker can place a malicious command into the table parameter of the doPPPoE function in the cgi-bin/mainfunction.cgi route, and finally the command is executed by the system function...

CVE-2024-48074

DrayTek Vigor2960 (v1.4.4) exposes an authorized RCE via the table parameter in the doPPPoE function (cgi-bin/mainfunction.cgi); an attacker can inject a command that is executed by the system function. Impact is high per CVSS metrics. Remediation/workaround from PT-2024-7515: temporarily disable...

CVE-2024-48074

An authorized RCE vulnerability exists in the DrayTek Vigor2960 router version 1.4.4, where an attacker can place a malicious command into the table parameter of the doPPPoE function in the cgi-bin/mainfunction.cgi route, and finally the command is executed by the system function...

CVE-2024-48074

An authorized RCE vulnerability exists in the DrayTek Vigor2960 router version 1.4.4, where an attacker can place a malicious command into the table parameter of the doPPPoE function in the cgi-bin/mainfunction.cgi route, and finally the command is executed by the system function...

PT-2024-31833 · Motorola · Motorola Cx2

Name of the Vulnerable Software and Affected Versions: Motorola CX2L router versions 1.0.2 and below Description: A command injection issue exists, allowing malicious users to inject and execute arbitrary commands. This is due to the system directly invoking the system function to execute command...

TRENDnet TV-IP1314PI Command Injection Vulnerability

The TRENDnet TV-IP1314PI is a wireless network camera from TRENDnet. The TRENDnet TV-IP1314PI suffers from a command injection vulnerability, which originates from davinci's use of the system function to unpack language packets without strict filtering of URL strings, which can be exploited by an...

Command injection

An issue was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices. Command injection can occur because the system function is used by davinci to unpack language packs without strict filtering of URL strings...