Lucene search
K

880 matches found

EUVD
EUVD
added 2026/03/29 6:31 a.m.3 views

EUVD-2026-16971

A vulnerability has been found in Totolink NR1800X 9.1.0u.6279B20210910. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Telnet Service. The manipulation of the argument hosttime leads to command injection. The attack can be initiated remotely. Th...

6.5CVSS5.6AI score0.02281EPSS
Exploits1References6
NVD
NVD
added 2026/03/29 5:15 a.m.5 views

CVE-2026-5030

A vulnerability has been found in Totolink NR1800X 9.1.0u.6279B20210910. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Telnet Service. The manipulation of the argument hosttime leads to command injection. The attack can be initiated remotely. Th...

9.8CVSS0.02281EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/03/29 3:30 a.m.3 views

CVE-2026-5030 Totolink NR1800X Telnet Service cstecgi.cgi NTPSyncWithHost command injection

A vulnerability has been found in Totolink NR1800X 9.1.0u.6279B20210910. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Telnet Service. The manipulation of the argument hosttime leads to command injection. The attack can be initiated remotely. Th...

6.5CVSS5.6AI score0.02281EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/03/29 3:30 a.m.2 views

CVE-2026-5030

A vulnerability has been found in Totolink NR1800X 9.1.0u.6279B20210910. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Telnet Service. The manipulation of the argument hosttime leads to command injection. The attack can be initiated remotely. Th...

6.5CVSS6.3AI score0.02281EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2026/03/29 3:30 a.m.43 views

CVE-2026-5030 Totolink NR1800X Telnet Service cstecgi.cgi NTPSyncWithHost command injection

A vulnerability has been found in Totolink NR1800X 9.1.0u.6279B20210910. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Telnet Service. The manipulation of the argument hosttime leads to command injection. The attack can be initiated remotely. Th...

6.5CVSS0.02281EPSS
Exploits1References5
CVE
CVE
added 2026/03/29 3:30 a.m.16 views

CVE-2026-5030

Totolink NR1800X (version 9.1.0u.6279_B20210910) is affected by a command injection in Telnet Service, via NTPSyncWithHost in /cgi-bin/cstecgi.cgi where manipulating the host_time argument enables remote execution. Public exploits exist. Remediation/mitigation: disable the Telnet Service as a tem...

9.8CVSS6.3AI score0.02281EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2026/03/29 12:0 a.m.8 views

TOTOLINK NR1800X 命令注入漏洞

TOTOLINK NR1800X is an outstanding 5G NR indoor Wi-Fi and SIP CPE device from TOTOLINK Corporation. It aims to provide fast and convenient NR fixed data services for homes and offices. The TOTOLINK NR1800X version 9.1.0u.6279B20210910 contains a command injection vulnerability. This vulnerability...

9.8CVSS6.6AI score0.02281EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/03/29 12:0 a.m.4 views

PT-2026-28742

Name of the Vulnerable Software and Affected Versions Totolink NR1800X version 9.1.0u.6279 B20210910 Description A command injection issue exists in the Telnet Service component of Totolink NR1800X. The issue is located in the NTPSyncWithHost function within the /cgi-bin/cstecgi.cgi file...

6.5CVSS5.7AI score0.02281EPSS
Exploits1References9
RedhatCVE
RedhatCVE
added 2026/03/26 2:59 p.m.6 views

CVE-2026-31847

Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows remote enablement of a Telnet service. By sending a crafted POST request with parameters such as telnetManageEn=true and telnetPwd, an authenticated attacker can...

8.5CVSS5.9AI score0.00424EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/23 3:30 p.m.4 views

EUVD-2026-14413

Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows remote enablement of a Telnet service. Once enabled, the service exposes a privileged diagnostic management interface over the network, increasing the attack surface...

8.5CVSS5.8AI score0.00424EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/03/12 3:29 p.m.140 views

jooan-ja-a52-root

Jooan JA-A52 A2RU Root Exploit Full root shell on the Joo...

5.8AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/03/04 7:58 a.m.6 views

CVE-2026-29119

International Datacasting Corporation IDC SFX Series SuperFlexSFX2100 SatelliteReceiver contains hardcoded and insecure credentials for the admin account. A remote unauthenticated attacker can use these undocumented credentials to access the satellite system directly via the Telnet service, leadi...

8.8CVSS6AI score0.00486EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.5 views

PT-2026-22882

Name of the Vulnerable Software and Affected Versions IDC SFX Series SuperFlexSFX2100 SatelliteReceiver affected versions not specified Description The IDC SFX Series SuperFlexSFX2100 SatelliteReceiver contains hardcoded and insecure credentials for the admin account. A remote, unauthenticated...

8.8CVSS6AI score0.00486EPSS
Exploits1References6
NVD
NVD
added 2026/02/20 5:25 p.m.8 views

CVE-2026-25715

The web management interface of the device allows the administrator username and password to be set to blank values. Once applied, the device permits authentication with empty credentials over the web management interface and Telnet service. This effectively disables authentication across all...

9.8CVSS0.0057EPSS
Exploits0References2
CVE
CVE
added 2026/02/20 3:56 p.m.13 views

CVE-2026-25715

CVE-2026-25715 affects the embedded web management interface of the Jinan USR IOT USR-W610. The vulnerability allows an administrator username/password to be set to blank values, enabling authentication with empty credentials over HTTP(S) web management and Telnet. This effectively disables authe...

9.8CVSS5.6AI score0.0057EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/20 3:56 p.m.5 views

CVE-2026-25715 Jinan USR IOT Technology Limited (PUSR) USR-W610 Weak Password Requirements

The web management interface of the device allows the administrator username and password to be set to blank values. Once applied, the device permits authentication with empty credentials over the web management interface and Telnet service. This effectively disables authentication across all...

9.8CVSS5.6AI score0.0057EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/20 3:56 p.m.23 views

CVE-2026-25715 Jinan USR IOT Technology Limited (PUSR) USR-W610 Weak Password Requirements

The web management interface of the device allows the administrator username and password to be set to blank values. Once applied, the device permits authentication with empty credentials over the web management interface and Telnet service. This effectively disables authentication across all...

9.8CVSS0.0057EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.9 views

PT-2026-21239

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description The web management interface allows the administrator username and password to be set to blank values. After applying these blank values, the device allows...

9.8CVSS5.4AI score0.0057EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/02/19 1:28 a.m.12 views

CVE-2025-70998

UTT HiPER 810 / nv810v4 router firmware v1.5.0-140603 was discovered to contain insecure default credentials for the telnet service, possibly allowing a remote attacker to gain root access via a crafted script...

9.8CVSS5.7AI score0.00424EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/18 7:30 p.m.10 views

CVE-2026-2617

A vulnerability was found in Beetel 777VR1 up to 01.00.09. This affects an unknown function of the component Telnet Service/SSH Service. The manipulation results in insecure default initialization of resource. The attack can only be performed from the local network. The exploit has been made publ...

8.8CVSS5.2AI score0.00636EPSS
Exploits1References1
Rows per page
Query Builder