880 matches found
EUVD-2026-16971
A vulnerability has been found in Totolink NR1800X 9.1.0u.6279B20210910. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Telnet Service. The manipulation of the argument hosttime leads to command injection. The attack can be initiated remotely. Th...
CVE-2026-5030
A vulnerability has been found in Totolink NR1800X 9.1.0u.6279B20210910. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Telnet Service. The manipulation of the argument hosttime leads to command injection. The attack can be initiated remotely. Th...
CVE-2026-5030 Totolink NR1800X Telnet Service cstecgi.cgi NTPSyncWithHost command injection
A vulnerability has been found in Totolink NR1800X 9.1.0u.6279B20210910. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Telnet Service. The manipulation of the argument hosttime leads to command injection. The attack can be initiated remotely. Th...
CVE-2026-5030
A vulnerability has been found in Totolink NR1800X 9.1.0u.6279B20210910. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Telnet Service. The manipulation of the argument hosttime leads to command injection. The attack can be initiated remotely. Th...
CVE-2026-5030 Totolink NR1800X Telnet Service cstecgi.cgi NTPSyncWithHost command injection
A vulnerability has been found in Totolink NR1800X 9.1.0u.6279B20210910. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Telnet Service. The manipulation of the argument hosttime leads to command injection. The attack can be initiated remotely. Th...
CVE-2026-5030
Totolink NR1800X (version 9.1.0u.6279_B20210910) is affected by a command injection in Telnet Service, via NTPSyncWithHost in /cgi-bin/cstecgi.cgi where manipulating the host_time argument enables remote execution. Public exploits exist. Remediation/mitigation: disable the Telnet Service as a tem...
TOTOLINK NR1800X 命令注入漏洞
TOTOLINK NR1800X is an outstanding 5G NR indoor Wi-Fi and SIP CPE device from TOTOLINK Corporation. It aims to provide fast and convenient NR fixed data services for homes and offices. The TOTOLINK NR1800X version 9.1.0u.6279B20210910 contains a command injection vulnerability. This vulnerability...
PT-2026-28742
Name of the Vulnerable Software and Affected Versions Totolink NR1800X version 9.1.0u.6279 B20210910 Description A command injection issue exists in the Telnet Service component of Totolink NR1800X. The issue is located in the NTPSyncWithHost function within the /cgi-bin/cstecgi.cgi file...
CVE-2026-31847
Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows remote enablement of a Telnet service. By sending a crafted POST request with parameters such as telnetManageEn=true and telnetPwd, an authenticated attacker can...
EUVD-2026-14413
Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows remote enablement of a Telnet service. Once enabled, the service exposes a privileged diagnostic management interface over the network, increasing the attack surface...
jooan-ja-a52-root
Jooan JA-A52 A2RU Root Exploit Full root shell on the Joo...
CVE-2026-29119
International Datacasting Corporation IDC SFX Series SuperFlexSFX2100 SatelliteReceiver contains hardcoded and insecure credentials for the admin account. A remote unauthenticated attacker can use these undocumented credentials to access the satellite system directly via the Telnet service, leadi...
PT-2026-22882
Name of the Vulnerable Software and Affected Versions IDC SFX Series SuperFlexSFX2100 SatelliteReceiver affected versions not specified Description The IDC SFX Series SuperFlexSFX2100 SatelliteReceiver contains hardcoded and insecure credentials for the admin account. A remote, unauthenticated...
CVE-2026-25715
The web management interface of the device allows the administrator username and password to be set to blank values. Once applied, the device permits authentication with empty credentials over the web management interface and Telnet service. This effectively disables authentication across all...
CVE-2026-25715
CVE-2026-25715 affects the embedded web management interface of the Jinan USR IOT USR-W610. The vulnerability allows an administrator username/password to be set to blank values, enabling authentication with empty credentials over HTTP(S) web management and Telnet. This effectively disables authe...
CVE-2026-25715 Jinan USR IOT Technology Limited (PUSR) USR-W610 Weak Password Requirements
The web management interface of the device allows the administrator username and password to be set to blank values. Once applied, the device permits authentication with empty credentials over the web management interface and Telnet service. This effectively disables authentication across all...
CVE-2026-25715 Jinan USR IOT Technology Limited (PUSR) USR-W610 Weak Password Requirements
The web management interface of the device allows the administrator username and password to be set to blank values. Once applied, the device permits authentication with empty credentials over the web management interface and Telnet service. This effectively disables authentication across all...
PT-2026-21239
Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description The web management interface allows the administrator username and password to be set to blank values. After applying these blank values, the device allows...
CVE-2025-70998
UTT HiPER 810 / nv810v4 router firmware v1.5.0-140603 was discovered to contain insecure default credentials for the telnet service, possibly allowing a remote attacker to gain root access via a crafted script...
CVE-2026-2617
A vulnerability was found in Beetel 777VR1 up to 01.00.09. This affects an unknown function of the component Telnet Service/SSH Service. The manipulation results in insecure default initialization of resource. The attack can only be performed from the local network. The exploit has been made publ...