Lucene search
+L

766 matches found

nvd
nvd
added 2026/06/25 2:16 a.m.12 views

CVE-2026-8666

OS Command Injection vulnerability in the traceroute action of Rapid7 InsightConnect Traceroute Plugin on Linux allows remote attackers to execute arbitrary OS commands via the host, port, maxttl, count, or timeout request parameters due to insufficient input validation when constructing shell...

9.8CVSS0.00675EPSS
Exploits0References1
euvd
euvd
added 2026/06/25 1:35 a.m.7 views

EUVD-2026-39161

OS Command Injection vulnerability in the traceroute action of Rapid7 InsightConnect Traceroute Plugin on Linux allows remote attackers to execute arbitrary OS commands via the host, port, maxttl, count, or timeout request parameters due to insufficient input validation when constructing shell...

7.7CVSS6.3AI score0.00675EPSS
Exploits0References1
cve
cve
added 2026/06/25 1:35 a.m.21 views

CVE-2026-8666

CVE-2026-8666 describes an OS Command Injection in the traceroute action of the Rapid7 InsightConnect Traceroute Plugin on Linux. The vulnerability arises from insufficient input validation when constructing shell commands, allowing remote attackers to execute arbitrary OS commands via parameters...

9.8CVSS6.3AI score0.00675EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2026/06/25 1:35 a.m.35 views

CVE-2026-8666 OS Command Injection in Rapid7 InsightConnect Traceroute Plugin

OS Command Injection vulnerability in the traceroute action of Rapid7 InsightConnect Traceroute Plugin on Linux allows remote attackers to execute arbitrary OS commands via the host, port, maxttl, count, or timeout request parameters due to insufficient input validation when constructing shell...

7.7CVSS0.00675EPSS
Exploits0References1
cve
cve
added 2026/05/24 1:45 p.m.24 views

CVE-2026-9385

Totolink A8000RU Web Management (cgi-bin/cstecgi.cgi: setTracerouteCfg) is vulnerable to os command injection due to argument manipulation. Affects version 7.1cu.643_b20200521; vulnerability is remotely exploitable and exploit publicly disclosed. Public details indicate high impact on confidentia...

10CVSS7AI score0.01732EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/05/24 12:0 a.m.15 views

PT-2026-42946

A vulnerability was determined in Totolink A8000RU 7.1cu.643 b20200521. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. This manipulation of the argument command causes os command injection. The attack is possible to be...

10CVSS7AI score0.01732EPSS
Exploits0References5
cnnvd
cnnvd
added 2026/05/24 12:0 a.m.11 views

TOTOLINK A8000RU 操作系统命令注入漏洞

The TOTOLINK A8000RU is a wireless router produced by TOTOLINK, a Chinese company. The Totolink A8000RU 7.1cu.643b20200521 version has a vulnerability related to operating system command injection. This vulnerability stems from improper handling of the command parameter in the setTracerouteCfg...

10CVSS7.3AI score0.01732EPSS
Exploits0References6
githubexploit
githubexploit
added 2026/05/21 12:20 a.m.111 views

Exploit for Injection in Traceroute_Project Traceroute

node-vulnerable This repository is a synthetic demo target...

10CVSS7.3AI score0.04568EPSS
Exploits3
redhatcve
redhatcve
added 2026/05/06 8:22 p.m.10 views

CVE-2026-31196

The traceroute diagnostic handler in /bin/httpdclientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized user input into a system call, allowing authenticated remote attackers to execute arbitrary commands as root via crafted destAddr parameters usi...

8.8CVSS6.1AI score0.01275EPSS
Exploits0References1
euvd
euvd
added 2026/05/05 6:33 p.m.11 views

EUVD-2026-27337

The traceroute diagnostic handler in /bin/httpdclientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized user input into a system call, allowing authenticated remote attackers to execute arbitrary commands as root via crafted destAddr parameters usi...

6.1AI score0.01275EPSS
Exploits0References4
nvd
nvd
added 2026/05/05 4:16 p.m.19 views

CVE-2026-31196

OS command injection vulnerability in the traceroute diagnostic handler in /bin/httpdclientside in ALTICE LABS / SFR France GR140DG Fibre Router with firmware 3GN8020801R13, 3GN8020802R0A, or 3GN8020803R0A inserts unsanitized user input into a system call, allowing authenticated remote attackers ...

8.8CVSS0.01275EPSS
Exploits0References3
cvelist
cvelist
added 2026/05/05 12:0 a.m.61 views

CVE-2026-31196

OS command injection vulnerability in the traceroute diagnostic handler in /bin/httpdclientside in ALTICE LABS / SFR France GR140DG Fibre Router with firmware 3GN8020801R13, 3GN8020802R0A, or 3GN8020803R0A inserts unsanitized user input into a system call, allowing authenticated remote attackers ...

0.01275EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/05/05 12:0 a.m.6 views

CVE-2026-31196

The traceroute diagnostic handler in /bin/httpdclientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized user input into a system call, allowing authenticated remote attackers to execute arbitrary commands as root via crafted destAddr parameters usi...

6.1AI score0.01275EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2026/05/05 12:0 a.m.9 views

CVE-2026-31196

OS command injection vulnerability in the traceroute diagnostic handler in /bin/httpdclientside in ALTICE LABS / SFR France GR140DG Fibre Router with firmware 3GN8020801R13, 3GN8020802R0A, or 3GN8020803R0A inserts unsanitized user input into a system call, allowing authenticated remote attackers ...

5.9AI score0.01275EPSS
Exploits0References3
cnnvd
cnnvd
added 2026/05/05 12:0 a.m.12 views

Altice Labs GR140DG和Altice Labs GR140IG 安全漏洞

Both Altice Labs GR140DG and Altice Labs GR140IG are fiber-optic access gateway devices from the Portuguese company Altice Labs. Both devices have security vulnerabilities. The vulnerability stems from the traceroute diagnostic handler in /bin/httpdclientside, which allows uncleaned user input to...

8.8CVSS6.1AI score0.01275EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/05/05 12:0 a.m.18 views

PT-2026-37058

Name of the Vulnerable Software and Affected Versions ALTICE LABS / SFR France GR140DG affected versions not specified ALTICE LABS / SFR France GR140IG affected versions not specified Description The traceroute diagnostic handler in the '/bin/httpd clientside' endpoint of the affected devices...

8.8CVSS6.1AI score0.01275EPSS
Exploits0References8
cve
cve
added 2026/05/05 12:0 a.m.18 views

CVE-2026-31196

The vulnerability CVE-2026-31196 affects ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway. The traceroute diagnostic handler (/bin/httpd_clientside) unsafely inserts user-supplied destAddr input into a system() call, enabling authenticated remote attackers to execute arbitrar...

8.8CVSS5.9AI score0.01275EPSS
Exploits0References3
nvd
nvd
added 2026/04/12 11:16 p.m.4 views

CVE-2026-6131

A vulnerability was found in Totolink A7100RU 7.4cu.2313b20191024. Affected by this vulnerability is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument command results in os command injection. The attack may be launched...

10CVSS0.01823EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/04/12 12:0 a.m.11 views

PT-2026-32189

Name of the Vulnerable Software and Affected Versions Totolink A7100RU version 7.4cu.2313 b20191024 Description A vulnerability exists in the Totolink A7100RU version 7.4cu.2313 b20191024. The setTracerouteCfg function within the /cgi-bin/cstecgi.cgi component CGI Handler is susceptible to OS...

10CVSS7.2AI score0.01823EPSS
Exploits0References10
packetstorm
packetstorm
added 2026/04/10 12:0 a.m.95 views

📄 D-Link DIR-650IN Command Injection

Proof of concept details for an authenticated command injection vulnerability in D-Link DIR-650IN. Exploit Title: D-Link DIR-650IN - Authenticated Command Injection Date: 2023-01-08 Exploit Author: Sanjay Singh Vendor Homepage: https://www.dlink.com Software Link:...

5.8AI score
Exploits0
Rows per page
Query Builder