PT-2025-48115

Name of the Vulnerable Software and Affected Versions DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30 through 7000 Description The software contains an unauthenticated OS Command Injection issue in the restore settings.php file. The /var/tdf/restore settings.php API...

WordPress W3 Total Cache plugin < 2.8.13 - Unauthenticated Command Injection vulnerability

Unauthenticated Command Injection vulnerability discovered by wcraft in WordPress Plugin W3 Total Cache versions 2.8.13...

CVE-2025-9501

CVE-2025-9501 - W3 Total Cache (WordPress) : The vulnerability affects the WordPress W3 Total Cache plugin up to version 2.8.13. The root cause is a command injection in the _parse_dynamic_mfunc function that allows unauthenticated users to submit a malicious payload in a post comment to execute ...

CVE-2025-9501 W3 Total Cache < 2.8.13 - Unauthenticated Command Injection

The W3 Total Cache WordPress plugin before 2.8.13 is vulnerable to command injection via the parsedynamicmfunc function, allowing unauthenticated users to execute PHP commands by submitting a comment with a malicious payload to a post...

CVE-2025-60673

An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetDMZSettings' functionality, where the 'IPAddress' parameter in prog.cgi is stored in NVRAM and later used by librcm.so to construct iptables commands...

CVE-2025-60687

An unauthenticated command injection vulnerability exists in the ToToLink LR1200GB Router firmware V9.1.0u.6619B20230130 within the cstecgi.cgi binary sub41EC68 function. The binary reads the "imei" parameter from a web request and verifies only that it is 15 characters long. The parameter is the...

CVE-2025-60689

An unauthenticated command injection vulnerability exists in the StartEPI function of the httpd binary on Linksys E1200 v2 routers Firmware E1200v2.0.11.001us.tar.gz. The vulnerability occurs because user-supplied CGI parameters wlant, wlssid, wlrate, ttcpnum, ttcpip, ttcpsize are concatenated in...

Linksys E1200 安全漏洞

The Linksys E1200 is a router from Linksys USA. The Linksys E1200 suffers from a command injection vulnerability that can be exploited by an attacker to execute arbitrary commands on the device...

CVE-2025-60676

The CVE-2025-60676 entry concerns the D-Link DIR-878A1 router, firmware FW101B04.bin. Technical details across multiple connected sources confirm an unauthenticated command-injection in prog.cgi SetNetworkSettings, where IPAddress and SubnetMask are directly concatenated into shell commands execu...

CVE-2025-60672

An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetDynamicDNSSettings' functionality, where the 'ServerAddress' and 'Hostname' parameters in prog.cgi are stored in NVRAM and later used by rc to...

CVE-2025-60673

CVE-2025-60673 describes an unauthenticated command-injection vulnerability in the D-Link DIR-878A1 router, firmware FW101B04.bin. The flaw exists in SetDMZSettings where the IPAddress parameter in prog.cgi is stored in NVRAM and later used by librcm.so to build iptables commands executed via tws...

CVE-2025-60676

An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetNetworkSettings' functionality of prog.cgi, where the 'IPAddress' and 'SubnetMask' parameters are directly concatenated into shell commands executed...

PT-2025-46889

An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetNetworkSettings' functionality of prog.cgi, where the 'IPAddress' and 'SubnetMask' parameters are directly concatenated into shell commands executed...

PT-2025-46857

An unauthenticated command injection vulnerability exists in the Start EPI function of the httpd binary on Linksys E1200 v2 routers Firmware E1200 v2.0.11.001 us.tar.gz. The vulnerability occurs because user-supplied CGI parameters wl ant, wl ssid, wl rate, ttcp num, ttcp ip, ttcp size are...

TOTOLINK LR1200GB 安全漏洞

The TOTOLINK LR1200GB is a wireless dual-band 4GLTE router from China's TOTOLINK Electronics TOTOLINK that supports 2.4GHz and 5GHz dual-band networks. The TOTOLINK LR1200GB suffers from a command injection vulnerability that stems from the cstecgi.cgi binary file failing to properly filter...

CLUSTERPRO X and EXPRESSCLUSTER X vulnerable to OS command injection

Overview CLUSTERPRO X and EXPRESSCLUSTER X provided by NEC Corporation contain the following vulnerability. OS command injection CWE-78 - CVE-2025-11546 NEC Corporation reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and NEC Corporation coordinated under...

CVE-2025-11546

CLUSTERPRO X for Linux 4.0, 4.1, 4.2, 5.0, 5.1 and 5.2 and EXPRESSCLUSTER X for Linux 4.0, 4.1, 4.2, 5.0, 5.1 and 5.2, CLUSTERPRO X SingleServerSafe for Linux 4.0, 4.1, 4.2, 5.0, 5.1 and 5.2, EXPRESSCLUSTER X SingleServerSafe for Linux 4.0, 4.1, 4.2, 5.0, 5.1 and 5.2 allows an attacker sends...

CVE-2022-50596 D-Link DIR-1260 <= v1.20B05 GetDeviceSettings Unauthenticated Command Injection

D-Link DIR-1260 Wi-Fi router firmware versions up to and including v1.20B05 contain a command injection vulnerability within the web management interface that allows for unauthenticated attackers to execute arbitrary commands on the device with root privileges. The flaw specifically exists within...

CVE-2016-15048

AMTT Hotel Broadband Operation System HiBOS contains an unauthenticated command injection vulnerability in the /manager/radius/serverping.php endpoint. The application constructs a shell command that includes the user-supplied ip parameter and executes it without proper validation or escaping. An...

EUVD-2016-10793

AMTT Hotel Broadband Operation System HiBOS contains an unauthenticated command injection vulnerability in the /manager/radius/serverping.php endpoint. The application constructs a shell command that includes the user-supplied ip parameter and executes it without proper validation or escaping. An...