CVE-2026-10180

TRENDnet TEW-432BRP firmware 3.10B20 is affected by CVE-2026-10180 in the formSysCmd function of /goform/formSysCmd, enabling remote command injection via manipulation of the sysCmd argument. The vulnerability status is tied to product EOL (since 2009) with the vendor stating they cannot replicat...

CVE-2026-7692

A vulnerability was detected in Wavlink WL-WN570HA1 R70HA1 V1410221110. The affected element is the function pingddns of the file /cgi-bin/adm.cgi. Performing a manipulation of the argument DDNS results in command injection. The attack can be initiated remotely. The exploit is now public and may ...

CVE-2026-7692

A vulnerability was detected in Wavlink WL-WN570HA1 R70HA1 V1410221110. The affected element is the function pingddns of the file /cgi-bin/adm.cgi. Performing a manipulation of the argument DDNS results in command injection. The attack can be initiated remotely. The exploit is now public and may ...

EUVD-2026-26829

A weakness has been identified in Wavlink WL-WN570HA1 R70HA1 V1410221110. This issue affects the function setsysadm of the file /cgi-bin/adm.cgi. This manipulation of the argument Username causes command injection. It is possible to initiate the attack remotely. The exploit has been made availabl...

CVE-2026-7690 Wavlink WL-WN570HA1 adm.cgi set_sys_adm command injection

A weakness has been identified in Wavlink WL-WN570HA1 R70HA1 V1410221110. This issue affects the function setsysadm of the file /cgi-bin/adm.cgi. This manipulation of the argument Username causes command injection. It is possible to initiate the attack remotely. The exploit has been made availabl...

CVE-2026-7690

A weakness has been identified in Wavlink WL-WN570HA1 R70HA1 V1410221110. This issue affects the function setsysadm of the file /cgi-bin/adm.cgi. This manipulation of the argument Username causes command injection. It is possible to initiate the attack remotely. The exploit has been made availabl...

CVE-2026-4184

CVE-2026-4184 affects D-Link DIR-816, firmware 1.10CNB05. The vulnerability lies in the goahead component, specifically the /goform/form2Wl5BasicSetup.cgi handler where manipulating the pskValue parameter triggers a stack-based buffer overflow. It is exploitable remotely and the exploit is public...

CVE-2025-13190

The CVE-2025-13190 entry describes a stack-based buffer overflow in D-Link DIR-816L (version 2_06_b09_beta) affecting the scandir_main function in /portal/__ajax_exporer.sgi. The en parameter can be manipulated to overflow the stack, enabling remote exploitation. Multiple connected sources (CNVD,...

EUVD-2022-51011

Malicious code in bioql PyPI...

EUVD-2024-53765

Malicious code in bioql PyPI...

CVE-2025-10628 D-Link DIR-852 Web Management hedwig.cgi command injection

A vulnerability was found in D-Link DIR-852 1.00CN B09. This vulnerability affects unknown code of the file /htdocs/cgibin/hedwig.cgi of the component Web Management Interface. Performing manipulation results in command injection. The attack is possible to be carried out remotely. The exploit has...

CVE-2021-39613

D-Link DVG-3104MS version 1.0.2.0.3, 1.0.2.0.4, and 1.0.2.0.4E contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. As weak passwords have been used, the plaintext passwords can be recovered from the hash values. NOTE: This vulnerability only affects products...

CVE-2025-2546

A vulnerability classified as problematic was found in D-Link DIR-618 and DIR-605L 2.02/3.02. This vulnerability affects unknown code of the file /goform/formAdvFirewall of the component Firewall Service. The manipulation leads to improper access controls. The attack needs to be approached within...

CVE-2023-36089

Authentication Bypass vulnerability in D-Link DIR-645 firmware version 1.03 allows remote attackers to gain escalated privileges via function phpcgimain in cgibin. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2023-1162

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, was found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5. Affected is an unknown function of the file mainfunction.cgi of the component Web Management Interface. The manipulation of the argument password leads to command injectio...

CVE-2023-1009

UNSUPPORTED WHEN ASSIGNED A vulnerability classified as critical has been found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5. Affected is the function sub1DF14 of the file /cgi-bin/mainfunction.cgi of the component Web Management Interface. The manipulation of the argument option with the input...

CVE-2023-24098

TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the submit-url parameter at /formSysLog. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability only affects products...

PT-2023-19402 · Trendnet · Trendnet Wireless Ac Easy-Upgrader Tew-820Ap

Name of the Vulnerable Software and Affected Versions: TrendNet Wireless AC Easy-Upgrader TEW-820AP version 1.0R, firmware version 1.01.B01 Description: A stack overflow issue was discovered, allowing attackers to execute arbitrary code via a crafted payload. The issue is exploited through the...