CVE-2026-7683

A weakness has been identified in Edimax BR-6428nC up to 1.16. This affects an unknown function of the file /goform/setWAN of the component Web Interface. This manipulation of the argument pppUserName/pptpUserName causes command injection. The attack can be initiated remotely. The exploit has bee...

PT-2026-35733

A vulnerability was found in D-Link DIR-825M 1.1.12. This issue affects the function sub 414BA8 of the file /boafrm/formWanConfigSetup. The manipulation of the argument submit-url results in buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used...

CVE-2026-1326 Totolink NR1800X POST Request cstecgi.cgi setWanCfg command injection

A weakness has been identified in Totolink NR1800X 9.1.0u.6279B20210910. This vulnerability affects the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. This manipulation of the argument Hostname causes command injection. The attack can be initiated...

CVE-2025-56111

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the networksetwanconf in file /usr/lib/lua/luci/controller/admin/netport.lua...

Ruijie RG-BCR 安全漏洞

Ruijie RG-BCR is a series of cloud routers from China Ruijie Ruijie. A security vulnerability exists in the Ruijie RG-BCR RG-BCR860 version, which stems from improper handling of a specially crafted POST request for networksetwanconf in the file /usr/lib/lua/luci/controller/admin/netport.lua, whi...

CVE-2025-13551

A vulnerability was identified in D-Link DIR-822K and DWR-M920 1.0020250513164613/1.1.50. The affected element is an unknown function of the file /boafrm/formWanConfigSetup. The manipulation of the argument submit-url leads to buffer overflow. The attack is possible to be carried out remotely. Th...

EUVD-2019-7641

Malware in sbrugna...

CVE-2019-17222

An issue was discovered on Intelbras WRN 150 1.0.17 devices. There is stored XSS in the Service Name tab of the WAN configuration screen, leading to a denial of service inability to change the configuration...

VulnCheck KEV: CVE-2024-7214

A vulnerability has been found in TOTOLINK LR350 9.3.5u.6369B20220309 and classified as critical. Affected by this vulnerability is the function setWanCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to command injection. The attack can be launched...

TP-LINK TL-WR841ND 安全漏洞

TP-LINK TL-WR841ND is a wireless router from China P&L TP-LINK. A security vulnerability exists in the TP-LINK TL-WR841ND V11 version, which originates from the dnsserver1 and dnsserver2 parameters of /userRpm/WanSlaacCfgRpm.htm contain a buffer overflow vulnerability...

TOTOLINK LR1200GB setWanCfg Function OS Command Injection Vulnerability

The TOTOLINK LR1200GB is a wireless dual-band 4GLTE router from China's Gion Electronics TOTOLINK that supports 2.4GHz and 5GHz dual-band networks, and is primarily used to provide mobile broadband connectivity and Wi-Fi coverage. The TOTOLINK LR1200GB suffers from an operating system command...

PT-2024-19623 · Totolink · Totolink A3300R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3300R version 17.0.0cu.557 B20221024 Description: A command injection issue was discovered via the hostName parameter in the setWanCfg function. This allows for potential exploitation. Recommendations: For TOTOLINK A3300R version...

CVE-2023-4412

A vulnerability was found in TOTOLINK EX1200L ENV9.3.5u.6146B20201023 and classified as critical. This issue affects the function setWanCfg. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The...

TOTOLINK EX1200L 操作系统命令注入漏洞

The TOTOLINK EX1200L is a wireless repeater from China's Gion Electronics TOTOLINK. An operating system command injection vulnerability exists in the TOTOLINK EX1200L ENV9.3.5u.6146B20201023 version, which stems from the setWanCfg function that could lead to a system command injection vulnerabili...

CVE-2023-27232

TOTOlink A7100RU V7.4cu.2313B20191024 was discovered to contain a command injection vulnerability via the wanStrategy parameter at /setting/setWanIeCfg...

PT-2023-21015 · Totolink · Totolink A7100Ru

Name of the Vulnerable Software and Affected Versions: TOTOlink A7100RU version V7.4cu.2313 B20191024 Description: A command injection issue was discovered via the upBw parameter at the "/setting/setWanIeCfg" API endpoint. This allows for potential exploitation. No information is provided about t...

CVE-2021-42627

The WAN configuration page "wan.htm" on D-Link DIR-615 devices with firmware 20.06 can be accessed directly without authentication which can lead to disclose the information about WAN settings and also leverage attacker to modify the data fields of page...

CVE-2021-42627

D-Link DIR-615 devices running firmware 20.06 are affected by CVE-2021-42627. The WAN configuration page wan.htm can be accessed without authentication, enabling disclosure of WAN settings and potential modification of page data. The Nuclei template confirms unauthorized access and describes impa...

CVE-2022-35522

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: pppusername, ppppasswd, rwangateway, rwanmask and rwanip, which leads to command injection in page /wan.shtml...

CVE-2019-17222

An issue was discovered on Intelbras WRN 150 1.0.17 devices. There is stored XSS in the Service Name tab of the WAN configuration screen, leading to a denial of service inability to change the configuration...