PT-2026-47438

Name of the Vulnerable Software and Affected Versions Tenda F451 versions 1.0.0.7 through 1.0.0.9 Description A stack-based buffer overflow exists in the Web Management Interface. This issue occurs within the fromNatlimit function located in the /goform/Natlimit file. A remote attacker can trigge...

CVE-2026-36957

Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router V1.0.0 is vulnerable to Denial of Service via the boa web server URI handler. By initiating a high-volume flood of HTTP GET requests to non-existent URIs, an attacker can exhaust critical system resources, including file descriptors and memory...

PT-2026-43474

A vulnerability was detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected by this vulnerability is the function strcpy of the file /goform/formConfigFastDirectionW of the component Web Management Interface. Performing a manipulation of the argument Profile results in stack-based buffer...

CVE-2026-9543 Totolink N300RH Web Management cstecgi.cgi setPasswordCfg os command injection

A vulnerability has been found in Totolink N300RH 6.1c.1353B20190305. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument admpass leads to os command injection. The attack can be executed remotely. T...

CVE-2026-9384 Totolink A8000RU Web Management cstecgi.cgi setDiagnosisCfg os command injection

A vulnerability was found in Totolink A8000RU 7.1cu.643b20200521. This vulnerability affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument ip results in os command injection. The attack can be executed...

CVE-2026-44872 Authenticated Arbitrary File Upload via Command Injection in AOS-8 AND AOS-10 Web-Based Management Interface

A command injection vulnerability exists in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to place arbitrary files on the underlying filesystem of the affected device...

CVE-2024-1490

An authenticated remote attacker with high privileges can exploit the OpenVPN configuration via the web-based management interface of a WAGO PLC. If user-defined scripts are permitted, OpenVPN may allow the execution of arbitrary shell commands enabling the attacker to run arbitrary commands on t...

Binardat 10G08-0800GSM 安全特征问题漏洞

Binardat 10G08-0800GSM is a high-performance switch from the Chinese company Binardat. The previous versions of Binardat 10G08-0800GSM Network SwitchV300SP10260209 had security feature vulnerabilities. These vulnerabilities stemmed from the use of the Web management interface to generate...

CVE-2025-41746

An XSS vulnerability in pxcportSecCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management WBM. The vulnerability does not provide access to system-lev...

CVE-2025-41748 Reflected XSS vulnerability in pxc_Dot1xCfg.php

An XSS vulnerability in pxcDot1xCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management WBM. The vulnerability does not provide access to system-level...

CVE-2025-63422

Incorrect access control in the Web management interface in Each Italy Wireless Mini Router WIRELESS-N 300M v28K.MiniRouter.20190211 allows attackers to arbitrarily change the administrator username and password via sending a crafted GET request...

PT-2025-41976

Name of the Vulnerable Software and Affected Versions AOS-10 GW affected versions not specified AOS-8 Controller/Mobility Conductor affected versions not specified Description An arbitrary file write issue exists in the web-based management interface. Successful exploitation could allow an...

ISC Stork 安全漏洞

ISC Stork is a web management platform for the ISC organization. A security vulnerability exists in ISC Stork version 2.3.0 and earlier, which stems from a large amount of data sent by an unauthenticated user could lead to memory and disk usage issues...

CVE-2014-2650

Unify OpenStage / OpenScape Desk Phone IP before V3 R3.11.0 SIP has an OS command injection vulnerability in the web based management interface...

PT-2025-5627 · Fortinet · Fortiproxy +2

Name of the Vulnerable Software and Affected Versions: FortiOS affected versions not specified FortiProxy affected versions not specified Description: A weakness in the web-based management interfaces of Fortinet Fortigate firewall devices allows attackers to gain administrator access to the...

Enel X Waybox 安全漏洞

Enel X Waybox is a home charging station from Enel X, Inc. A security vulnerability exists in version 3.0 of the Enel X Waybox that stems from a request directed to the web management application that could result in a denial of service...

PT-2024-21073 · Avsystem · Avsystem Unified Management Platform

Name of the Vulnerable Software and Affected Versions: AVSystem Unified Management Platform UMP version 23.07.0.16567LTS Description: An open redirect in the Login/Logout functionality of web management could allow attackers to redirect authenticated users to malicious websites. Recommendations:...

PT-2024-16239 · Gessler Gmbh · Web-Master

Name of the Vulnerable Software and Affected Versions: Gessler GmbH WEB-MASTER affected versions not specified Description: The issue concerns a restoration account in Gessler GmbH WEB-MASTER that utilizes weak, hard-coded credentials. If exploited, this could grant an attacker control over the...

Cisco Multiple Product Security Vulnerabilities

Cisco Unity Connection UC and others are products of Cisco USA.Cisco Unity Connection is a voice messaging platform.Cisco Unified Communications Manager CUCM, Unified CM. Cisco Unified Communications Manager CUCM, Unified CM, CallManager is a call processing component of a unified communications...

The vulnerability of the MODULYS GP (MOD3GP-SY-120K) module-based power supply management web application allows a attacker to perform arbitrary actions.

The vulnerability of the MODULYS GP MOD3GP-SY-120K web-based management application relates to the manipulation of inter-site requests. Exploiting this vulnerability allows a malicious actor to perform arbitrary actions remotely...