262 matches found
CVE-2026-36606
Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 encrypts configuration backups with a hardcoded DES key using single DES in ECB mode. An attacker who obtains a backup file can decrypt it to recover all stored credentials including admin password, WiFi PSK, and DDNS credentials...
CVE-2026-36606
Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 encrypts configuration backups with a hardcoded DES key using single DES in ECB mode. An attacker who obtains a backup file can decrypt it to recover all stored credentials including admin password, WiFi PSK, and DDNS credentials...
ZTE H298A / H108N - Unauthenticated Credential Exposure
Exploit Title: ZTE H298A / H108N - Unauthenticated Credential Exposure via ETHCheat Parameter Date: 2026-05-20 Exploit Author: Mina Nageh Salalma Monx Research Vendor Homepage: https://www.zte.com.cn Software Link:...
📄 ZTE ZXHN H168N 3.6 Credential Leak / Admin Compromise
ZTE ZXHN H168N version 3.5 suffers from a password leak vulnerability that leads to full administrative compromise. Title: ZTE ZXHN H168N V3.5 - Unauthenticated Wizard Credential Leak to Full Admin Compromise Date: 2026-05-20 Author: Mina Nageh Salalma Monx Research CVE: CVE-2021-21735 Vendor: ZT...
CVE-2026-8188
A vulnerability has been found in Wavlink NU516U1 M16U1V240425. Affected is the function changewifipassword of the file /cgi-bin/adm.cgi. The manipulation of the argument wlchannel/wlPass/EncrypType leads to os command injection. It is possible to initiate the attack remotely. The exploit has bee...
CVE-2026-8188
A vulnerability has been found in Wavlink NU516U1 M16U1V240425. Affected is the function changewifipassword of the file /cgi-bin/adm.cgi. The manipulation of the argument wlchannel/wlPass/EncrypType leads to os command injection. It is possible to initiate the attack remotely. The exploit has bee...
CVE-2026-8188
The CVE-2026-8188 entries describe a vulnerability in Wavlink NU516U1 M16U1_V240425 where the change_wifi_password function in /cgi-bin/adm.cgi is exploitable via OS command injection. The issue stems from manipulating input parameters wl_channel, wl_Pass, or EncrypType, enabling remote execution...
CVE-2026-8188 Wavlink NU516U1 adm.cgi change_wifi_password os command injection
A vulnerability has been found in Wavlink NU516U1 M16U1V240425. Affected is the function changewifipassword of the file /cgi-bin/adm.cgi. The manipulation of the argument wlchannel/wlPass/EncrypType leads to os command injection. It is possible to initiate the attack remotely. The exploit has bee...
EUVD-2026-28915
A vulnerability has been found in Wavlink NU516U1 M16U1V240425. Affected is the function changewifipassword of the file /cgi-bin/adm.cgi. The manipulation of the argument wlchannel/wlPass/EncrypType leads to os command injection. It is possible to initiate the attack remotely. The exploit has bee...
CVE-2026-8188 Wavlink NU516U1 adm.cgi change_wifi_password os command injection
A vulnerability has been found in Wavlink NU516U1 M16U1V240425. Affected is the function changewifipassword of the file /cgi-bin/adm.cgi. The manipulation of the argument wlchannel/wlPass/EncrypType leads to os command injection. It is possible to initiate the attack remotely. The exploit has bee...
CVE-2026-8188
A vulnerability has been found in Wavlink NU516U1 M16U1V240425. Affected is the function changewifipassword of the file /cgi-bin/adm.cgi. The manipulation of the argument wlchannel/wlPass/EncrypType leads to os command injection. It is possible to initiate the attack remotely. The exploit has bee...
Wavlink NU516U1 命令注入漏洞
Wavlink NU516U1 is a wireless print server developed by Wavlink Corporation. The Wavlink NU516U1 M16U1V240425 version has a command injection vulnerability. This vulnerability arises from the handling of parameters wlchannel/wlPass/EncrypType in the changewifipassword function located in the...
PT-2026-39336
A vulnerability has been found in Wavlink NU516U1 M16U1 V240425. Affected is the function change wifi password of the file /cgi-bin/adm.cgi. The manipulation of the argument wl channel/wl Pass/EncrypType leads to os command injection. It is possible to initiate the attack remotely. The exploit ha...
Linux Distros Unpatched Vulnerability : CVE-2025-14551
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Ubuntu, Subiquity version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report t...
CVE-2025-14551
In Ubuntu, Subiquity version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, Subiquity could include certain user credentials, such as the user's plaintext Wi-Fi password, in the attached logs...
CVE-2025-14551
In Ubuntu, Subiquity version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, Subiquity could include certain user credentials, such as the user's plaintext Wi-Fi password, in the attached logs...
CVE-2025-14551
In Ubuntu, Subiquity version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, Subiquity could include certain user credentials, such as the user's plaintext Wi-Fi password, in the attached logs...
UBUNTU-CVE-2025-14551
In Ubuntu, Subiquity version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, Subiquity could include certain user credentials, such as the user's plaintext Wi-Fi password, in the attached logs...
CVE-2025-14551 Senstive information disclosure was affecting subiquity
In Ubuntu, Subiquity version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, Subiquity could include certain user credentials, such as the user's plaintext Wi-Fi password, in the attached logs...
CVE-2025-14551
In Ubuntu, Subiquity version 24.04.4 is described across multiple sources as capable of leaking sensitive user credentials (e.g., plaintext Wi‑Fi passwords) into crash-report logs when a bug report is submitted to Launchpad during installation failures. The issue affects the Subiquity installer o...