20 matches found
CVE-2026-11504
The CVE-2026-11504 entry concerns Tenda CX12L firmware 16.03.53.12. The vulnerability exists in the Wi‑Fi Schedule Configuration Endpoint, specifically the setSchedWifi function in /goform/openSchedWifi. Crafting the schedStartTime or schedEndTime argument causes a stack‑based buffer overflow, en...
EUVD-2024-53493
Malicious code in bioql PyPI...
EUVD-2024-53497
Malicious code in bioql PyPI...
EUVD-2024-53496
Malicious code in bioql PyPI...
EUVD-2024-53498
Malicious code in bioql PyPI...
CVE-2024-57021
TOTOLINK X5000R V9.1.0cu.2350B20230313 was discovered to contain an OS command injection vulnerability via the "eHour" parameter in setWiFiScheduleCfg...
CVE-2024-57020
TOTOLINK X5000R V9.1.0cu.2350B20230313 was discovered to contain an OS command injection vulnerability via the "sMinute" parameter in setWiFiScheduleCfg...
CVE-2024-57024
TOTOLINK X5000R V9.1.0cu.2350B20230313 was discovered to contain an OS command injection vulnerability via the "eMinute" parameter in setWiFiScheduleCfg...
CVE-2024-57021
TOTOLINK X5000R V9.1.0cu.2350B20230313 was discovered to contain an OS command injection vulnerability via the "eHour" parameter in setWiFiScheduleCfg...
CVE-2024-57020
TOTOLINK X5000R V9.1.0cu.2350B20230313 was discovered to contain an OS command injection vulnerability via the "sMinute" parameter in setWiFiScheduleCfg...
CVE-2024-57025
TOTOLINK X5000R V9.1.0cu.2350B20230313 was discovered to contain an OS command injection vulnerability via the "desc" parameter in setWiFiScheduleCfg...
CVE-2024-57023
CVE-2024-57023 affects TOTOLINK X5000R (version 9.1.0cu.2350_B20230313). The issue is an OS command injection in the function setWiFiScheduleCfg, caused by improper filtering of special characters in the "week" parameter, enabling arbitrary command execution. Documented impact includes potential ...
CVE-2024-57024
TOTOLINK X5000R V9.1.0cu.2350B20230313 was discovered to contain an OS command injection vulnerability via the "eMinute" parameter in setWiFiScheduleCfg...
CVE-2024-57021
CVE-2024-57021 affects TOTOLINK X5000R, firmware version V9.1.0cu.2350_B20230313. The vulnerability is an OS command injection in the router’s setWiFiScheduleCfg function, caused by inadequate filtering of the eHour parameter. Impact is arbitrary command execution with high severity (per linked C...
CVE-2024-57022
TOTOLINK X5000R V9.1.0cu.2350B20230313 was discovered to contain an OS command injection vulnerability via the "sHour" parameter in setWiFiScheduleCfg...
CVE-2024-57024
TOTOLINK X5000R V9.1.0cu.2350B20230313 was discovered to contain an OS command injection vulnerability via the "eMinute" parameter in setWiFiScheduleCfg...
CVE-2024-57021
TOTOLINK X5000R V9.1.0cu.2350B20230313 was discovered to contain an OS command injection vulnerability via the "eHour" parameter in setWiFiScheduleCfg...
TOTOLINK X5000R 安全漏洞
The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. The TOTOLINK X5000R suffers from a command injection vulnerability that stems from the "desc" parameter in setWiFiScheduleCfg failing to properly filter constructed command special characters, commands, etc. This vulnerabilit...
CVE-2024-57020
TOTOLINK X5000R V9.1.0cu.2350B20230313 was discovered to contain an OS command injection vulnerability via the "sMinute" parameter in setWiFiScheduleCfg...
CVE-2024-57025
TOTOLINK X5000R (version 9.1.0cu.2350_B20230313) is affected by an OS command injection in the setWiFiScheduleCfg function, exploitable via the desc parameter. The issue stems from inadequate validation of command-related input, enabling arbitrary command execution. Several connected sources corr...