12 matches found
EUVD-2022-38407
Malicious code in bioql PyPI...
CVE-2023-21410
User provided input is not sanitized on the AXIS License Plate Verifier specific “api.cgi” allowing for arbitrary code execution...
CVE-2023-35193
An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 in QEMU. A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerabilit...
CVE-2023-35193
An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 in QEMU. A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerabilit...
CVE-2023-35193
An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 in QEMU. A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerabilit...
CVE-2023-35194
An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 in QEMU. A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerabilit...
CVE-2023-21410
User provided input is not sanitized on the AXIS License Plate Verifier specific “api.cgi” allowing for arbitrary code execution...
CVE-2023-21410
CVE-2023-21410 affects the AXIS License Plate Verifier via the api.cgi endpoint, where user input is not sanitized, enabling arbitrary code execution. Public details (NVD) list a high-impact CVSSv3.1 score (base 8.8) with NETWORK attack vector, low attack complexity, and privileges required as lo...
CVE-2022-35520
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 api.cgi has no filtering on parameter ufconf, and this is a hidden parameter which doesn't appear in POST body, but exist in cgi binary. This leads to command injection in page /ledonoff.shtml...
Command injection
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 api.cgi has no filtering on parameter ufconf, and this is a hidden parameter which doesn't appear in POST body, but exist in cgi binary. This leads to command injection in page /ledonoff.shtml...
CVE-2022-35520
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 api.cgi has no filtering on parameter ufconf, and this is a hidden parameter which doesn't appear in POST body, but exist in cgi binary. This leads to command injection in page /ledonoff.shtml...
CVE-2022-35520
CVE-2022-35520 affects WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, and WN531P3 where the api.cgi component does not filter the hidden ufconf parameter, which exists in the CGI binary but not in POST data, enabling command injection on the /ledonoff.shtml page. Public references in the connected ...