CVE-2026-7675

CVE-2026-7675 affects Shenzhen Libituo Technology LBT-T300-HW1 devices older than or equal to 1.2.8. The vulnerability is in the function start_lan of the file /apply.cgi , where manipulation of the argument Channel/ApCliSsid leads to a buffer overflow . The issue is exploitable remotely, and pub...

CVE-2026-7675 Shenzhen Libituo Technology LBT-T300-HW1 apply.cgi start_lan buffer overflow

A vulnerability has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. Impacted is the function startlan of the file /apply.cgi. The manipulation of the argument Channel/ApCliSsid leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been...

EUVD-2018-10951

Malware in sbrugna...

EUVD-2019-4682

Malware in sbrugna...

EUVD-2020-6238

Malware in sbrugna...

EUVD-2025-29982

Malicious code in bioql PyPI...

PT-2025-38321

Name of the Vulnerable Software and Affected Versions D-Link DIR-825 versions up to 2.10 Description A security flaw exists in D-Link DIR-825 up to version 2.10. The vulnerability is located in the apply.cgi file, specifically within the sub 4106d4 function. Manipulation of the countdown time...

CVE-2013-10062 Linksys Routers apply.cgi Path Traversal

A directory traversal vulnerability exists in Linksys router's web interface tested on the E1500 model firmware versions 1.0.00, 1.0.04, and 1.0.05, specifically in the /apply.cgi endpoint. Authenticated attackers can exploit the nextpage POST parameter to access arbitrary files outside the...

CVE-2013-3307

Linksys E1000 devices through 2.1.02, E1200 devices before 2.0.05, and E3200 devices through 1.0.04 allow OS command injection via shell metacharacters in the apply.cgi pingip parameter on TCP port 52000...

CVE-2024-12856 Four-Faith Industrial Router adjust_sys_time OS Command Injection

The Four-Faith router models F3x24 and F3x36 are affected by an operating system OS command injection vulnerability. At least firmware version 2.0 allows authenticated and remote attackers to execute arbitrary OS commands over HTTP when modifying the system time via apply.cgi. Additionally, this...

CVE-2024-36728

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action vlansetting with a sufficiently long dns1 or dns 2 key...

The vulnerability in the `apply.cgi` interface of TRENDnet TEW-827DRU’s CGI microprogramming system allows a hacker to escalate their privileges and execute arbitrary commands.

The vulnerability in the apply.cgi interface of TRENDnet TEW-827DRU microprogramming software’s CGI interface is related to the failure to take measures to neutralize special elements used in the OS command when processing the usapps.d.username parameter. Exploiting this vulnerability allows a...

CVE-2024-28353

There is a command injection vulnerability in the TRENDnet TEW-827DRU router with firmware version 2.10B01. An attacker can inject commands into the post request parameters usapps.config.smbadminname in the apply.cgi interface, thereby gaining root shell privileges...

PT-2024-2329 · Trendnet · Trendnet Tew-827Dru

Name of the Vulnerable Software and Affected Versions: TRENDnet TEW-827DRU router version 2.10B01 Description: The issue is related to a command injection vulnerability in the apply.cgi interface. An attacker can inject commands into the post request parameters usapps.@smb%d.username, potentially...

CVE-2023-47307

Buffer Overflow vulnerability in /apply.cgi in Shenzhen Libituo Technology Co., Ltd LBT-T300-T310 v2.2.2.6 allows attackers to cause a denial of service via the ApCliAuthMode parameter...

CVE-2023-47307

Buffer Overflow vulnerability in /apply.cgi in Shenzhen Libituo Technology Co., Ltd LBT-T300-T310 v2.2.2.6 allows attackers to cause a denial of service via the ApCliAuthMode parameter...

CVE-2023-39239

It is identified a format string vulnerability in ASUS RT-AX56U V2’s General function API. This vulnerability is caused by lacking validation for a specific value within its apply.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary...

CVE-2020-14074

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action kickbanwifimacallow with a sufficiently long qcawifi.wifi0vap0.maclist key...

TRENDnet TEW-827DRU Command Injection Vulnerability (CNVD-2019-21269)

The TRENDnet TEW-827DRU is a wireless router from TRENDnet. A command injection vulnerability exists in the apply.cgi file in the TRENDnet TEW-827DRU using firmware prior to version 2.05B11. The vulnerability stems from a network system or product not properly filtering specific elements of...

CVE-2019-13154

An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi exploitable with authentication via the TCP Ports To Open in Add Gaming Rule...