WAVLINK WL-WN579A3 安全漏洞

WAVLINK WL-WN579A3 is a high performance dual-band wireless card from China RuiYin WAVLINK. The WAVLINK WL-WN579A3 suffers from a command injection vulnerability that originates from unfiltered input in the /cgi-bin/firewall.cgi component, which can be exploited by an attacker to submit a special...

CVE-2025-44882

A command injection vulnerability in the component /cgi-bin/firewall.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execute arbitrary commands via a crafted input...

CVE-2025-44882

A command injection vulnerability in the component /cgi-bin/firewall.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execute arbitrary commands via a crafted input...

CVE-2025-44880

A command injection vulnerability in the component /cgi-bin/adm.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execute arbitrary commands via a crafted input...

CVE-2025-44880

The CVE-2025-44880 entry concerns a command injection in the /cgi-bin/adm.cgi component of Wavlink WL-WN579A3 v1.0. A crafted input can trigger arbitrary command execution, with CVSS 3.1 base score 9.8 (Network, no user interaction, high impact to confidentiality, integrity, and availability). Af...

CVE-2025-44882

CVE-2025-44882 affects WAVLINK WL-WN579A3 v1.0 through the /cgi-bin/firewall.cgi endpoint. The flaw is a command injection via crafted input, enabling arbitrary command execution. Root cause: unfiltered input in firewall.cgi. Impact, per CVSS: Critical (NETWORK, no user interaction required, high...

CVE-2025-44881

CVE-2025-44881 describes a command-injection vulnerability in the component /cgi-bin/qos.cgi of Wavlink WL-WN579A3 v1.0 caused by unfiltered input. Affected: Wavlink WL-WN579A3 (v1.0); vulnerable endpoint: /cgi-bin/qos.cgi; impact per sources indicates arbitrary command execution with network acc...

CVE-2025-44881

A command injection vulnerability in the component /cgi-bin/qos.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execute arbitrary commands via a crafted input...

The vulnerability of the Command Line Interface (CLI) of the Cisco Application Policy Infrastructure Controller allows a perpetrator to enhance their privileges and execute arbitrary commands.

The vulnerability of the Command Line Interface CLI of the Cisco Application Policy Infrastructure Controller management tool is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability can allow an attacker to enhance their privileges and execute...

The vulnerability of the Tenda RX2 Pro router’s microprogramming-based management service allows a hacker to execute arbitrary commands.

The vulnerability of the Tenda RX2 Pro router’s microprogrammed management service is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands by sending specially crafted UDP packets...

CVE-2025-32002

The CVE-2025-32002 issue affects I-O DATA HDL-T Series network attached storage with firmware 1.21 and earlier, where enabling the Remote Link3 function allows an unauthenticated remote attacker to execute arbitrary OS commands due to improper neutralization of OS command elements. Documented imp...

CVE-2025-46052

An error-based SQL Injection SQLi vulnerability in WebERP v4.15.2 allows attackers to execute arbitrary SQL command and extract sensitive data by injecting a crafted payload into the DEL form field in a POST request to /StockCounts.php...

I-O Data HDL-T 操作系统命令注入漏洞

I-O Data HDL-T is a series of network hard disks from I-O Data Japan. An operating system command injection vulnerability exists in I-O Data HDL-T versions 1.21 and earlier, which stems from OS command injection and could lead to the execution of arbitrary OS commands...

Tenda AC9 formsetUsbUnload Function Command Injection Vulnerability

Tenda AC9 is a wireless router from Tenda, a Chinese company. Tenda AC9 suffers from a command injection vulnerability, which arises from the deviceName parameter of the formsetUsbUnload function failing to correctly filter constructed command special characters, commands, etc. The vulnerability...

WAVLINK WL-WN530H4 Command Injection Vulnerability

WAVLINK WL-WN530H4 is a high-performance USB wireless card from China RuiYin WAVLINK that supports 802.11ac dual-band Wi-Fi. WAVLINK WL-WN530H4 suffers from a command injection vulnerability, which originates from the failure of the pingtest function in adm.cgi to correctly filter pingIp paramete...

NETGEAR RAX5 vif_enable function command injection vulnerability

The NETGEAR RAX5 is a wireless router from NETGEAR. NETGEAR RAX5 suffers from a command injection vulnerability that originates from the iface parameter in the vifenable function failing to correctly filter constructed command special characters, commands, and so on. An attacker can exploit this...

NETGEAR RAX5 reset_wifi function command injection vulnerability

The NETGEAR RAX5 is a wireless router from NETGEAR. NETGEAR RAX5 suffers from a command injection vulnerability, which stems from the devname parameter in the resetwifi function failing to correctly filter constructed command special characters, commands, etc. The vulnerability can be exploited t...

NETGEAR RAX5 apcli_cancel_wps function command injection vulnerability

The NETGEAR RAX5 is a wireless router from NETGEAR. NETGEAR RAX5 suffers from a command injection vulnerability that stems from the failure of the ifname parameter in the apclicancelwps function to correctly filter constructed command special characters, commands, and so on. An attacker can explo...

D-Link DIR-600L wake_on_lan Function Command Injection Vulnerability

The D-Link DIR-600L is a wireless router from China's AUO D-Link. The D-Link DIR-600L suffers from a command injection vulnerability that stems from the wakeonlan function parameter host failing to correctly filter constructed command special characters, commands, etc. The vulnerability can be...

D-Link DIR-890L/DIR-806A1 Command Injection Vulnerability

D-Link DIR-890L and D-Link DIR-806A1 are both products of China's AUO D-Link.D-Link DIR-890L is a wireless router.D-Link DIR-806A1 is a dual-band wireless router that supports AC750 wireless rate and USB sharing function. The D-Link DIR-890L and D-Link DIR-806A1 suffer from a command injection...