7632 matches found
CVE-2025-44862
TOTOLINK CA300-POE V6.2c.884B20180522 was found to contain a command injection vulnerability in the recvUpgradeNewFw function via the fwUrl parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
CVE-2025-44867
Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetNetCheckTools function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
CVE-2025-44845
TOTOLINK CA600-PoE V5.3c.6665B20180820 was found to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
CVE-2025-44836
TOTOLINK CPE CP900 V6.3c.1144B20190715 was discovered to contain a command injection vulnerability in the setApRebootScheCfg function via the hour or minute parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
CVE-2025-44847
TOTOLINK CA600-PoE V5.3c.6665B20180820 was found to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
CVE-2025-44843
TOTOLINK CA600-PoE V5.3c.6665B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
CVE-2025-44868
Wavlink WL-WN530H4 20220801 was found to contain a command injection vulnerability in the pingtest function of the adm.cgi via the pingIp parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
CVE-2025-44872
Tenda AC9 V15.03.06.42multi was found to contain a command injection vulnerability in the formsetUsbUnload function via the deviceName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
CVE-2025-44872
Tenda AC9 V15.03.06.42multi was found to contain a command injection vulnerability in the formsetUsbUnload function via the deviceName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
The vulnerability of the telnet CLI service in NETGEAR’s integrated software routers FVS336Gv2 and FVS336Gv3 allows a hacker to execute arbitrary commands with root privileges.
The vulnerability of the telnet CLI service in NETGEAR’s integrated router software products like FVS336Gv2 and FVS336Gv3 exists due to the lack of measures to neutralize specific components. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands with root privileges...
CVE-2025-44877
Tenda AC9 V15.03.06.42multi was found to contain a command injection vulnerability in the formSetSambaConf function via the usbname parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
CVE-2025-44877
CVE-2025-44877 affects Tenda AC9, specifically version 15.03.06.42_multi. The vulnerability is a command injection in the formSetSambaConf function triggered via the usbname parameter, allowing an attacker to execute arbitrary commands through a crafted request. The CVSS v3.1 base score is high (...
CVE-2025-44867
Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetNetCheckTools function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
CVE-2025-44867
Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetNetCheckTools function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
CVE-2025-44866
Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the level parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
CVE-2025-44861
TOTOLINK CA300-POE V6.2c.884B20180522 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
CVE-2025-44863
TOTOLINK CA300-POE V6.2c.884B20180522 was found to contain a command injection vulnerability in the msgprocess function via the Url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
CVE-2025-44862
TOTOLINK CA300-POE V6.2c.884B20180522 was found to contain a command injection vulnerability in the recvUpgradeNewFw function via the fwUrl parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
CVE-2025-44861
TOTOLINK CA300-POE V6.2c.884B20180522 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
CVE-2025-44864
Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the module parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...