PT-2025-18653 · Totolink · Totolink Cpe Cp900

Name of the Vulnerable Software and Affected Versions: TOTOLINK CPE CP900 version 6.3c.1144 B20190715 Description: A command injection issue was discovered in the setUploadUserData function through the FileName parameter. This issue allows attackers to execute arbitrary commands via a manipulated...

CVE-2024-54807

In Netgear WNR854T 1.5.2 North America, the UPNP service is vulnerable to command injection in the function addmapexec which parses the NewInternalClient parameter of the AddPortMapping SOAPAction into a system call without sanitation. An attacker can send a specially crafted SOAPAction request f...

CVE-2024-54807

In Netgear WNR854T 1.5.2 North America, the UPNP service is vulnerable to command injection in the function addmapexec which parses the NewInternalClient parameter of the AddPortMapping SOAPAction into a system call without sanitation. An attacker can send a specially crafted SOAPAction request f...

CVE-2024-54806

Netgear WNR854T 1.5.2 North America is vulnerable to Arbitrary command execution in cmd.cgi which allows for the execution of system commands via the web interface...

CVE-2024-54806

Netgear WNR854T 1.5.2 North America is vulnerable to Arbitrary command execution in cmd.cgi which allows for the execution of system commands via the web interface...

CVE-2025-22941

A command injection vulnerability in the web interface of Adtran 411 ONT L80.00.0011.M2 allows attackers to escalate privileges to root and execute arbitrary commands...

CVE-2025-3022

CVE-2025-3022 concerns an OS command injection in E-Solutions E-Management. Multiple sources confirm the vulnerability is triggered via the client parameter to /data/apache/e-management/api/api3.php, allowing an attacker to execute arbitrary commands on the server. The CVE is rated critical (CVSS...

CVE-2024-54806

Netgear WNR854T 1.5.2 North America is vulnerable to Arbitrary command execution in cmd.cgi which allows for the execution of system commands via the web interface...

CVE-2024-54806

Netgear WNR854T 1.5.2 North America is vulnerable to Arbitrary command execution in cmd.cgi which allows for the execution of system commands via the web interface...

CVE-2024-54807

In Netgear WNR854T 1.5.2 North America, the UPNP service is vulnerable to command injection in the function addmapexec which parses the NewInternalClient parameter of the AddPortMapping SOAPAction into a system call without sanitation. An attacker can send a specially crafted SOAPAction request f...

CVE-2024-54807

In Netgear WNR854T 1.5.2 North America, the UPNP service is vulnerable to command injection in the function addmapexec which parses the NewInternalClient parameter of the AddPortMapping SOAPAction into a system call without sanitation. An attacker can send a specially crafted SOAPAction request f...

CVE-2024-54807

Netgear WNR854T (North America) firmware 1.5.2 is affected. The UPNP service’s addmap_exec function incorrectly parses the NewInternalClient parameter of the AddPortMapping SOAPAction and passes it to a system call without proper sanitization, enabling arbitrary command execution via WANIPConn1. ...

CVE-2024-54806

Netgear WNR854T (firmware 1.5.2, North America) is affected by CVE-2024-54806 due to an Arbitrary command execution in cmd.cgi. The root cause, as described in CNVD/RH/NVD entries, is that cmd.cgi does not adequately filter constructed commands and characters, enabling an attacker to execute syst...

NETGEAR WNR854T 安全漏洞

The NETGEAR WNR854T is a wireless router from NETGEAR. A command execution vulnerability exists in the NETGEAR WNR854T version 1.5.2, which stems from the nvram parameter of the ppoepeermac function of the post.cgi file failing to correctly filter for constructed command special characters,...

Adtran 411 ONT 安全漏洞

The Adtran 411 ONT is an optical network terminal ONT from Adtran, Inc. It is used to provide fiber-to-the-home FTTH services and support high-speed Internet access. A security vulnerability exists in the Adtran 411 ONT version L80.00.0011.M2, which originates from a command injection in the web...

The vulnerability of the operating environment for managing and maintaining the Dell Unity Operating Environment (DELL Unity OE) lies in the lack of measures taken to neutralize special elements used in the operating system’s command set. This allows attackers to enhance their privileges and execute arbitrary commands.

The vulnerability of the Dell Unity Operating Environment’s operating environment for data storage management and operation is related to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability can allow attackers to enhance...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Kubernetes kubelet (CVE-2024-10220)

Summary A vulnerability in Kubernetes kubelet that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-10220 DESCRIPTION: Kubernetes kubelet could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by improper...

CVE-2024-28041

HGW BL1500HM Ver 002.001.013 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary command...

Remote Code Execution (RCE)

litellm is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling of the 'postcallrules' configuration, allowing an attacker to specify a system method as a callback, leading to arbitrary command execution...

CVE-2025-22398

Dell Unity, versions 5.4 and prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution as root...