Tenda AC18 Command Injection Vulnerability (CNVD-2025-02899)

The Tenda AC18 is a router from the Chinese company Tenda. Tenda AC18 version 15.03.05.19 suffers from a command injection vulnerability that stems from the usbName parameter of the formSetSambaConf function failing to correctly filter the constructor command special characters, commands, etc. Th...

Tenda AC10 Command Injection Vulnerability

The Tenda AC10 is a wireless router from the Chinese company Tenda. A command injection vulnerability exists in Tenda AC10 version 16.03.10.20, which stems from the failure of the file /goform/telnet to properly filter constructed command special characters, commands, etc. An attacker could use...

SonicWALL SMA1000 代码问题漏洞

SonicWALL SMA1000 is a family of secure mobile access solutions from SonicWALL, Inc. that simplify end-to-end secure remote access to enterprise resources hosted across local, cloud and hybrid data centers. A security vulnerability exists in the SonicWALL SMA1000. An attacker exploiting this...

Fedora Repository fedoraIntCallUser default credentials and insecure archive extraction

RISK EVALUATION Fedora Repository 3.8 includes default user credentials and allows path traversal when extracting uploaded archive files. An attacker can exploit these vulnerabilities to read sensitive data and execute arbitrary commands with the privileges of the Java web application server...

CVE-2025-20617

Improper neutralization of special elements used in an OS command 'OS Command Injection' issue exists in UD-LT2 firmware Ver.1.00.008SE and earlier. If an attacker logs in to the affected product with an administrative account and manipulates requests for a certain screen operation, an arbitrary ...

CVE-2025-23237

Improper neutralization of special elements used in an OS command 'OS Command Injection' issue exists in UD-LT2 firmware Ver.1.00.008SE and earlier. If a user logs in to CLI of the affected product, an arbitrary OS command may be executed...

CVE-2025-23237

Improper neutralization of special elements used in an OS command 'OS Command Injection' issue exists in UD-LT2 firmware Ver.1.00.008SE and earlier. If a user logs in to CLI of the affected product, an arbitrary OS command may be executed...

CVE-2024-57036

TOTOLINK A810R V4.1.2cu.5032B20200407 was found to contain a command insertion vulnerability in downloadFile.cgi main function. This vulnerability allows an attacker to execute arbitrary commands by sending HTTP request...

Linksys E8450 安全漏洞

The Linksys E8450 is an E-series wireless router from Linksys USA. A command injection vulnerability exists in the Linksys E8450 v1.2.00.360516, which stems from userEmail failing to properly filter constructed command special characters, commands, and more. An attacker can exploit this...

CVE-2024-57036

TOTOLINK A810R V4.1.2cu.5032B20200407 was found to contain a command insertion vulnerability in downloadFile.cgi main function. This vulnerability allows an attacker to execute arbitrary commands by sending HTTP request...

CVE-2024-57036

CVE-2024-57036 applies to TOTOLINK A810R, specifically version 4.1.2cu.5032_B20200407. The vulnerability is a command insertion flaw in the downloadFile.cgi main function that allows an attacker to execute arbitrary commands by sending a crafted HTTP request. The reported CVSSv3.1 base score is 8...

Linksys E8450 操作系统命令注入漏洞

The Linksys E8450 is a router from Linksys USA. A command injection vulnerability exists in the Linksys E8450 v1.2.00.360516, which stems from idemailcheckbtn failing to correctly filter constructed command special characters, commands, and more. An attacker can exploit this vulnerability to caus...

WeGIA SQL注入漏洞

WeGIA is a web manager for welfare organizations by the individual developer Nilson Lazarin. A SQL injection vulnerability exists in WeGIA versions prior to 3.2.9. An attacker can exploit this vulnerability to execute arbitrary SQL commands in the database to access sensitive information...

TOTOLINK X5000R eHour Parameter Command Injection Vulnerability in setWiFiScheduleCfg Function

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. The TOTOLINK X5000R suffers from a command injection vulnerability that stems from the "eHour" parameter in setWiFiScheduleCfg failing to properly filter constructed command special characters, commands, etc. This vulnerabili...

TOTOLINK X5000R setVpnAccountCfg function desc parameter command injection vulnerability

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. The TOTOLINK X5000R suffers from a command injection vulnerability, which stems from the "desc" parameter in setVpnAccountCfg failing to properly filter constructed command special characters, commands, etc. This vulnerabilit...

WAVLINK AC3000 Command Injection Vulnerability (CNVD-2025-08334)

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. The WAVLINK AC3000 suffers from a command injection vulnerability that originates from the touchlistsync.cgi touchlistsync function failing to correctly filter constructed command special characters, commands, etc. An attacker could u...

WAVLINK AC3000 Command Injection Vulnerability (CNVD-2025-08332)

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. The WAVLINK AC3000 suffers from a command injection vulnerability that stems from the qos.cgi qossta function failing to properly filter construct command special characters, commands, etc. The vulnerability can be exploited to execut...

WAVLINK AC3000 Command Injection Vulnerability (CNVD-2025-08325)

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. The WAVLINK AC3000 suffers from a command injection vulnerability that originates from the failure of the restartweekvalue parameter of the login.cgi setsysinit function to correctly filter constructed command special characters,...

WAVLINK AC3000 Command Injection Vulnerability (CNVD-2025-09263)

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. The WAVLINK AC3000 suffers from a command injection vulnerability that arises from the wireless.cgi AddMac function failing to properly filter special characters, commands, etc. used to construct commands. An attacker can exploit this...

TOTOLINK X5000R switch parameter command injection vulnerability in the setScheduleCfg function

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK X5000R version V9.1.0cu.2350B20230313, which stems from the failure of the "switch" parameter in setScheduleCfg to correctly filter for constructor command special...