TOTOLINK X5000R eMinute Parameter Command Injection Vulnerability in setWiFiScheduleCfg Function

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. The TOTOLINK X5000R suffers from a command injection vulnerability that stems from the "eMinute" parameter in setWiFiScheduleCfg failing to properly filter constructor special characters, commands, etc. The vulnerability can ...

TOTOLINK X5000R setWiFiScheduleCfg function desc parameter command injection vulnerability

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. The TOTOLINK X5000R suffers from a command injection vulnerability that stems from the "desc" parameter in setWiFiScheduleCfg failing to properly filter constructed command special characters, commands, etc. This vulnerabilit...

TOTOLINK X5000R setVpnAccountCfg function user parameter command injection vulnerability

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. The TOTOLINK X5000R suffers from a command injection vulnerability that stems from the "user" parameter in setVpnAccountCfg failing to properly filter constructed command special characters, commands, etc. This vulnerability...

WAVLINK AC3000 internet.cgi custom_interface parameter command injection vulnerability in set_add_routing function

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. A command injection vulnerability exists in the WAVLINK AC3000 M33A8.V5030.210505 version, which stems from the failure of the custominterface parameter of the internet.cgi setaddrouting function to correctly filter constructed comman...

Tenda AC18 安全漏洞

The Tenda AC18 is a router from the Chinese company Tenda. Tenda AC18 version 15.03.05.19 suffers from a command injection vulnerability that stems from the usbName parameter of the formSetSambaConf function failing to correctly filter the constructor command special characters, commands, etc. Th...

iocharger Command Injection Vulnerability

iocharger is an electric vehicle charging and smart energy management solution from the Chinese company Galaxy Zhangtan iocharger. iocharger suffers from a command injection vulnerability that stems from the application's failure to properly filter constructed command special characters, commands...

TOTOLINK X5000R 安全漏洞

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. The TOTOLINK X5000R suffers from a command injection vulnerability that stems from the "eMinute" parameter in setWiFiScheduleCfg failing to properly filter constructor special characters, commands, etc. The vulnerability can ...

TOTOLINK X5000R 安全漏洞

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK X5000R version V9.1.0cu.2350B20230313, which stems from the "week" parameter in setWiFiScheduleCfg failing to correctly filter constructed command special characters,...

TOTOLINK X5000R 安全漏洞

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in TOTOLINK X5000R version V9.1.0cu.2350B20230313, which stems from the "sHour" parameter in setWiFiScheduleCfg failing to correctly filter constructed command special characters,...

TOTOLINK X5000R 安全漏洞

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. The TOTOLINK X5000R suffers from a command injection vulnerability, which stems from the "desc" parameter in setVpnAccountCfg failing to properly filter constructed command special characters, commands, etc. This vulnerabilit...

TOTOLINK X5000R 安全漏洞

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK X5000R version V9.1.0cu.2350B20230313, which stems from the "limit" parameter in setVpnAccountCfg failing to correctly filter constructor special characters, commands,...

TOTOLINK X5000R 安全漏洞

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. The TOTOLINK X5000R suffers from a command injection vulnerability that stems from the "user" parameter in setVpnAccountCfg failing to properly filter constructed command special characters, commands, etc. This vulnerability...

TOTOLINK X5000R 安全漏洞

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. The TOTOLINK X5000R suffers from a command injection vulnerability that stems from the "minute" parameter in setScheduleCfg failing to properly filter constructed command special characters, commands, etc. This vulnerability...

CVE-2024-57479

H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the mac address update function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/we...

BIT-PHP-MIN-2024-1874 Command injection via array-ish $command parameter of proc_open()

In PHP versions 8.1. before 8.1.28, 8.2. before 8.2.18, 8.3. before 8.3.5, when using procopen command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands ...

CVE-2024-39800

Multiple external config control vulnerabilities exists in the openvpn.cgi openvpnserversetup functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these...

CVE-2024-39603

A stack-based buffer overflow vulnerability exists in the wireless.cgi setwifibasicmesh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2024-39359

A stack-based buffer overflow vulnerability exists in the wireless.cgi DeleteMac functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2024-39359

A stack-based buffer overflow vulnerability exists in the wireless.cgi DeleteMac functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2024-39280

An external config control vulnerability exists in the nas.cgi setsmbcfg functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...