The vulnerability of the software for creating wireless routers based on Debian RaspAP, related to the lack of measures taken to clean data at the management level, allows a hacker to execute arbitrary commands.

The vulnerability of the software for creating wireless routers based on Debian RaspAP is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using a specially crafted POST request with t...

CVE-2023-3991

An OS command injection vulnerability exists in the httpd iperfrun.cgi functionality of FreshTomato 2023.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability...

Command injection

An OS command injection vulnerability exists in the httpd iperfrun.cgi functionality of FreshTomato 2023.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2023-3991 OS command injection vulnerability in FreshTomato 2023.3

An OS command injection vulnerability exists in the httpd iperfrun.cgi functionality of FreshTomato 2023.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2023-3991

CVE-2023-3991 is an OS command injection vulnerability in FreshTomato 2023.3, affecting the httpd iperfrun.cgi functionality. A specially crafted HTTP request can lead to arbitrary command execution with network access and no privileges required. Impact is described as total compromise of the aff...

CVE-2023-45158

An OS command injection vulnerability exists in web2py 2.24.1 and earlier. When the product is configured to use notifySendHandler for logging not the default configuration, a crafted web request may execute an arbitrary OS command on the web server using the product...

PT-2023-12691 · Ibm · Ibm Security Verify Privilege On-Premises

Name of the Vulnerable Software and Affected Versions: IBM Security Verify Privilege On-Premises version 11.5 Description: IBM Security Verify Privilege On-Premises could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request...

Exploit for Improper Authentication in Fit2Cloud Jumpserver

BlackJump Chinese |...

The vulnerability of the software interface for centralized device management in Fortinet’s FortiManager, FortiAnalyzer network switches, and FortiADC application delivery controller allows a perpetrator to execute arbitrary commands.

The vulnerability of the software interface for centralized device management in Fortinet’s FortiManager, FortiAnalyzer network monitoring devices, and FortiADC application delivery controller is related to insufficient checking of arguments passed in commands. Exploiting this vulnerability allow...

The vulnerability of Fortinet FortiManager’s centralized device management system lies in the insufficient checking of arguments passed in commands, allowing an attacker to execute arbitrary commands or code.

The vulnerability of Fortinet FortiManager’s centralized device management system lies in insufficient checking of arguments passed in commands. Exploiting this vulnerability allows an attacker to execute arbitrary commands or code...

The vulnerability of the command-line interface of the Fortinet FortiManager device and the FortiAnalyzer network switch allows a perpetrator to execute arbitrary commands.

The vulnerability of the command-line interface of the Fortinet FortiManager device management system, as well as the FortiAnalyzer network switch, is related to insufficient checking of arguments passed in commands. Exploiting this vulnerability can allow attackers to execute arbitrary commands...

D-Link DAP-X1860 Code Execution Vulnerability

The D-Link DAP-X1860 is a wireless router from China-based AUO D-Link. The D-Link DAP-X1860 suffers from a code execution vulnerability that stems from an application's failure to properly filter special elements of constructed code segments. An attacker could exploit this vulnerability to execut...

Xiaomi Router Command Injection Vulnerability (CNVD-2025-06295)

Xiaomi router is a series of wireless routers from the Chinese company Xiaomi. Xiaomi Router suffers from a command injection vulnerability that stems from a failure to properly filter constructed command special characters. An attacker could exploit this vulnerability to execute arbitrary comman...

The vulnerability of the parsing_xml_stasurvey() function in the software of the D-Link DAP-X1860 Wi-Fi signal booster device allows a intruder to trigger a service failure and execute arbitrary commands.

The vulnerability of the parsingXMLstasurvey function in the D-Link DAP-X1860 Wi-Fi signal booster software is related to the absence of a firewall around the SSID identifier of the access point, due to the insertion or modification of arguments during implementation. Exploiting this vulnerabilit...

CVE-2023-24479

An authentication bypass vulnerability exists in the httpd nvram.cgi functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability...

Authentication flaw

An authentication bypass vulnerability exists in the httpd nvram.cgi functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability...

CVE-2023-24479

An authentication bypass vulnerability exists in the httpd nvram.cgi functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability...

CVE-2023-24479

An authentication bypass vulnerability exists in the httpd nvram.cgi functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability...

CVE-2023-24479

Summary: CVE-2023-24479 affects the Yifan YF325 router’s httpd nvram.cgi endpoint. Talos confirms an authentication bypass vulnerability that lets an attacker craft a network request to trigger arbitrary command execution, including the ability to change admin credentials and gain root access. Af...

Yifan YF325 Authorization Issues Vulnerability

Yifan YF325 is a wireless router from Yifan. An authorization issue vulnerability exists in Yifan YF325 v1.020221108. An attacker can exploit this vulnerability to execute arbitrary commands...