35 matches found
CVE-2026-4544
A vulnerability was determined in Wavlink WL-WN578W2 221110. This affects an unknown function of the file /cgi-bin/login.cgi of the component POST Request Handler. Executing a manipulation of the argument homepage/hostname/loginpage can lead to cross site scripting. It is possible to launch the...
CVE-2026-2527
A vulnerability was determined in Wavlink WL-WN579A3 up to 20210219. Affected is an unknown function of the file /cgi-bin/login.cgi. Executing a manipulation of the argument key can lead to command injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be...
CVE-2023-40146
A privilege escalation vulnerability exists in the /bin/login functionality of Peplink Smart Reader v1.2.0 in QEMU. A specially crafted command line argument can lead to a limited-shell escape and elevated capabilities. An attacker can authenticate with hard-coded credentials and execute unblocke...
EUVD-2019-16521
Malware in sbrugna...
CVE-2025-10325
A vulnerability was identified in Wavlink WL-WN578W2 221110. This impacts the function sub401340/sub401BA4 of the file /cgi-bin/login.cgi. Such manipulation of the argument ipaddr leads to command injection. It is possible to launch the attack remotely. The exploit is publicly available and might...
WAVLINK多款产品 安全漏洞
WAVLINK is a router from China Ruiyin WAVLINK. It is a hardware device that connects two or more networks and acts as a gateway between networks. A security vulnerability exists in several WAVLINK products, which originates from a buffer overflow in the parameter loginpage in the file...
System V Derived /bin/login Extraneous Arguments Buffer Overflow
This exploit connects to a system's modem over dialup and exploits a buffer overflow vulnerability in it's System V derived /bin/login. The vulnerability is triggered by providing a large number of arguments. Module Options msf use exploit/solaris/dialup/manyargs msf exploitmanyargs show targets...
CVE-2023-40146
A privilege escalation vulnerability exists in the /bin/login functionality of Peplink Smart Reader v1.2.0 in QEMU. A specially crafted command line argument can lead to a limited-shell escape and elevated capabilities. An attacker can authenticate with hard-coded credentials and execute unblocke...
PT-2024-12857 · Peplink · Peplink Smart Reader
Name of the Vulnerable Software and Affected Versions: Peplink Smart Reader version 1.2.0 Description: A privilege escalation issue exists in the /bin/login functionality. A specially crafted command line argument can lead to a limited-shell escape and elevated capabilities. An attacker can...
Peplink Smart Reader /bin/login privilege escalation vulnerability
Talos Vulnerability Report TALOS-2023-1868 Peplink Smart Reader /bin/login privilege escalation vulnerability April 17, 2024 CVE Number CVE-2023-40146 SUMMARY A privilege escalation vulnerability exists in the /bin/login functionality of Peplink Smart Reader v1.2.0 in QEMU. A specially crafted...
TOTOLINK N350RT 安全漏洞
The TOTOLINK N350RT is a small home router from China's Gion Electronics TOTOLINK. The TOTOLINK N350RT version 9.3.5u.6139B20201216 suffers from a buffer overflow vulnerability that originates from the parameter v8 of the main function of the file /cgi-bin/cstecgi.cgi?action=login that fails to...
PT-2023-8216 · Zyxel · Zyxel Pmg2005-T20B
Name of the Vulnerable Software and Affected Versions: ZyXel PMG2005-T20B firmware version V1.00ABNK.2b11 C0 Description: The issue is related to a buffer overflow vulnerability in the cgi-bin/login.asp component of the ZyXel PMG2005-T20B firmware. This vulnerability can be exploited by a remote...
Atlassian Wildix WSG24POE 安全漏洞
The Atlassian Wildix WSG24POE is a networking device from Atlassian Australia. A security vulnerability exists in the Atlassian Wildix WSG24POE version 103SP7D190822, which originates from a security issue in cgi-bin/loginrj.cgi that allows an attacker to bypass authentication...
CVE-2019-6967
AirTies Air5341 1.0.0.12 devices allow cgi-bin/login CSRF...
FreeBSD : openssh -- sshd -- remote valid user discovery and PAM /bin/login attack (adccefd1-7080-11e6-a2cb-c80aa9043978)
The OpenSSH project reports : sshd8: Mitigate timing differences in password authentication that could be used to discern valid from invalid account names when long passwords were sent and particular password hashing algorithms are in use on the server. CVE-2016-6210, reported by EddieEzra.Harari...
Updated openssh packages fix security vulnerability
The dosetupenv function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pamenvironment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as...
openssh -- sshd -- remote valid user discovery and PAM /bin/login attack
The OpenSSH project reports: sshd8: Mitigate timing differences in password authentication that could be used to discern valid from invalid account names when long passwords were sent and particular password hashing algorithms are in use on the server. CVE-2016-6210, reported by EddieEzra.Harari ...
CVE-2008-5394
/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line aka utline field in a utmp entry...
Multiple AirTies Air product stack buffer overflow vulnerability
Airties Air 6372 and others are wireless modem products from Airties Turkey. Multiple AirTies Air products contain a cgi-bin/login that fails to properly handle extra-long strings in the 'redirect' parameter, allowing remote attackers to exploit the vulnerability by submitting a special request...
Stack overflow
Stack-based buffer overflow in AirTies Air 6372, 5760, 5750, 5650TT, 5453, 5444TT, 5443, 5442, 5343, 5342, 5341, and 5021 DSL modems with firmware 1.0.2.0 and earlier allows remote attackers to execute arbitrary code via a long string in the redirect parameter to cgi-bin/login...