577 matches found
CVE-2026-1687
CVE-2026-1687 concerns Tenda HG10 devices with Boa Webserver, where an issue in the /boaform/formSamba handler allows remote command injection by manipulating the serverString argument. The vulnerability affects the Boa Webserver component and could enable an attacker to execute arbitrary command...
Tenda HG10 command injection vulnerability
The Tenda HG10 is a fiber-optic router produced by the Chinese company Tenda. The Tenda HG10 USHG7HG9HG10re300001138enxpon has a command injection vulnerability. This vulnerability arises from an unknown function in the Boa Webserver component, which manipulates the parameter “serverString” in th...
CVE-2021-33558
Boa 0.94.13 allows remote attackers to obtain sensitive information via a misconfiguration involving backup.html, preview.html, js/log.js, log.html, email.html, online-users.html, and config.js. NOTE: multiple third parties report that this is a site-specific issue because those files are not par...
CVE-2021-31577
In Boa, there is a possible escalation of privilege due to a missing permission check. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210008; Issue ID:...
CVE-2023-50382
Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This comman...
CVE-2023-50383
Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This comman...
CVE-2023-49593
Leftover debug code exists in the boa formSysCmd functionality of LevelOne WBR-6013 RER4Av3411b2T2RLEV09170623. A specially crafted network request can lead to arbitrary command execution...
CVE-2025-34319
TOTOLINK N300RT wireless router firmware versions prior to V3.4.0-B20250430 discovered in V2.1.8-B20201030.1539 contain an OS command injection vulnerability in the Boa formWsc handling functionality. An unauthenticated attacker can send specially crafted requests to trigger command execution via...
CVE-2025-34319
TOTOLINK N300RT wireless router firmware versions prior to V3.4.0-B20250430 discovered in V2.1.8-B20201030.1539 contain an OS command injection vulnerability in the Boa formWsc handling functionality. An unauthenticated attacker can send specially crafted requests to trigger command execution via...
CVE-2025-34319 TOTOLINK N300RT <= V2.1.8-B20201030.1539 Boa formWsc RCE
TOTOLINK N300RT wireless router firmware versions prior to V3.4.0-B20250430 discovered in V2.1.8-B20201030.1539 contain an OS command injection vulnerability in the Boa formWsc handling functionality. An unauthenticated attacker can send specially crafted requests to trigger command execution via...
CVE-2025-34319 TOTOLINK N300RT <= V2.1.8-B20201030.1539 Boa formWsc RCE
TOTOLINK N300RT wireless router firmware versions prior to V3.4.0-B20250430 discovered in V2.1.8-B20201030.1539 contain an OS command injection vulnerability in the Boa formWsc handling functionality. An unauthenticated attacker can send specially crafted requests to trigger command execution via...
CVE-2025-34319
TOTOLINK N300RT devices with firmware older than V3.4.0-B20250430 are affected by an OS command injection in the Boa formWsc handling functionality (discovered in V2.1.8-B20201030.1539). The vulnerability allows an unauthenticated attacker to execute commands via the targetAPSsid request paramete...
TOTOLINK N300RT 操作系统命令注入漏洞
The TOTOLINK N300RT is an 802.11n-compliant wireless router from China's Gion Electronics TOTOLINK. An OS command injection vulnerability exists in TOTOLINK N300RT versions prior to V3.4.0-B20250430, which stems from an OS command injection in the Boa formWsc function, which could lead to the...
PT-2025-48962
TOTOLINK N300RT wireless router firmware versions prior to V3.4.0-B20250430 discovered in V2.1.8-B20201030.1539 contain an OS command injection vulnerability in the Boa formWsc handling functionality. An unauthenticated attacker can send specially crafted requests to trigger command execution via...
Malicious code in ideological_boa_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 714ad6ff27ba1e87657ee3fc0af147a462296558f655912d15f1824116804661 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-78488
Malicious code in rattyboaz3n npm...
Malicious code in mean_boa_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9eb448d8608ccc08755295635c30601bc08b266e096a18efcef7f0ab0a4ef544 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-65219
Malicious code in awkwardboaz3n npm...
EUVD-2025-86696
Malicious code in comparativeboaz3n npm...
EUVD-2025-55400
Malicious code in clumsy-jade-boa npm...