Lucene search
+L

577 matches found

CVE
CVE
added 2026/01/30 4:2 p.m.24 views

CVE-2026-1687

CVE-2026-1687 concerns Tenda HG10 devices with Boa Webserver, where an issue in the /boaform/formSamba handler allows remote command injection by manipulating the serverString argument. The vulnerability affects the Boa Webserver component and could enable an attacker to execute arbitrary command...

7.5CVSS5.7AI score0.026EPSS
Exploits1References6Affected Software1
CNNVD
CNNVD
added 2026/01/30 12:0 a.m.10 views

Tenda HG10 command injection vulnerability

The Tenda HG10 is a fiber-optic router produced by the Chinese company Tenda. The Tenda HG10 USHG7HG9HG10re300001138enxpon has a command injection vulnerability. This vulnerability arises from an unknown function in the Boa Webserver component, which manipulates the parameter “serverString” in th...

7.5CVSS7.2AI score0.026EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2026/01/09 11:28 a.m.11 views

CVE-2021-33558

Boa 0.94.13 allows remote attackers to obtain sensitive information via a misconfiguration involving backup.html, preview.html, js/log.js, log.html, email.html, online-users.html, and config.js. NOTE: multiple third parties report that this is a site-specific issue because those files are not par...

7.5CVSS6.5AI score0.10329EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:22 a.m.6 views

CVE-2021-31577

In Boa, there is a possible escalation of privilege due to a missing permission check. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210008; Issue ID:...

9.8CVSS7.1AI score0.01147EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:0 a.m.4 views

CVE-2023-50382

Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This comman...

7.2CVSS7.9AI score0.01929EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:59 a.m.5 views

CVE-2023-50383

Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This comman...

7.2CVSS7.9AI score0.01929EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:59 a.m.9 views

CVE-2023-49593

Leftover debug code exists in the boa formSysCmd functionality of LevelOne WBR-6013 RER4Av3411b2T2RLEV09170623. A specially crafted network request can lead to arbitrary command execution...

7.2CVSS7.3AI score0.01061EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/04 5:16 p.m.15 views

CVE-2025-34319

TOTOLINK N300RT wireless router firmware versions prior to V3.4.0-B20250430 discovered in V2.1.8-B20201030.1539 contain an OS command injection vulnerability in the Boa formWsc handling functionality. An unauthenticated attacker can send specially crafted requests to trigger command execution via...

9.3CVSS7.9AI score0.03962EPSS
Exploits0References1
NVD
NVD
added 2025/12/03 5:15 p.m.7 views

CVE-2025-34319

TOTOLINK N300RT wireless router firmware versions prior to V3.4.0-B20250430 discovered in V2.1.8-B20201030.1539 contain an OS command injection vulnerability in the Boa formWsc handling functionality. An unauthenticated attacker can send specially crafted requests to trigger command execution via...

9.3CVSS0.03962EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/03 4:49 p.m.4 views

CVE-2025-34319 TOTOLINK N300RT <= V2.1.8-B20201030.1539 Boa formWsc RCE

TOTOLINK N300RT wireless router firmware versions prior to V3.4.0-B20250430 discovered in V2.1.8-B20201030.1539 contain an OS command injection vulnerability in the Boa formWsc handling functionality. An unauthenticated attacker can send specially crafted requests to trigger command execution via...

9.3CVSS7.5AI score0.03962EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/03 4:49 p.m.29 views

CVE-2025-34319 TOTOLINK N300RT <= V2.1.8-B20201030.1539 Boa formWsc RCE

TOTOLINK N300RT wireless router firmware versions prior to V3.4.0-B20250430 discovered in V2.1.8-B20201030.1539 contain an OS command injection vulnerability in the Boa formWsc handling functionality. An unauthenticated attacker can send specially crafted requests to trigger command execution via...

9.3CVSS0.03962EPSS
Exploits0References3
CVE
CVE
added 2025/12/03 4:49 p.m.32 views

CVE-2025-34319

TOTOLINK N300RT devices with firmware older than V3.4.0-B20250430 are affected by an OS command injection in the Boa formWsc handling functionality (discovered in V2.1.8-B20201030.1539). The vulnerability allows an unauthenticated attacker to execute commands via the targetAPSsid request paramete...

9.3CVSS7.5AI score0.03962EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/03 12:0 a.m.6 views

TOTOLINK N300RT 操作系统命令注入漏洞

The TOTOLINK N300RT is an 802.11n-compliant wireless router from China's Gion Electronics TOTOLINK. An OS command injection vulnerability exists in TOTOLINK N300RT versions prior to V3.4.0-B20250430, which stems from an OS command injection in the Boa formWsc function, which could lead to the...

9.3CVSS7.6AI score0.03962EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/03 12:0 a.m.5 views

PT-2025-48962

TOTOLINK N300RT wireless router firmware versions prior to V3.4.0-B20250430 discovered in V2.1.8-B20201030.1539 contain an OS command injection vulnerability in the Boa formWsc handling functionality. An unauthenticated attacker can send specially crafted requests to trigger command execution via...

9.3CVSS7.9AI score0.03962EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 8:46 p.m.2 views

Malicious code in ideological_boa_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 714ad6ff27ba1e87657ee3fc0af147a462296558f655912d15f1824116804661 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
EUVD
EUVD
added 2025/11/11 7:31 a.m.2 views

EUVD-2025-78488

Malicious code in rattyboaz3n npm...

6.6AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 7:31 a.m.3 views

Malicious code in mean_boa_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9eb448d8608ccc08755295635c30601bc08b266e096a18efcef7f0ab0a4ef544 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
EUVD
EUVD
added 2025/11/11 5:18 a.m.2 views

EUVD-2025-65219

Malicious code in awkwardboaz3n npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/11 4:25 a.m.2 views

EUVD-2025-86696

Malicious code in comparativeboaz3n npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/11 12:41 a.m.1 views

EUVD-2025-55400

Malicious code in clumsy-jade-boa npm...

6.6AI score
Exploits0
Rows per page
Query Builder