CVE-2026-36828

A command injection vulnerability exists in the /cgi-bin/tools/ajaxcmd endpoint of Panabit PAP-XM320 up to and including v7.7. The CGI component allows authenticated users to execute arbitrary shell commands with root privileges via the action=runcmd parameter...

TOTOLINK A3300R dhcpMtu Parameter Command Injection Vulnerability

TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R dhcpMtu parameter, which can be exploited by an attacker to execute arbitrary commands by sending a specially crafted request to /cgi-bin/cstecgi.cgi...

Exploit for CVE-2025-67159

CVE-2025-67159 — Vatilon-based IP Cameras Summary Vatilon-...

CVE-2025-63223

The Axel Technology StreamerMAX MK II devices firmware versions 0.8.5 to 1.0.3 are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. Unauthenticated remote attackers can list user accounts, create new administrative users, delete users, and...

CVE-2025-63223

The Axel Technology StreamerMAX MK II devices firmware versions 0.8.5 to 1.0.3 are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. Unauthenticated remote attackers can list user accounts, create new administrative users, delete users, and...

CVE-2025-63218

The Axel Technology WOLF1MS and WOLF2MS devices firmware versions 0.8.5 to 1.0.3 are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. Unauthenticated remote attackers can list user accounts, create new administrative users, delete users, and...

CVE-2025-63223

The Axel Technology StreamerMAX MK II devices firmware versions 0.8.5 to 1.0.3 are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. Unauthenticated remote attackers can list user accounts, create new administrative users, delete users, and...

Axel WOLF1MS和Axel WOLF2MS 安全漏洞

Axel WOLF1MS and Axel WOLF2MS are both FM network monitoring devices from Axel Italy. A security vulnerability exists in Axel WOLF1MS and Axel WOLF2MS versions 0.8.5 through 1.0.3, which stems from a lack of authentication in the /cgi-bin/gstFcgi.fcgi endpoint, and could lead to a complete crack ...

PT-2025-47469

The Axel Technology puma devices firmware versions 0.8.5 to 1.0.3 are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. Unauthenticated remote attackers can list user accounts, create new administrative users, delete users, and modify system...

CVE-2025-30040

The vulnerability allows unauthenticated users to download a file containing session ID data by directly accessing the "/cgi-bin/CliniNET.prd/utils/userlogxls.pl" endpoint...

CVE-2023-7308 SecGate3600 Firewall Information Disclosure via authManageSet.cgi

SecGate3600, a network firewall product developed by NSFOCUS, contains a sensitive information disclosure vulnerability in the /cgi-bin/authUser/authManageSet.cgi endpoint. The affected component fails to enforce authentication checks on POST requests to retrieve user data. An unauthenticated...

Exploit for CVE-2024-11318

CVE-2024-11318 IDOR - AbsysNet 2.3.1 User Hijacking --- DI...

CVE-2023-32144 D-Link DAP-1360 webproc COMM_MakeCustomMsg Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-1360 webproc COMMMakeCustomMsg Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this...

CVE-2023-32142

The CVE-2023-32142 issue affects D-Link DAP-1360 (and DAP-2020 variants in PT security listing) where the /cgi-bin/webproc endpoint processes the var:page parameter and, due to improper length validation, leads to a stack-based buffer overflow and remote code execution with root privileges. The v...

D-Link DAP-1360 webproc Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of requests to the /cgi-bin/webproc endpoint. The issue...

D-Link DAP-1360 webproc WEB_DisplayPage Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of requests to the /cgi-bin/webproc endpoint. When parsin...

PT-2022-7699

Name of the Vulnerable Software and Affected Versions D-Link GO-RT-AC750 versions GORTAC750 revA v101b03 through GO-RT-AC750 revB FWv200b02 Description The issue is related to the hnap main function of the D-Link GO-RT-AC750 router's firmware, which fails to neutralize special elements used in an...

Barco Control Room Cross-Site Scripting Vulnerability

Barco Control Room is a visualization and collaboration solution from Barco Belgium. Used to build control rooms, a cross-site scripting vulnerability exists in the Barco Control Room Management Suite web application prior to version 3.14. The vulnerability stems from the URL parameter of the...

CVE-2022-26972

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /cgi-bin endpoint. The URL parameters are not correctly sanitized, leading to reflected XSS...

CVE-2022-26972

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /cgi-bin endpoint. The URL parameters are not correctly sanitized, leading to reflected XSS...