EUVD-2024-55349

Atcom 100M IP Phones firmware version 2.7.x.x contains an authenticated command injection vulnerability in the web configuration CGI script that allows attackers to execute arbitrary system commands. Attackers can inject shell commands through the 'cmd' parameter in webcgimain.cgi, enabling remot...

PT-2025-50974

Name of the Vulnerable Software and Affected Versions Atcom 100M IP Phones versions 2.7.x.x Description The software contains an authenticated command injection issue in the web configuration CGI script. This allows attackers to execute arbitrary system commands. The cmd parameter within the 'web...

CVE-2025-10093

A vulnerability was identified in D-Link DIR-852 up to 1.00CN B09. Affected by this vulnerability is the function phpcgimain of the file /getcfg.php of the component Device Configuration Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The explo...

PHP 'cgi_main.c' Out-of-Bounds Read Denial of Service Vulnerability

PHP is a popular programming language. An out-of-bounds read denial of service vulnerability exists in PHP 'cgimain.c', which can be exploited by a remote attacker to crash the application, resulting in a denial of service...