EUVD-2019-19736

Hisilicon HiIpcam V100R003 contains a directory traversal vulnerability that allows unauthenticated attackers to access sensitive configuration files by exploiting directory listing in the cgi-bin directory. Attackers can request the getadslattr.cgi endpoint to retrieve ADSL credentials and netwo...

CVE-2019-25465 Hisilicon HiIpcam V100R003 Information Disclosure via Directory Traversal

Hisilicon HiIpcam V100R003 contains a directory traversal vulnerability that allows unauthenticated attackers to access sensitive configuration files by exploiting directory listing in the cgi-bin directory. Attackers can request the getadslattr.cgi endpoint to retrieve ADSL credentials and netwo...

CVE-2019-25465

Hisilicon HiIpcam V100R003 contains a directory traversal vulnerability that allows unauthenticated attackers to access sensitive configuration files by exploiting directory listing in the cgi-bin directory. Attackers can request the getadslattr.cgi endpoint to retrieve ADSL credentials and netwo...

Hisilicon HiIpcam 安全漏洞

Hisilicon HiIpcam is an IP camera produced by Hisilicon Corporation. The Hisilicon HiIpcam V100R003 version has a security vulnerability. This vulnerability stems from directory traversal in the cgi-bin directory, which may allow unverified attackers to access sensitive configuration files...

CVE-2026-30140

The CVE-2026-30140 entry describes an authentication-and-access-control flaw in Tenda W15E V02.03.01.26_cn. An unauthenticated attacker can access the /cgi-bin/DownloadCfg/RouterCfm.jpg endpoint to download the device configuration, exposing plaintext administrator credentials and enabling potent...

CVE-2026-3696

A vulnerability was found in Totolink N300RH 6..1c.1353B20190305. The affected element is the function setWiFiWpsConfig of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation results in os command injection. The attack can be initiated remotely. The exploit has...

CVE-2026-3696 Totolink N300RH CGI cstecgi.cgi setWiFiWpsConfig os command injection

A vulnerability was found in Totolink N300RH 6..1c.1353B20190305. The affected element is the function setWiFiWpsConfig of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation results in os command injection. The attack can be initiated remotely. The exploit has...

WAVLINK WL-NU516U1 命令注入漏洞

WAVLINK WL-NU516U1 is a wireless print server developed by WAVLINK Corporation. The version 240425 of WAVLINK WL-NU516U1 has a command injection vulnerability. This vulnerability stems from incorrect handling of the parameter “model” in the file /cgi-bin/adm.cgi, which may lead to command injecti...

Advantech WISE-6610 OS Command Injection Vulnerability

Advantech WISE-6610 is a core gateway device from Advantech, Taiwan, China. The Advantech WISE-6610 suffers from an operating system command injection vulnerability that originates from a misuse of the parameter deletefile in the file /cgi-bin/luci/admin/openvpnapply, which can be exploited by an...

CVE-2026-2944

A security flaw has been discovered in Tosei Online Store Management System ネット店舗管理システム 1.01. Affected is the function system of the file /cgi-bin/monitor.php of the component HTTP POST Request Handler. Performing a manipulation of the argument DevId results in os command injection. The attack ma...

CVE-2026-2930

A vulnerability was identified in Tenda A18 15.13.07.13. The affected element is the function webCgiGetUploadFile of the file /cgi-bin/UploadCfg of the component Httpd Service. Such manipulation of the argument boundary leads to stack-based buffer overflow. The attack can be executed remotely. Th...

EUVD-2026-6128

A flaw has been found in Tosei Self-service Washing Machine 4.02. Impacted is an unknown function of the file /cgi-bin/toseidatasend.php. Executing a manipulation of the argument adrtxt1 can lead to command injection. It is possible to launch the attack remotely. The exploit has been published an...

CVE-2026-2527

A vulnerability was determined in Wavlink WL-WN579A3 up to 20210219. Affected is an unknown function of the file /cgi-bin/login.cgi. Executing a manipulation of the argument key can lead to command injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be...

PT-2026-8298

Name of the Vulnerable Software and Affected Versions Wavlink WL-WN579A3 versions up to 20210219 Description A command injection issue exists in Wavlink WL-WN579A3. The issue is located in the multi ssid function within the /cgi-bin/wireless.cgi file. Manipulating the SSID2G2 argument can lead to...

CVE-2026-2167

A vulnerability was detected in Totolink WA300 5.2cu.7112B20190227. The impacted element is the function setAPNetwork of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument Ipaddr results in os command injection. The attack may be performed from remote. The exploit is now public and m...

CVE-2026-2148

A security vulnerability has been detected in Tenda AC21 16.03.08.16. Affected is an unknown function of the file /cgi-bin/DownloadFlash of the component Web Management Interface. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has bee...

CVE-2026-2167

A vulnerability was detected in Totolink WA300 5.2cu.7112B20190227. The impacted element is the function setAPNetwork of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument Ipaddr results in os command injection. The attack may be performed from remote. The exploit is now public and m...

TOTOLINK WA300 操作系统命令注入漏洞

TOTOLINK WA300 is a wireless access point from China Gion Electronics TOTOLINK. The TOTOLINK WA300 suffers from an operating system command injection vulnerability that originates from the parameter Ipaddr in the file /cgi-bin/cstecgi.cgi failing to correctly filter constructed command special...

CVE-2026-1623 Totolink A7000R cstecgi.cgi setUpgradeFW command injection

A weakness has been identified in Totolink A7000R 4.1cu.4154. Impacted is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument FileName causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and...

EUVD-2026-4972

A weakness has been identified in Totolink A7000R 4.1cu.4154. The impacted element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument FileName can lead to command injection. The attack can be launched remotely. The exploit has been made...