Design/Logic Flaw

TOTOLINK T8 V4.1.5cu was discovered to contain a hard code password for the telnet service which is stored in the component /webcste/cgi-bin/product.ini...

CVE-2022-43976

An issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 devices before 3.7.6.25p03.2.2.17p04.7p0. Direct access to the API is possible on TCP port 8888 via programs located in the cgi-bin folder without any authentication...

GE Grid Solutions MS3000 安全漏洞

GE Grid Solutions MS3000 is a transformer monitoring system from GE Grid Solutions, France. A security vulnerability exists in the GE Grid Solutions MS3000 versions prior to 3.7.6.25p03.2.2.17p04.7p0, which stems from the ability to directly access the API on TCP port 8888 without any...

www/awstats -- Partial absolute pathname

MITRE reports: It seems 90 is not completely fixed in 7.8. that is, even after CVE-2017-1000501 and CVE-2020-29600 are fixed. In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname omitting the initial /etc, even though it was intended to only read a file in the...

CVE-2022-4257

A vulnerability was found in C-DATA Web Management System. It has been rated as critical. This issue affects some unknown processing of the file cgi-bin/jumpto.php of the component GET Parameter Handler. The manipulation of the argument hostname leads to argument injection. The attack may be...

Command injection

TOTOLINK NR1800X V9.1.0u.6279B20210910 was discovered to contain a command injection vulnerability via the UploadFirmwareFile function at /cgi-bin/cstecgi.cgi...

CVE-2022-41518

TOTOLINK NR1800X firmware 9.1.0u.6279_B20210910 is affected by CVE-2022-41518 due to a command injection in the UploadFirmwareFile function at /cgi-bin/cstecgi.cgi. The issue originates from inadequate input filtering of the FileName parameter, enabling arbitrary command execution. CVSS 3.1 base ...

CVE-2022-40475

TOTOLINK A860R V4.1.2cu.5182B20201027 was discovered to contain a command injection via the component /cgi-bin/downloadFile.cgi...

Exploit for Path Traversal in Apache Http_Server

Apache 2.4.50 - Path Traversal or Remote Code Execution cve-20...

Exploit for Path Traversal in Apache Http_Server

Apache 2.4.50 - Path Traversal or Remote Code Execution cve-20...

CVE-2022-36552

CVE-2022-36552 affects Tenda AC6 (AC1200) with v5.0 firmware

CVE-2022-32993

TOTOLINK A7000R V4.1cu.4134 was discovered to contain an access control issue via /cgi-bin/ExportSettings.sh...

CVE-2022-32548

An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin/wlogin.cgi has a buffer overflow via the username or password to the aa or ab field...

PT-2022-7699

Name of the Vulnerable Software and Affected Versions D-Link GO-RT-AC750 versions GORTAC750 revA v101b03 through GO-RT-AC750 revB FWv200b02 Description The issue is related to the hnap main function of the D-Link GO-RT-AC750 router's firmware, which fails to neutralize special elements used in an...

PT-2022-23447 · D Link · D-Link Go-Rt-Ac750

Name of the Vulnerable Software and Affected Versions: D-Link GO-RT-AC750 versions GORTAC750 revA v101b03 through GO-RT-AC750 revB FWv200b02 Description: The issue concerns an authentication bypass. It is related to the function phpcgi main in cgibin. Recommendations: For D-Link GO-RT-AC750 versi...

Cross site request forgery (csrf)

A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to execute arbitrary code via a crafted POST request...

CVE-2022-2487

A vulnerability has been found in WAVLINK WN535K2 and WN535K3 and classified as critical. This vulnerability affects unknown code of the file /cgi-bin/nightled.cgi. The manipulation of the argument starthour leads to os command injection. The exploit has been disclosed to the public and may be us...

Command injection

A vulnerability, which was classified as critical, was found in WAVLINK WN535K2 and WN535K3. This affects an unknown part of the file /cgi-bin/mesh.cgi?page=upgrade. The manipulation of the argument key leads to os command injection. The exploit has been disclosed to the public and may be used...

Command injection

A vulnerability has been found in WAVLINK WN535K2 and WN535K3 and classified as critical. This vulnerability affects unknown code of the file /cgi-bin/nightled.cgi. The manipulation of the argument starthour leads to os command injection. The exploit has been disclosed to the public and may be us...

CVE-2022-2486 WAVLINK WN535K2/WN535K3 os command injection

A vulnerability, which was classified as critical, was found in WAVLINK WN535K2 and WN535K3. This affects an unknown part of the file /cgi-bin/mesh.cgi?page=upgrade. The manipulation of the argument key leads to os command injection. The exploit has been disclosed to the public and may be used...