TOTOLINK N350RT 安全漏洞

The TOTOLINK N350RT is a small home router from China's Gion Electronics TOTOLINK. The TOTOLINK N350RT version 9.3.5u.6139B20201216 suffers from a buffer overflow vulnerability that originates from the parameter v8 of the main function of the file /cgi-bin/cstecgi.cgi?action=login that fails to...

CVE-2023-50651

TOTOLINK X6000R v9.4.0cu.852B20230719 was discovered to contain a remote command execution RCE vulnerability via the component /cgi-bin/cstecgi.cgi...

CVE-2023-50651

TOTOLINK X6000R v9.4.0cu.852B20230719 was discovered to contain a remote command execution RCE vulnerability via the component /cgi-bin/cstecgi.cgi...

CVE-2023-50651

TOTOLINK X6000R v9.4.0cu.852B20230719 was discovered to contain a remote command execution RCE vulnerability via the component /cgi-bin/cstecgi.cgi...

Path traversal

An issue was discovered in NOKIA NFM-T R19.9. An Absolute Path Traversal vulnerability exists under /cgi-bin/R19.9/viewlog.pl of the VM Manager WebUI via the logfile parameter, allowing a remote authenticated attacker to read arbitrary files...

VulnCheck KEV: CVE-2020-7980

Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. NOTE: a valid sid cookie for a login to the intellian default account might be needed...

CVE-2023-46396

Audimex 15.0.0 is affected by a Cross Site Scripting (XSS) vulnerability in the /audimex/cgi-bin/wal.fcgi endpoint, exploitable via the company parameter in search filters. The issue is confirmed across multiple sources (CVE-2023-46396) with no public patch details in the provided documents. A pr...

CVE-2023-5702

A vulnerability was found in Viessmann Vitogate 300 up to 2.1.3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/. The manipulation leads to direct request. The exploit has been disclosed to the public and may be used. The identifier of th...

Viessmann Vitogate Security Breach

Viessmann Vitogate is an intelligent control system from Viessmann. A security vulnerability exists in Viessmann Vitogate versions 300 through 2.1.3.0, which stems from the presence of some unknown functions in /cgi-bin/, resulting in a direct request...

PT-2023-32275 · Viessmann · Viessmann Vitogate 300

Name of the Vulnerable Software and Affected Versions: Viessmann Vitogate 300 versions up to 2.1.3.0 Description: A vulnerability was found in the Viessmann Vitogate 300, affecting some unknown functionality of the file /cgi-bin/. The manipulation leads to direct request. The exploit has been...

CVE-2023-43492

In Weintek's cMT3000 HMI Web CGI device, the cgi-bin codesys.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication...

CVE-2023-44961

SQL Injection vulnerability in Koha Library Software 23.0.5.04 and before allows a remote attacker to obtain sensitive information via the intranet/cgi bin/cataloging/ysearch.pl. component...

PT-2023-8216 · Zyxel · Zyxel Pmg2005-T20B

Name of the Vulnerable Software and Affected Versions: ZyXel PMG2005-T20B firmware version V1.00ABNK.2b11 C0 Description: The issue is related to a buffer overflow vulnerability in the cgi-bin/login.asp component of the ZyXel PMG2005-T20B firmware. This vulnerability can be exploited by a remote...

CVE-2023-39638

D-LINK DIR-859 A1 1.05 and A1 1.06B01 Beta01 was discovered to contain a command injection vulnerability via the lxmldbcsystem function at /htdocs/cgibin...

Ruijie Networks Product 代码注入漏洞

Ruijie Networks Product is a series of Ruijie wireless products from China-based Ruijie Networks. A security vulnerability exists in the Ruijie Networks Product that originates from an API privilege that allows a remote attacker to escalate via a POST request to /cgi-bin/luci/ and affects the...

CVE-2023-31853

Cudy LT400 1.13.4 is vulnerable Cross Site Scripting XSS in /cgi-bin/luci/admin/network/bandwidth via the icon parameter...

Cross site scripting

Cudy LT400 1.13.4 is vulnerable Cross Site Scripting XSS in /cgi-bin/luci/admin/network/bandwidth via the icon parameter...

CVE-2023-31852

CVE-2023-31852 affects Cudy LT400 firmware 1.13.4. The issue is a Cross Site Scripting (XSS) vulnerability in the web interface at cgi-bin/luci/admin/network/wireless/config, exploitable via the iface parameter. Connected documents confirm the affected product/version and the vulnerable parameter...

PT-2023-24503 · Wavlink · Wavlink Wn579X3

Name of the Vulnerable Software and Affected Versions: Wavlink WN579X3 versions up to 20230615 Description: A critical issue has been discovered, affecting an unknown function of the /cgi-bin/adm.cgi file in the Ping Test component. The manipulation of the pingIp argument leads to injection. This...

CVE-2023-29709

An issue was discovered in /cgi-bin/loginrj.cgi in Wildix WSG24POE version 103SP7D190822, allows attackers to bypass authentication...