CVE-2023-29709

An issue was discovered in /cgi-bin/loginrj.cgi in Wildix WSG24POE version 103SP7D190822, allows attackers to bypass authentication...

Design/Logic Flaw

An issue was discovered in /cgi-bin/adm.cgi in WavLink WavRouter version RPT70HA1.x, allows attackers to force a factory reset via crafted payload...

Atlassian Wildix WSG24POE 安全漏洞

The Atlassian Wildix WSG24POE is a networking device from Atlassian Australia. A security vulnerability exists in the Atlassian Wildix WSG24POE version 103SP7D190822, which originates from a security issue in cgi-bin/loginrj.cgi that allows an attacker to bypass authentication...

PT-2023-22364 · Wavlink · Wavlink Wavrouter

Name of the Vulnerable Software and Affected Versions: WavLink WavRouter version RPT70HA1.x Description: An issue was discovered in "/cgi-bin/adm.cgi" that allows attackers to force a factory reset via a crafted payload. Recommendations: For WavLink WavRouter version RPT70HA1.x, as a temporary...

CVE-2023-31729

TOTOLINK A3300R v17.0.0cu.557 is vulnerable to Command Injection via /cgi-bin/cstecgi.cgi...

CVE-2023-31729

TOTOLINK A3300R v17.0.0cu.557 is vulnerable to Command Injection via /cgi-bin/cstecgi.cgi...

CVE-2023-31729

TOTOLINK A3300R v17.0.0cu.557 is vulnerable to Command Injection via /cgi-bin/cstecgi.cgi...

CVE-2023-2520

A vulnerability was found in Caton Prime 2.1.2.51.e8d7225049202303031001 and classified as critical. This issue affects some unknown processing of the file cgi-bin/toolsping.cgi?action=Command of the component Ping Handler. The manipulation of the argument Destination leads to command injection...

CVE-2023-2520

Caton Prime 2.1.2.51.e8d7225049(202303031001) contains a command injection in the Ping Handler, via manipulation of the Destination argument in cgi-bin/tools_ping.cgi?action=Command. This allows remote exploitation and affects the Ping Handler component; impact is high (as per CVE-2023-2520). No ...

D-Link DAP-1360 webproc Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of requests to the /cgi-bin/webproc endpoint. The issue...

D-Link DAP-1360 Multiple Parameters Stack-Based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /cgi-bin/webproc endpoint. When parsing the errorpage and nextpage...

D-Link DAP-1360 webproc WEB_DisplayPage Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of requests to the /cgi-bin/webproc endpoint. When parsin...

D-Link DAP-1360 webproc Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling requests to the /cgi-bin/webproc endpoint. The issue...

D-Link DAP-1360 webproc var:menu Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling requests to the /cgi-bin/webproc endpoint. When parsing t...

CVE-2022-38840

cgi-bin/xmlstatus.cgi in Güralp MAN-EAM-0003 3.2.4 is vulnerable to an XML External Entity XXE issue via XML file upload, which leads to local file disclosure...

Schneider Electric 1.0 Insecure Direct Object Reference

Exploit Title: Schneider Electric v1.0 - Directory traversal & Broken Authentication Google Dork: inurl:/scada-vis Date: 3/11/2023 Exploit Author: parsa rezaie khiabanloo Vendor Homepage: https://www.se.com/ Version: all-versions Tested on: Windows/Linux/Android Attacker can using these dorks and...

Schneider Electric v1.0 - Directory traversal & Broken Authentication

Exploit Title: Schneider Electric v1.0 - Directory traversal & Broken Authentication Google Dork: inurl:/scada-vis Date: 3/11/2023 Exploit Author: parsa rezaie khiabanloo Vendor Homepage: https://www.se.com/ Version: all-versions Tested on: Windows/Linux/Android Attacker can using these dorks and...

TOTOLINK A7100RU 命令注入漏洞

The TOTOLINK A7100RU is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A7100RU suffers from a command injection vulnerability that stems from the enabled parameter of cgi-bin/cstecgi.cgi failing to properly filter constructed command special characters, commands, etc., whi...

Code injection

ABUS TVIP 20000-21150 devices allows remote attackers to execute arbitrary code via shell metacharacters in the /cgi-bin/mft/wirelessmft ap field...

SUSE CVE-2012-2104

cgi-bin/munin-cgi-graph in Munin 2.x writes data to a log file without sanitizing non-printable characters, which might allow user-assisted remote attackers to inject terminal emulator escape sequences and execute arbitrary commands or delete arbitrary files via a crafted HTTP request...