CVE-2025-4271

A vulnerability was found in TOTOLINK A720R 4.1.5cu.374. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument topicurl with the input showSyslog leads to information disclosure. The attac...

Moderate: ruby:3.1 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: rexml: DoS vulnerability in REXML CVE-2024-39908 rexml: rubygem-rexml: DoS when parsing an XML having many specific characters suc...

Ubuntu: Security Advisory (USN-7442-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Exploit for OS Command Injection in Php

PHP-CGI Injector 🚀 CVE-2024-4577 & CVE-2024-8926 Exploit To...

CVE-2025-2097

CVE-2025-2097 affects TOTOLINK EX1800T (firmware 9.1.0cu.2112_B20220316). The vulnerability lies in the function setRptWizardCfg in /cgi-bin/cstecgi.cgi where manipulating the loginpass parameter causes a stack-based buffer overflow. Reports indicate the attack can be initiated remotely and that ...

CVE-2025-2095

A vulnerability classified as critical has been found in TOTOLINK EX1800T 9.1.0cu.2112B20220316. This affects the function setDmzCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to os command injection. It is possible to initiate the attack remotely. The exploit has...

Denial Of Service (DoS)

CGI is vulnerable to Denial of Service DoS. The vulnerability is due to the lack of a length limit on raw cookie values in the CGI::Cookie.parse method, allowing excessively large cookies to consume system resources...

PHP-CGI RCE Flaw Exploited in Attacks on Japan's Tech, Telecom, and E-Commerce Sectors

Threat actors of unknown provenance have been attributed to a malicious campaign predominantly targeting organizations in Japan since January 2025. "The attacker has exploited the vulnerability CVE-2024-4577, a remote code execution RCE flaw in the PHP-CGI implementation of PHP on Windows, to gai...

Regular Expression Denial Of Service (ReDoS)

CGI is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expression processing in the UtilescapeElement method, allowing an attacker to cause denial of service through excessive backtracking with crafted input...

Regular Expression Denial of Service (ReDoS)

Overview cgi is a Support for the Common Gateway Interface protocol. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the UtilescapeElement method. An attacker can cause high CPU consumption by providing malicious input. Details Denial of Service...

VulnCheck KEV: CVE-2024-40890

Multiple Zyxel DSL CPE devices contain a post-authentication command injection vulnerability in the CGI program that could allow an authenticated attacker to execute OS commands via a crafted HTTP request...

D-Link DIR-816 A2 安全漏洞

The D-Link DIR-816 A2 is a wireless router from China's AUO D-Link. An access control error vulnerability exists in D-Link DIR-816 A2 version 1.10CNB05R1B011D88210, which stems from improper access control in /goform/form2LocalAclEditcfg.cgi. An attacker can exploit this vulnerability to be able ...

The vulnerability in the inetipv6.cgi web interface of the DrayTek Vigor router software allows a attacker to trigger a Denial-of-Service Attack (DoS).

The vulnerability in the SSLapp.cgi web interface of the DrayTek Vigor router software lies in the overflow of buffers on the stack during the processing of the sIpv6AiccuUser parameter. Exploiting this vulnerability allows a remote attacker to trigger a Denial-of-Service attack...

The vulnerability in the genie_fix2.cgi microprogramming software for Netgear XR300, R7000P, and R6400 v2 allows a hacker to execute arbitrary commands.

The vulnerability of the geniefix2.cgi microprogramming software for Netgear XR300, R7000P, and R6400 v2 lies in the lack of measures taken to neutralize special elements used in the operating system’s commands when processing the wangateway parameter. Exploiting this vulnerability allows a remot...

NETGEAR R7000P 安全漏洞

The NETGEAR R7000P is a wireless router from NETGEAR. A buffer overflow vulnerability exists in NETGEAR R7000P v1.3.3.154, which originates from the l2tpusernetmask parameter in the l2tp.cgi component that fails to correctly validate the length of the input data, and can be exploited by a remote...

Fedora: Security Advisory (FEDORA-2024-2b429e720e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the CGI function in D-Link router microprogramming devices such as DI-7003GV2, DI-7100G+V2, DI-7100GV2, DI-7200GV2, DI-7300G+V2, and DI-7400G+V2 allows attackers to execute arbitrary commands.

The vulnerability of the CGI function in D-Link router microprogramming devices such as DI-7003GV2, DI-7100G+V2, DI-7100GV2, DI-7200GV2, DI-7300G+V2, and DI-7400G+V2 lies in insufficient checking of arguments passed in commands. Exploiting this vulnerability allows a remote attacker to execute...

The vulnerability of the CGI function in D-Link router microprogramming devices such as DI-7003GV2, DI-7100G+V2, DI-7100GV2, DI-7200GV2, DI-7300G+V2, and DI-7400G+V2 allows attackers to execute arbitrary commands.

The vulnerability of the CGI function in D-Link router microprogramming devices such as DI-7003GV2, DI-7100G+V2, DI-7100GV2, DI-7200GV2, DI-7300G+V2, and DI-7400G+V2 exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this...

CVE-2024-46557

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfileName parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

The vulnerability of CGI microprogramming software for network devices such as Zyxel ATP, USG FLEX, and USG FLEX 50(W)/USG20(W)-VPN allows a hacker to cause service interruptions.

The vulnerability of CGI microprogramming software for network devices such as Zyxel ATP, USG FLEX, and USG FLEX 50W/USG20W-VPN lies in the copying of buffers without checking the size of the input data. Exploiting this vulnerability allows an attacker to cause service interruptions by sending a...