The vulnerability of CGI microprogramming software for network devices such as Zyxel ATP, USG FLEX, and USG FLEX 50(W)/USG20(W)-VPN allows a hacker to cause service interruptions.

The vulnerability of CGI microprogramming software for network devices such as Zyxel ATP, USG FLEX, and USG FLEX 50W/USG20W-VPN lies in the copying of buffers without checking the size of the input data. Exploiting this vulnerability allows an attacker to cause service interruptions by sending a...

D-Link多款产品 安全漏洞

D-Link DI-7003G and others are a wireless router from China-based AUO D-Link. A security vulnerability exists in various D-Link products. An attacker can exploit the vulnerability to achieve arbitrary command execution by sending a specially crafted string to the CGI function responsible for...

TOTOLINK AC1200 安全漏洞

TOTOLINK AC1200 is a dual-band Wi-Fi router from China's Gion Electronics TOTOLINK. The TOTOLINK AC1200 suffers from a buffer overflow vulnerability that originates from the parameter desc in the file /cgi-bin/cstecgi.cgi that can cause a buffer overflow. An attacker can exploit this vulnerabilit...

CVE-2024-7909

A vulnerability has been found in TOTOLINK EX1200L 9.3.5u.6146B20201023 and classified as critical. Affected by this vulnerability is the function setLanguageCfg of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument langType leads to stack-based buffer overflow. The attack can be...

Tosei Online Store Management System 命令注入漏洞

Tosei Online Store Management System is an online store management system from Tosei Corporation. A command injection vulnerability exists in Tosei Online Store Management System versions 4.02, 4.03, and 4.04, which stems from the parameter kikaibangou in the file /cgi-bin/toseikikai.php that can...

PT-2024-6509 · Totolink · Totolink X5000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK X5000r version 9.1.0cu.2350 b20230313 Description: The issue is related to an OS command injection vulnerability in the setModifyVpnUser function, located in the /cgi-bin/cstecgi.cgi file. This vulnerability can be exploited by...

CVE-2024-42747

In TOTOLINK X5000r v9.1.0cu.2350b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWanIeCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands...

CVE-2024-7186

A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182B20201102. It has been classified as critical. This affects the function setWiFiAclAddConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument comment leads to buffer overflow. It is possible to initiate the attack remotely...

The vulnerability in the implementation of the export-cgi and fileUpload-cgi scripts allows a hacker to circumvent security restrictions and execute arbitrary code. This vulnerability affects the backup and configuration restoration functions of the Zyxel NAS326 and Zyxel NAS542 network storage devices.

The vulnerability of the export-cgi and fileupload-cgi implementations of the backup and configuration restoration functions for Zyxel NAS326 and Zyxel NAS542 network storage devices is related to the unlimited loading of dangerous files. Exploiting this vulnerability allows an attacker to bypass...

CVE-2024-38896

CVE-2024-38896 affects WAVLINK WN551K1 routers. The vulnerability is a command injection in the start_hour parameter of /cgi-bin/nightled.cgi. According to the records, the CVSSv3.1 vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N, with a base score of 5.3 (Medium). Impact is limited to con...

Exploit for OS Command Injection in Php

PHP RCE PoC CVE-2024-4577: Argument Injection in PHP-CGI...

Oracle Linux 9 : ruby:3.1 (ELSA-2024-3668)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3668 advisory. ruby 3.1.5-144 - Upgrade to Ruby 3.1.5. Resolves: RHEL-33978 - Fix buffer overread vulnerability in StringIO. Resolves: RHEL-34129 - Fix RCE...

CVE-2024-36729

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action wizardipv6 with a sufficiently long reboottype key...

CVE-2023-51621

D-Link DIR-X3260 prog.cgi SetDeviceSettings Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this...

Peplink Smart Reader web interface /cgi-bin/upload_config.cgi data integrity vulnerability

Talos Vulnerability Report TALOS-2023-1866 Peplink Smart Reader web interface /cgi-bin/uploadconfig.cgi data integrity vulnerability April 17, 2024 CVE Number CVE-2023-45744 SUMMARY A data integrity vulnerability exists in the web interface /cgi-bin/uploadconfig.cgi functionality of Peplink Smart...

CVE-2024-1001

A vulnerability classified as critical has been found in Totolink N200RE 9.3.5u.6139B20201216. Affected is the function main of the file /cgi-bin/cstecgi.cgi. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the...

PT-2024-1320 · Totolink · Totolink N200Re

Name of the Vulnerable Software and Affected Versions: Totolink N200RE version 9.3.5u.6139 B20201216 Description: A critical vulnerability has been found, affecting the main function of the /cgi-bin/cstecgi.cgi file. This issue leads to a stack-based buffer overflow, which can be exploited...

TOTOLINK LR1200GB 操作系统命令注入漏洞

The TOTOLINK LR1200GB is a wireless dual-band 4GLTE router from China's Gion Electronics TOTOLINK that supports 2.4GHz and 5GHz dual-band networks, and is primarily used to provide mobile broadband connectivity and Wi-Fi coverage. The TOTOLINK LR1200GB suffers from an operating system command...

Command injection

A vulnerability was found in Totolink X5000R 9.1.0cu.2300B20230112. It has been rated as critical. This issue affects the function...

Important: ruby

Issue Overview: The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object. CVE-2021-33621 Affected Packages:...