CVE-2025-69700

Tenda FH1203 V2.0.1.6 contains a stack-based buffer overflow vulnerability in the modifyaddclientprio function, which is reachable via the formSetClientPrio CGI handler...

CVE-2025-67445

TOTOLINK X5000R V9.1.0cu.2415B20250515 contains a denial-of-service vulnerability in /cgi-bin/cstecgi.cgi. The CGI reads the CONTENTLENGTH environment variable and allocates memory using malloc CONTENTLENGTH + 1 without sufficient bounds checking. When lighttpd s request size limit is not enforce...

CVE-2025-69700

Tenda FH1203 V2.0.1.6 contains a stack-based buffer overflow vulnerability in the modifyaddclientprio function, which is reachable via the formSetClientPrio CGI handler...

CVE-2026-2686

A security vulnerability has been detected in SECCN Dingcheng G10 3.1.0.181203. This impacts the function qq of the file /cgi-bin/sessionlogin.cgi. The manipulation of the argument User leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclose...

CVE-2026-2566

A security vulnerability has been detected in Wavlink WL-NU516U1 up to 130/260. This affects the function sub406194 of the file /cgi-bin/adm.cgi. Such manipulation of the argument firmwareurl leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed...

CVE-2026-2528

Summary: CVE-2026-2528 affects Wavlink WL-WN579A3 up to 20210219. The vulnerable component is the function Delete_Mac_list in /cgi-bin/wireless.cgi, where manipulating the delete_list argument enables command injection. Remote exploitation is possible and exploits are publicly available; vendor h...

CVE-2026-2167

CVE-2026-2167 affects Totolink WA300 with firmware 5.2cu.7112_B20190227. The vulnerability lies in the setAPNetwork function in /cgi-bin/cstecgi.cgi where unfiltered Ipaddr input enables OS command injection. Exploitation can be performed remotely and public exploit exists. Multiple connected sou...

CVE-2026-24936

When a specific function is enabled while joining a AD Domain from ADM, an improper input parameters validation vulnerability in a specific CGI program allowing an unauthenticated remote attacker to write arbitrary data to any file on the system. By exploiting this vulnerability, attackers can...

CVE-2026-24936

When a specific function is enabled while joining a AD Domain from ADM, an improper input parameters validation vulnerability in a specific CGI program allowing an unauthenticated remote attacker to write arbitrary data to any file on the system. By exploiting this vulnerability, attackers can...

CVE-2026-1326 Totolink NR1800X POST Request cstecgi.cgi setWanCfg command injection

A weakness has been identified in Totolink NR1800X 9.1.0u.6279B20210910. This vulnerability affects the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. This manipulation of the argument Hostname causes command injection. The attack can be initiated...

MiracleLinux 8 : ruby:3.0 (AXSA:2024-8502:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8502:01 advisory. ruby/cgi-gem: HTTP response splitting in CGI CVE-2021-33621 ruby: ReDoS vulnerability in URI CVE-2023-28755 ruby: ReDoS vulnerability in Time...

MiracleLinux 8 : ruby:3.1 (AXSA:2024-7629:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7629:01 advisory. ruby/cgi-gem: HTTP response splitting in CGI CVE-2021-33621 ruby: ReDoS vulnerability in URI CVE-2023-28755 ruby: ReDoS vulnerability - upstream's...

MiracleLinux 8 : ruby:2.7 (AXSA:2023-6217:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6217:01 advisory. ruby/cgi-gem: HTTP response splitting in CGI CVE-2021-33621 ruby: ReDoS vulnerability in URI CVE-2023-28755 ruby: ReDoS vulnerability in Time...

MiracleLinux 8 : ruby:2.5 (AXSA:2024-7342:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7342:01 advisory. ruby/cgi-gem: HTTP response splitting in CGI CVE-2021-33621 ruby: Buffer overrun in String-to-Float conversion CVE-2022-28739 ruby: ReDoS...

CVE-2026-1143

A weakness has been identified in TOTOLINK A3700R 9.1.2u.5822B20200513. This affects the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument ssid can lead to buffer overflow. The attack may be launched remotely. The exploit has been made availab...

MiracleLinux 3 : php-5.1.6-34.0.1.AXS3 (AXSA:2012-548:04)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2012-548:04 advisory. PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in...

MiracleLinux 8 : ruby:3.1 (AXSA:2025-9940:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9940:01 advisory. rexml: DoS vulnerability in REXML CVE-2024-39908 rexml: rubygem-rexml: DoS when parsing an XML having many specific characters such as whitespace...

CVE-2023-31729

TOTOLINK A3300R v17.0.0cu.557 is vulnerable to Command Injection via /cgi-bin/cstecgi.cgi...

CVE-1999-0148

The handler CGI program in IRIX allows arbitrary command execution...

Exploit for OS Command Injection in Php

CVE-2024-4577 - PHP CGI Argument Injection Detection Lab A co...