CVE-2026-34790 Endian Firewall /cgi-bin/backup.cgi remove ARCHIVE Directory Traversal

Endian Firewall version 3.3.25 and prior allow authenticated users to delete arbitrary files via directory traversal in the remove ARCHIVE parameter to /cgi-bin/backup.cgi. The remove ARCHIVE parameter value is used to construct a file path without sanitization of directory traversal sequences,...

Endian Firewall 操作系统命令注入漏洞

Endian Firewall is a network security firewall system developed by Endian Corporation. Versions of Endian Firewall 3.3.25 and earlier contained a vulnerability related to operating system command injection. This vulnerability stemmed from incomplete regular expression validation for the DATE...

Endian Firewall 操作系统命令注入漏洞

Endian Firewall is a network security firewall system from Endian. An operating system command injection vulnerability exists in the Endian Firewall DATE parameter, which stems from incomplete regular expression validation of the DATE parameter in /cgi-bin/logsopenvpn.cgi, and can be exploited by...

PT-2026-29767

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the remark parameter to /cgi-bin/incoming.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

Endian Firewall 跨站脚本漏洞

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall REMARK parameter, which stems from improper handling of the REMARK parameter in /cgi-bin/openvpnclient.cgi, and can be exploited by an attacker to inject malicious...

PT-2026-29773

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the user parameter to /cgi-bin/proxyuser.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

TRENDnet TEW-657BRM 操作系统命令注入漏洞

TRENDnet TEW-657BRM is a WiFi router produced by the TRENDnet company. The version 1.00.1 of Trendnet TEW-657BRM has a vulnerability related to operating system command injection. This vulnerability stems from incorrect handling of parameters for the Edit function in the file /setup.cgi,...

PT-2026-29751

Name of the Vulnerable Software and Affected Versions Endian Firewall versions 3.3.25 and prior Description Endian Firewall versions 3.3.25 and earlier allow authenticated users to execute arbitrary OS commands via the DATE parameter to the '/cgi-bin/logs proxy.cgi' API endpoint. The DATE paramet...

CVE-2026-5312

CVE-2026-5312 affects D-Link DNS-1xx NAS models (e.g., DNS-120, DNS-320/320L/320LW/321, DNS-327L, DNS-1100-4, DNS-1550-04, among others) with the dsk_mgr.cgi Get_current_raidtype path. The vulnerability concerns the functions under /cgi-bin/dsk_mgr.cgi (including Get_Volume_Mapping, Get_current_r...

CVE-2026-5311 D-Link DNS-1550-04 file_center.cgi Webdav_Access_List access control

A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected is the function...

CVE-2026-5177

A weakness has been identified in Totolink A3300R 17.0.0cu.557b20221024. Affected by this vulnerability is the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument rxRate can lead to command injection. The attack may be launched remotely. The exploit...

EUVD-2026-17689

A vulnerability was identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The impacted element is the function...

PT-2026-29599

A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected is the function Webdav...

EUVD-2026-17663

A vulnerability was determined in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The affected element is the function...

EUVD-2026-17613

A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This vulnerability affects the function...

CVE-2026-5213

A vulnerability was determined in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The affected element is the function...

CVE-2026-5215 D-Link DNS-1550-04 network_mgr.cgi cgi_get_ipv6 access control

A vulnerability was identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The impacted element is the function...

CVE-2026-5214 D-Link DNS-1550-04 account_mgr.cgi cgi_addgroup_get_group_quota_minsize stack-based overflow

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Impacted is the function...

CVE-2026-5213 D-Link DNS-1550-04 account_mgr.cgi cgi_adduser_to_session stack-based overflow

A vulnerability was determined in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The affected element is the function...

CVE-2026-5212

The CVE-2026-5212 entry maps to a concrete stack-based buffer overflow in D-Link devices, affecting the Webdav_Upload_File function in /cgi-bin/webdav_mgr.cgi. The vulnerability is triggered by manipulating the f_file argument and allows remote exploitation. Affected devices include D-Link DNS-12...