CVE-2024-57049

A vulnerability in the TP-Link Archer c20 router with firmware version V6.6230412 and earlier permits unauthorized individuals to bypass the authentication of some interfaces under the /cgi directory. When adding Referer: http://tplinkwifi.net to the the request, it will be recognized as passing...

CVE-2024-57049

A vulnerability in the TP-Link Archer c20 router with firmware version V6.6230412 and earlier permits unauthorized individuals to bypass the authentication of some interfaces under the /cgi directory. When adding Referer: http://tplinkwifi.net to the the request, it will be recognized as passing...

CVE-2024-57050

...

PT-2025-6736

Name of the Vulnerable Software and Affected Versions TP-Link Archer C20 router versions V6.6 230412 and earlier Description A vulnerability in the TP-Link Archer C20 router permits unauthorized individuals to bypass the authentication of some interfaces under the /CGI directory. By adding a...

PT-2025-6737 · Tp Link · Tp-Link Wr840N V6

Name of the Vulnerable Software and Affected Versions: TP-Link WR840N versions 0.9.1 4.16 and earlier Description: The issue is related to a lack of proper authentication procedure in the TP-Link WR840N router's firmware, allowing unauthorized individuals to bypass security restrictions. This can...

CVE-2024-57049

A vulnerability in the TP-Link Archer c20 router with firmware version V6.6230412 and earlier permits unauthorized individuals to bypass the authentication of some interfaces under the /cgi directory. When adding Referer: http://tplinkwifi.net to the the request, it will be recognized as passing...

CVE-2024-57049

CVE-2024-57049 affects the TP-Link Archer C20 router (firmware versions up to V6.6_230412 and earlier). The vulnerability allows unauthenticated access to certain interfaces under the /cgi directory by including a Referer header with the value http://tplinkwifi.net, which the device erroneously t...

CVE-2021-46686

CVE-2021-46686 affects acmailer CGI (versions ≤ 4.0.3) and acmailer DB (versions ≤ 1.1.5). The issue is an OS command injection (CWE-78) due to improper neutralization of special elements in OS command handling, allowing an attacker to execute arbitrary commands on the affected system. Affected p...

CVE-2021-46686

Improper neutralization of special elements used in an OS command 'OS Command Injection' issue exists in acmailer CGI ver.4.0.3 and earlier and acmailer DB ver.1.1.5 and earlier. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker...

CVE-2025-1340

A vulnerability classified as critical has been found in TOTOLINK X18 9.1.0cu.2024B20220329. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi. The manipulation as part of String leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit...

acmailer CGI and acmailer DB vulnerable to OS command injection

Overview acmailer CGI and acmailer DB provided by Extra Innovation Inc. contain an OS command injection vulnerability CWE-78. Extra Innovation Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Extra Innovation Inc. coordinated under the...

SUSE CVE-2024-4577

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may...

SUSE CVE-2024-8927

In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, HTTPREDIRECTSTATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP...

JVN#96957439: acmailer CGI and acmailer DB vulnerable to OS command injection

acmailer CGI and acmailer DB provided by Extra Innovation Inc. contain an OS command injection vulnerability CWE-78. Impact An arbitrary OS command may be executed by an attacker. Solution Update the software Update the software to the latest version according to the information provided by the...

CVE-2023-49780

Cross-site scripting vulnerability exists in acmailer CGI ver.4.0.5 and earlier. An arbitrary script may be executed on the web browser of the user who accessed the management page of the affected product...

CVE-2023-49780

Cross-site scripting vulnerability exists in acmailer CGI ver.4.0.5 and earlier. An arbitrary script may be executed on the web browser of the user who accessed the management page of the affected product...

CVE-2023-49780

Cross-site scripting vulnerability exists in acmailer CGI ver.4.0.5 and earlier. An arbitrary script may be executed on the web browser of the user who accessed the management page of the affected product...

CVE-2023-49780

CVE-2023-49780 is a cross-site scripting vulnerability in acmailer CGI versions 4.0.5 and earlier. The issue allows an arbitrary script to run in the web browser of users who access the management page. Affected product: acmailer CGI supplied by Extra Innovation Inc. Root cause: reflected/stored ...

Extra Innovation acmailer CGI 跨站脚本漏洞

Extra Innovation acmailer CGI is an application from Extra Innovation, Inc. It is possible to use the email delivery CGI for free. A cross-site scripting vulnerability exists in Extra Innovation acmailer CGI version 4.0.5 and prior versions, which stems from the inclusion of a cross-site scriptin...

VulnCheck KEV: CVE-2024-2353

A vulnerability, which was classified as critical, has been found in Totolink X6000R 9.4.0cu.85220230719. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation of the argument ip leads to os command injection. The attack may be...