CVE-2024-36258

A stack-based buffer overflow vulnerability exists in the touchlistsync.cgi touchlistsync functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2024-34544

A command injection vulnerability exists in the wireless.cgi AddMac functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

WAVLINK AC3000 安全漏洞

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. A cross-site scripting vulnerability exists in the WAVLINK AC3000, which stems from the lack of effective filtering and escaping of user-supplied data in the login.cgi setlangCountryCode function, for which no detailed vulnerability...

WAVLINK AC3000 命令注入漏洞

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. A command injection vulnerability exists in the WAVLINK AC3000 M33A8.V5030.210505 version, which stems from the firewall.cgi iptablesWebsFilterRun function failing to correctly filter constructor command special characters, commands,...

PT-2026-3432

Name of the Vulnerable Software and Affected Versions Totolink LR350 version 9.3.5u.6369 B20220309 Description A flaw exists in the Totolink LR350 device. This issue is located within the setDiagnosisCfg function of the /cgi-bin/cstecgi.cgi file, part of the POST Request Handler component...

CVE-2024-43660

The CGI script .sh can be used to download any file on the filesystem. This issue affects Iocharger firmware for AC model chargers beforeversion 24120701. Likelihood: High, but credentials required. Impact: Critical – The script can be used to download any file on the filesystem, including...

CVE-2024-43663

There are many buffer overflow vulnerabilities present in several CGI binaries of the charging station.This issue affects Iocharger firmware for AC model chargers beforeversion 24120701. Likelihood: High – Given the prevalence of these buffer overflows, and the clear error message of the web...

CVE-2024-43660

The CVE-2024-43660 issue affects Iocharger AC model chargers running firmware before 24120701. A CGI script (.sh) can be abused to download arbitrary files from the device filesystem (e.g., /etc/shadow, script source, binaries, config files). Attack is network-exposed and can be executed with low...

CVE-2024-43663

CVE-2024-43663 describes buffer overflow vulnerabilities in several CGI binaries of Iocharger AC model charging stations. Affected firmware versions are before 24120701. Exploitation can occur over the network and may lead to remote code execution; the webserver may segfault and return 502, with ...

CVE-2024-43663 Buffer overflow vulnerabilities in CGI scripts lead to segfault

There are many buffer overflow vulnerabilities present in several CGI binaries of the charging station.This issue affects Iocharger firmware for AC model chargers beforeversion 24120701. Likelihood: High – Given the prevalence of these buffer overflows, and the clear error message of the web...

CVE-2024-43662 Authenticated arbitrary file upload to /tmp/ and /tmp/upload/

The .exe or .exe CGI binary can be used to upload arbitrary files to /tmp/upload/ or /tmp/ respectively as any user, although the user interface for uploading files is only shown to the iocadmin user. This issue affects Iocharger firmware for AC models before version 24120701. Likelihood: Moderat...

CVE-2024-43663 Buffer overflow vulnerabilities in CGI scripts lead to segfault

There are many buffer overflow vulnerabilities present in several CGI binaries of the charging station.This issue affects Iocharger firmware for AC model chargers beforeversion 24120701. Likelihood: High – Given the prevalence of these buffer overflows, and the clear error message of the web...

PT-2025-3384 · Totolink · Totolink X5000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK X5000R version V9.1.0cu.2350 B20230313 Description: The issue is related to the setVpnAccountCfg function, specifically the /web/cgi-bin/cstecgi.cgi endpoint, where the desc parameter is not properly sanitized, allowing an attacker t...

D-Link DIR-816 A2 安全漏洞

The D-Link DIR-816 A2 is a wireless router from China's AUO D-Link. An access control error vulnerability exists in D-Link DIR-816 A2 version 1.10CNB05R1B011D88210, which stems from improper access control in /goform/form2AdvanceSetup.cgi. An attacker can exploit this vulnerability to set the 2.4...

D-Link DIR-816 A2 安全漏洞

The D-Link DIR-816 A2 is a wireless router from China's AUO D-Link. An access control error vulnerability exists in D-Link DIR-816 A2 version 1.10CNB05R1B011D88210, which stems from improper access control in /goform/form2LocalAclEditcfg.cgi. An attacker can exploit this vulnerability to be able ...

PT-2025-49184

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.7 through 2.4.65 Description A flaw exists in Apache HTTP Server where a bypass of mod userdir+suexec is possible via the AllowOverride FileInfo functionality. Individuals with the ability to utilize the...

CVE-2024-12828

Webmin CGI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Webmin. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of CGI requests. The...

CVE-2024-12828

CVE-2024-12828 affects Webmin CGI handling, where unsanitized user input in CGI requests leads to command injection and remote code execution in the root context. The issue arises from improper validation before executing system calls. Public sources (including NVD, OSV, CIRCL, and related adviso...

CVE-2024-12828 Webmin CGI Command Injection Remote Code Execution Vulnerability

Webmin CGI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Webmin. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of CGI requests. The...

CVE-2024-12828 Webmin CGI Command Injection Remote Code Execution Vulnerability

Webmin CGI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Webmin. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of CGI requests. The...