The vulnerability in the genie_fix2.cgi microprogramming software for NETGEAR EX6120 allows a hacker to execute arbitrary commands.

The vulnerability of the geniefix2.cgi microprogramming software for NETGEAR EX6120 routers is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands using the wandns1pri parameter...

CLSA-2024-1729628764 php: Fix of CVE-2024-8927

CVE-2024-8927: Fix bypass of cgi.forceredirect configuration...

CLSA-2024-1729628500 php: Fix of CVE-2024-8927

CVE-2024-8927: Fix bypass of cgi.forceredirect configuration...

CLSA-2024-1729627812 Fix CVE(s): CVE-2024-8927

SECURITY UPDATE: insecure configuration vulnerability - debian/patches/CVE-2024-8927.patch: fix bypass of cgi.forceredirect configuration - CVE-2024-8927...

CLSA-2024-1729626489 php: Fix of CVE-2024-8927

CVE-2024-8927: Fix bypass of cgi.forceredirect configuration...

The vulnerability of the SetPortForwardingSettings() function in the prog.cgi script of D-Link DIR-878 and DIR-882 router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the SetPortForwardingSettings function in the prog.cgi script of D-Link DIR-878 and DIR-882 routers exists because measures to neutralize special elements used in operating system commands are not taken. Exploiting this vulnerability allows a malicious actor to execute...

The vulnerability of the SetVLANSettings() function in the prog.cgi script of D-Link DIR-878 and DIR-882 routers allows a hacker to execute arbitrary commands.

The vulnerability of the SetVLANSettings function in the prog.cgi script of D-Link DIR-878 and DIR-882 routers exists due to the failure to take measures to neutralize special elements used in operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary...

Security update for php7

This update for php7 fixes the following issues: CVE-2024-8925: Fixed erroneous parsing of multipart form data in HTTP POST requests leads to legitimate data not being processed bsc1231360 CVE-2024-8927: Fixed cgi.forceredirect configuration is bypassable due to an environment variable collision...

SUSE-SU-2024:3733-1 Security update for php7

This update for php7 fixes the following issues: - CVE-2024-8925: Fixed erroneous parsing of multipart form data in HTTP POST requests leads to legitimate data not being processed bsc1231360 - CVE-2024-8927: Fixed cgi.forceredirect configuration is bypassable due to an environment variable...

Security update for php74

This update for php74 fixes the following issues: CVE-2024-8925: Fixed erroneous parsing of multipart form data in HTTP POST requests leads to legitimate data not being processed bsc1231360 CVE-2024-8927: Fixed cgi.forceredirect configuration is bypassable due to an environment variable collision...

CLSA-2024-1729198655 php: Fix of 2 CVEs

CVE-2024-9026: Fix log tampering in PHP-FPM - CVE-2024-8927: Fix bypass of cgi.forceredirect configuration...

SUSE-SU-2024:3664-1 Security update for php8

This update for php8 fixes the following issues: - CVE-2024-8925: Fixed erroneous parsing of multipart form data in HTTP POST requests leads to legitimate data not being processed bsc1231360 - CVE-2024-8927: Fixed cgi.forceredirect configuration is bypassable due to an environment variable...

MitraStar GPT-2541GNAC 操作系统命令注入漏洞

The MitraStar GPT-2541GNAC is a router from China-based MitraStar. The MitraStar GPT-2541GNAC suffers from an operating system command injection vulnerability that originates in the Firewall Settings Page component of /cgi-bin/settings-firewall.cgi that contains a command injection vulnerability...

CVE-2024-35518

Netgear EX6120 v1.0.0.68 is vulnerable to Command Injection in geniefix2.cgi via the wandns1pri parameter...

CVE-2024-35518

Netgear EX6120 v1.0.0.68 is vulnerable to Command Injection in geniefix2.cgi via the wandns1pri parameter...

Unspecified Vulnerability in NETGEAR EX3700 (CNVD-2024-41044)

NETGEAR EX3700 is a wireless network signal extender from NETGEAR. A security vulnerability exists in the NETGEAR EX3700 prior to version 1.0.0.98, which originates from an authenticated command injection of the apmode parameter in workingmode.cgi. No details of the vulnerability are available at...

CVE-2024-35518

CVE-2024-35518 affects Netgear EX6120 v1.0.0.68. The vulnerability is a command injection in the genie_fix2.cgi script via the wan_dns1_pri parameter, enabling arbitrary command execution. Public sources (CNVD/CNNVD/NVD) corroborate the flaw in the same version. CVSS details in the NVD/CVE record...

CVE-2024-35518

Netgear EX6120 v1.0.0.68 is vulnerable to Command Injection in geniefix2.cgi via the wandns1pri parameter...

CVE-2024-35518

Netgear EX6120 v1.0.0.68 is vulnerable to Command Injection in geniefix2.cgi via the wandns1pri parameter...

DrayTek Vigor 3900 安全漏洞

DrayTek Vigor 3900 is a high performance router for enterprise networks from China DrayTek. A security vulnerability exists in the DrayTek Vigor 3900 version 1.5.1.3. An attacker can exploit this vulnerability to inject malicious commands into mainfunction.cgi and execute arbitrary commands by...