Command injection

A vulnerability has been found in WAVLINK WN535K2 and WN535K3 and classified as critical. This vulnerability affects unknown code of the file /cgi-bin/nightled.cgi. The manipulation of the argument starthour leads to os command injection. The exploit has been disclosed to the public and may be us...

Command injection

A vulnerability, which was classified as critical, was found in WAVLINK WN535K2 and WN535K3. This affects an unknown part of the file /cgi-bin/mesh.cgi?page=upgrade. The manipulation of the argument key leads to os command injection. The exploit has been disclosed to the public and may be used...

CVE-2022-2488

Summary: CVE-2022-2488 affects WAVLINK WN535K2 and WN535K3 routers. The issue is an OS command injection in the web endpoint /cgi-bin/touchlist_sync.cgi triggered by manipulating the IP parameter. Affected software: WAVLINK WN535K2/WN535K3 (router firmware). Root cause / vulnerability detail (as ...

CVE-2022-2486 WAVLINK WN535K2/WN535K3 os command injection

A vulnerability, which was classified as critical, was found in WAVLINK WN535K2 and WN535K3. This affects an unknown part of the file /cgi-bin/mesh.cgi?page=upgrade. The manipulation of the argument key leads to os command injection. The exploit has been disclosed to the public and may be used...

CVE-2022-2488

A vulnerability was found in WAVLINK WN535K2 and WN535K3 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/touchlistsync.cgi. The manipulation of the argument IP leads to os command injection. The exploit has been disclosed to the public and may be used...

Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) Remote Root Exploit

Summary SpaceLogic C-Bus Home Automation System Lighting control and automation solutions for buildings of the future, part of SpaceLogic. SpaceLogic C-Bus is a powerful, fully integrated system that can control and automate lighting and many other electrical systems and products. The SpaceLogic...

CVE-2022-34540

Digital Watchdog DW MEGApix IP cameras A7.2.220211029 was discovered to contain a command injection vulnerability in the component /admin/vca/license/licensetok.cgi. This vulnerability is exploitable via a crafted POST request...

CVE-2022-2030

A directory traversal vulnerability caused by specific character sequences within an improperly sanitized URL was identified in some CGI programs of Zyxel USG FLEX 100W firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 throu...

CVE-2022-2030

CVE-2022-2030 describes an authenticated directory traversal in Zyxel firewall/USG/ZyWALL CGI programs. Affected products/versions include Zyxel USG FLEX 100(W) (4.50–5.30), USG FLEX 200 (4.50–5.30), USG FLEX 500 (4.50–5.30), USG FLEX 700 (4.50–5.30), USG FLEX 50(W) (4.16–5.30), USG20(W)-VPN (4.1...

Digital Watchdog DW MEGApix IP 跨站脚本漏洞

Digital Watchdog DW MEGApix IP is a camera from Digital Watchdog. A security vulnerability exists in Digital Watchdog DW MEGApix IP cameras version A7.2.220211029, which stems from a security issue in the component biaoneshot.cgi...

[SECURITY] Fedora 36 Update: php-8.1.8-1.fc36

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

Dingtian DT-R002 2CH 安全漏洞

The Dingtian DT-R002 2CH is a repeater device from Dingtian China. A security vulnerability exists in version 3.1.276A of the Dingtian DT-R002 2CH repeater device firmware, which stems from its relaycgi.cgi component that allows an attacker to replay HTTP post requests without authentication or a...

U.S. Dept Of Defense: an internel important paths disclosure [HtUS]

Summary: i found CGI script environment variable disclosure an important paths Steps To Reproduce: 1. visit this link : https://███ 2. look at poc pic you should restrict this quickly Impact this is so dangerous because attacker now know an internal paths and this juicy information as u can see i...

WAVLINK WN579 X3 Information Disclosure Vulnerability (CNVD-2022-61036)

The WAVLINK WN579 X3 is a wireless router from the Chinese company WAVLINK. An information disclosure vulnerability exists in WAVLINK WN579 X3 M79X3.V5030.180719 version, which originates from improper authorization management in /cgi-bin/ExportAllSettings.sh. An attacker can exploit this...

[SECURITY] Fedora 36 Update: php-8.1.7-1.fc36

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

CVE-2017-20049

A vulnerability, was found in legacy Axis devices such as P3225 and M3005. This affects an unknown part of the component CGI Script. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely...

Design/Logic Flaw

A vulnerability, was found in legacy Axis devices such as P3225 and M3005. This affects an unknown part of the component CGI Script. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely...

CVE-2017-20049

A vulnerability, was found in legacy Axis devices such as P3225 and M3005. This affects an unknown part of the component CGI Script. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely...

CVE-2017-20049

Axis legacy network cameras (P3225, M3005) are affected by CVE-2017-20049 due to a flaw in an unspecified part of the CGI Script, causing improper privilege management. The vulnerability can be triggered remotely, enabling an attacker to exploit the issue without user interaction. No explicit roo...

PT-2022-7922 · Axis · Axis Device

Name of the Vulnerable Software and Affected Versions: Axis devices affected versions not specified Description: A vulnerability was found in legacy Axis devices, affecting an unknown part of the component CGI Script. The manipulation leads to improper privilege management, and it is possible to...