PT-2026-21641

A null pointer dereference vulnerability in the IP settings CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50ABPM.9.6C0 and the Zyxel WX3100-T0 firmware versions through 5.50ABVL.4.8C0 could allow an authenticated attacker with administrator privileges to trigger a...

PT-2026-21621

A null pointer dereference vulnerability in the certificate downloader CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50ABPM.9.6C0 and the Zyxel WX3100-T0 firmware versions through 5.50ABVL.4.8C0 could allow an authenticated attacker with administrator privileges to trigger a...

PT-2026-21642

A null pointer dereference vulnerability in the Wake-on-LAN CGI program of the Zyxel VMG3625-T50B firmware version through 5.50ABPM.9.6C0 and the Zyxel WX3100-T0 firmware versions through 5.50ABVL.4.8C0 could allow an authenticated attacker with administrator privileges to trigger a...

Zyxel VMG3625-T50B和Zyxel WX3100-T0 代码问题漏洞

Both Zyxel VMG3625-T50B and Zyxel WX3100-T0 are products of the Chinese company Zyxel. Zyxel VMG3625-T50B is a Wi-Fi device. Zyxel WX3100-T0 is a wireless bridge. There are code vulnerabilities in versions of Zyxel VMG3625-T50B 5.50ABPM.9.6C0 and earlier, as well as Zyxel WX3100-T0 5.50ABVL.4.8C0...

CVE-2025-67445

TOTOLINK X5000R V9.1.0cu.2415B20250515 contains a denial-of-service vulnerability in /cgi-bin/cstecgi.cgi. The CGI reads the CONTENTLENGTH environment variable and allocates memory using malloc CONTENTLENGTH + 1 without sufficient bounds checking. When lighttpd s request size limit is not enforce...

Zyxel VMG3625-T50B和Zyxel WX3100-T0 代码问题漏洞

Both Zyxel VMG3625-T50B and Zyxel WX3100-T0 are products of the Chinese company Zyxel. Zyxel VMG3625-T50B is a Wi-Fi device. Zyxel WX3100-T0 is a wireless bridge. There are code vulnerabilities in versions of Zyxel VMG3625-T50B 5.50ABPM.9.6C0 and earlier, as well as Zyxel WX3100-T0 5.50ABVL.4.8C0...

PT-2026-21645

Name of the Vulnerable Software and Affected Versions Zyxel VMG3625-T50B firmware versions through 5.50ABPM.9.7C0 Description A post-authentication command injection exists in the TR-369 certificate download CGI program. An authenticated attacker with administrator privileges could execute...

httpd: Apache HTTP Server: mod_userdir+suexec bypass via AllowOverride FileInfo

A permissions bypass flaw has been discovered in the apache HTTP server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid...

httpd: Apache HTTP Server: CGI environment variable override

A configuration override flaw has been discovered in the apache HTTP server. Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server...

httpd: Apache HTTP Server: mod_userdir+suexec bypass via AllowOverride FileInfo

A permissions bypass flaw has been discovered in the apache HTTP server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid...

httpd: Apache HTTP Server: CGI environment variable override

A configuration override flaw has been discovered in the apache HTTP server. Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server...

CVE-2025-69700

Tenda FH1203 V2.0.1.6 contains a stack-based buffer overflow vulnerability in the modifyaddclientprio function, which is reachable via the formSetClientPrio CGI handler...

CVE-2025-69700

CVE-2025-69700 affects Tenda FH1203 V2.0.1.6. The vulnerability is a stack-based buffer overflow in the function modify_add_client_prio, reachable via the formSetClientPrio CGI handler. CVSSv3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (Network attack, low complexity, no user interaction, high impact...

CVE-2026-2944

A security flaw has been discovered in Tosei Online Store Management System ネット店舗管理システム 1.01. Affected is the function system of the file /cgi-bin/monitor.php of the component HTTP POST Request Handler. Performing a manipulation of the argument DevId results in os command injection. The attack ma...

CVE-2026-2930

A vulnerability was identified in Tenda A18 15.13.07.13. The affected element is the function webCgiGetUploadFile of the file /cgi-bin/UploadCfg of the component Httpd Service. Such manipulation of the argument boundary leads to stack-based buffer overflow. The attack can be executed remotely. Th...

CVE-2021-35402

PROLiNK PRC2402M 20190909 before 2021-06-13 allows liveapi.cgi?page=satellitelist OS command injection via shell metacharacters in the ip parameter for satellitestatus...

CVE-2026-2686

A security vulnerability has been detected in SECCN Dingcheng G10 3.1.0.181203. This impacts the function qq of the file /cgi-bin/sessionlogin.cgi. The manipulation of the argument User leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclose...

CVE-2026-2670 Advantech WISE-6610 Background Management openvpn_apply os command injection

A vulnerability was identified in Advantech WISE-6610 1.2.120251110. Affected is an unknown function of the file /cgi-bin/luci/admin/openvpnapply of the component Background Management. Such manipulation of the argument deletefile leads to os command injection. The attack can be executed remotely...

CVE-2026-2615

A flaw has been found in Wavlink WL-NU516U1 up to 20251208. The affected element is the function singlePortForwardDelete of the file /cgi-bin/firewall.cgi. Executing a manipulation of the argument delflag can lead to command injection. The attack may be launched remotely. The exploit has been...

CVE-2026-2535

A vulnerability was found in Comfast CF-N1 V2 2.6.0.2. The impacted element is the function sub44AB9C of the file /cgi-bin/mbox-config?method=SET=ptestchannel. The manipulation of the argument channel results in command injection. The attack can be launched remotely. The exploit has been made...