Improper Neutralization

Apache HTTP Server is vulnerable to Improper Neutralization. The vulnerability is due to environment variables set via Apache configuration improperly overriding server-calculated CGI variables, which allows an attacker to influence CGI execution by injecting or manipulating control sequences...

Authentication Bypass

Apache HTTP Server is vulnerable to Authentication Bypass. The vulnerability is due to improper handling of the RequestHeader directive via AllowOverride FileInfo in .htaccess, which allows an attacker to cause CGI scripts to execute under an unexpected user ID...

CVE-2025-70545

A stored cross-site scripting XSS vulnerability exists in the web management interface of the PPC Belden ONT 2K05X router running firmware v1.1.9206L. The Common Gateway Interface CGI component improperly handles user-supplied input, allowing a remote, unauthenticated attacker to inject arbitrary...

CVE-2026-24936

When a specific function is enabled while joining a AD Domain from ADM, an improper input parameters validation vulnerability in a specific CGI program allowing an unauthenticated remote attacker to write arbitrary data to any file on the system. By exploiting this vulnerability, attackers can...

CVE-2025-70545

CVE-2025-70545 describes a stored XSS in the web management CGI of the Belden PPC ONT 2K05X router (firmware v1.1.9_206L). The vulnerability arises from improper handling of user input, enabling a remote, unauthenticated attacker to inject JavaScript that is persistently stored and executed when ...

CVE-2020-37093

Netis E1+ 1.2.32533 is affected by an information-disclosure vulnerability exposed via the netcore_get.cgi endpoint. An unauthenticated attacker can issue a GET request to netcore_get.cgi and retrieve sensitive wireless credentials, including SSID and WiFi passwords, in plain text. The issue is s...

CVE-2026-24936

When a specific function is enabled while joining a AD Domain from ADM, an improper input parameters validation vulnerability in a specific CGI program allowing an unauthenticated remote attacker to write arbitrary data to any file on the system. By exploiting this vulnerability, attackers can...

CVE-2026-24936

When a specific function is enabled while joining a AD Domain from ADM, an improper input parameters validation vulnerability in a specific CGI program allowing an unauthenticated remote attacker to write arbitrary data to any file on the system. By exploiting this vulnerability, attackers can...

CVE-2026-24936

CVE-2026-24936 affects ASUSTOR ADM: an improper input parameter validation flaw in a CGI program when a specific function is enabled during AD Domain join allows an unauthenticated remote attacker to write arbitrary data to any file, potentially leading to complete system compromise. Affected: AD...

PT-2026-5771

Name of the Vulnerable Software and Affected Versions ASUSTOR ADM versions 4.1.0 through 4.3.3.ROF1 ASUSTOR ADM versions 5.0.0 through 5.1.1.RCI1 Description An improper input parameters validation issue exists in a specific CGI program when a particular function is enabled during Active Director...

CVE-2026-1742

A vulnerability was identified in EFM ipTIME A8004T 14.18.2. Affected by this vulnerability is the function commitvpnclifileupload of the file /cgi/timepro.cgi of the component VPN Service. Such manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit i...

CVE-2026-1742

A vulnerability was identified in EFM ipTIME A8004T 14.18.2. Affected by this vulnerability is the function commitvpnclifileupload of the file /cgi/timepro.cgi of the component VPN Service. Such manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit i...

CVE-2026-1740

A vulnerability was found in EFM ipTIME A8004T 14.18.2. This impacts the function httpconchecksessionurl of the file /cgi/timepro.cgi of the component Hidden Hiddenloginsetup Interface. The manipulation results in improper authentication. The attack may be performed from remote. The exploit has...

CVE-2026-1623

A weakness has been identified in Totolink A7000R 4.1cu.4154. Impacted is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument FileName causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and...

CVE-2026-1623 Totolink A7000R cstecgi.cgi setUpgradeFW command injection

A weakness has been identified in Totolink A7000R 4.1cu.4154. Impacted is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument FileName causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and...

EUVD-2026-4972

A weakness has been identified in Totolink A7000R 4.1cu.4154. The impacted element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument FileName can lead to command injection. The attack can be launched remotely. The exploit has been made...

CVE-2026-1548

A flaw has been found in Totolink A7000R 4.1cu.4154. This impacts the function CloudACMunualUpdateUserdata of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument url causes command injection. The attack can be initiated remotely. The exploit has been published and may be used...

CVE-2026-1548

Totolink A7000R 4.1cu.4154 is affected by CVE-2026-1548 through the CloudACMunualUpdateUserdata function in /cgi-bin/cstecgi.cgi. Manipulating the url argument enables remote command injection, with exploits published and potential for active use. Remediation guidance appears to be updating to a ...

CVE-2026-1548 Totolink A7000R cstecgi.cgi CloudACMunualUpdateUserdata command injection

A flaw has been found in Totolink A7000R 4.1cu.4154. This impacts the function CloudACMunualUpdateUserdata of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument url causes command injection. The attack can be initiated remotely. The exploit has been published and may be used...

TOTOLINK A7000R Command Injection Vulnerability

TOTOLINK A7000R is a wireless router produced by TOTOLINK, a Chinese company. The TOTOLINK A7000R version 4.1cu.4154 contains a command injection vulnerability. This vulnerability stems from incorrect handling of the parameter “pluginname” in the setUnloadUserData function located in the...