EUVD-2025-199708

Out-of-bounds Read vulnerability in ASR1903、ASR3901 in ASR LapwingLinux on Linux nrfw modules. This vulnerability is associated with program files Code/nrfw/DLP/src/NrCgi.C. This issue affects LapwingLinux: before 2025/11/26...

VulnCheck KEV: CVE-2024-10915

A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been rated as critical. Affected by this issue is the function cgiuseradd of the file /cgi-bin/accountmgr.cgi?cmd=cgiuseradd. The manipulation of the argument group leads to os command injection. T...

CVE-2025-13562

A vulnerability was identified in D-Link DIR-852 1.00. This issue affects some unknown processing of the file /gena.cgi. Such manipulation of the argument service leads to command injection. The attack can be executed remotely. The exploit is publicly available and might be used. This vulnerabili...

CVE-2025-63223

The Axel Technology StreamerMAX MK II devices firmware versions 0.8.5 to 1.0.3 are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. Unauthenticated remote attackers can list user accounts, create new administrative users, delete users, and...

CVE-2025-63213

The QVidium Opera11 device firmware version 2.9.0-Ax4x-opera11 is vulnerable to Remote Code Execution RCE due to improper input validation on the /cgi-bin/netping.cgi endpoint. An attacker can exploit this vulnerability by sending a specially crafted GET request with a malicious parameter to inje...

TencentOS Server 3: ruby:2.5 (TSSA-2023:0312)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0312 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

TencentOS Server 3: ruby:3.1 (TSSA-2024:0106)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0106 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

CVE-2025-63223

The Axel Technology StreamerMAX MK II devices firmware versions 0.8.5 to 1.0.3 are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. Unauthenticated remote attackers can list user accounts, create new administrative users, delete users, and...

CVE-2025-63218

The Axel Technology WOLF1MS and WOLF2MS devices firmware versions 0.8.5 to 1.0.3 are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. Unauthenticated remote attackers can list user accounts, create new administrative users, delete users, and...

📄 Fortinet FortiWeb 8.0.0 Authentication Bypass

Analysis write up of the Fortinet FortiWeb version 8.0.0 authentication bypass vulnerability that can be leveraged for remote code execution. Titles: Fortinet FortiWeb Auth-8.0.0 Bypass CVE-2025-64446 Author: nu11secur1ty Date: 11/17/2025 Vendor: https://www.fortinet.com/ Software: v8.0.0...

CVE-2025-63932

D-Link Router DIR-868L A1 FW106KRb01.bin has an unauthenticated remote code execution vulnerability in the cgibin binary. The HNAP service provided by cgibin does not filter the HTTP SOAPAction header field. The unauthenticated remote attacker can execute the shell command...

CVE-2025-63213

The QVidium Opera11 device firmware version 2.9.0-Ax4x-opera11 is vulnerable to Remote Code Execution RCE due to improper input validation on the /cgi-bin/netping.cgi endpoint. An attacker can exploit this vulnerability by sending a specially crafted GET request with a malicious parameter to inje...

Axel WOLF1MS和Axel WOLF2MS 安全漏洞

Axel WOLF1MS and Axel WOLF2MS are both FM network monitoring devices from Axel Italy. A security vulnerability exists in Axel WOLF1MS and Axel WOLF2MS versions 0.8.5 through 1.0.3, which stems from a lack of authentication in the /cgi-bin/gstFcgi.fcgi endpoint, and could lead to a complete crack ...

CVE-2025-63223

The Axel Technology StreamerMAX MK II devices firmware versions 0.8.5 to 1.0.3 are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. Unauthenticated remote attackers can list user accounts, create new administrative users, delete users, and...

PT-2025-47469

The Axel Technology puma devices firmware versions 0.8.5 to 1.0.3 are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. Unauthenticated remote attackers can list user accounts, create new administrative users, delete users, and modify system...

CVE-2025-63223

The CVE-2025-63223 entry affects Axel Technology StreamerMAX MK II firmware versions 0.8.5–1.0.3. The root cause is Broken Access Control caused by missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint, allowing unauthenticated remote attackers to list user accounts, create new administrat...

CVE-2025-63218

The CVE-2025-63218 vulnerability affects Axel Technology WOLF1MS and WOLF2MS devices (firmware 0.8.5–1.0.3). It is caused by Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint, enabling unauthenticated remote attackers to list user accounts, create administr...

EUVD-2025-197687

A vulnerability has been found in D-Link DIR-816L 206b09beta. This affects the function genacgimain of the file gena.cgi. The manipulation of the argument SERVERID/HTTPSID leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to th...

PT-2025-47046

Name of the Vulnerable Software and Affected Versions D-Link DIR-816L version 2 06 b09 beta Description A stack-based buffer overflow exists in the soapcgi main function of the /soap.cgi file. This issue allows for remote exploitation. The exploit has been publicly disclosed. The affected product...

CVE-2025-13188 D-Link DIR-816L authentication.cgi authenticationcgi_main stack-based overflow

A vulnerability was detected in D-Link DIR-816L 206b09beta. Affected by this vulnerability is the function authenticationcgimain of the file /authentication.cgi. Performing manipulation of the argument Password results in stack-based buffer overflow. Remote exploitation of the attack is possible...