TOTOLINK A7000R Command Injection Vulnerability

The TOTOLINK A7000R is a wireless router produced by TOTOLINK Corporation. The Totolink A7000R version 4.1cu.4154 contains a command injection vulnerability. This vulnerability stems from incorrect handling of the parameter url in the CloudACMunualUpdateUserdata function located in the...

USN-7937-1: Linux kernel (Azure FIPS) vulnerabilities

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this t...

CVE-2025-60682

A command injection vulnerability exists in the ToToLink A720R Router firmware V4.1.5cu.614B20230630 within the cloudupdatecheck binary, specifically in the sub402414 function that handles cloud update parameters. User-supplied 'magicid' and 'url' values are directly concatenated into shell...

CVE-2025-60682

A command injection vulnerability exists in the ToToLink A720R Router firmware V4.1.5cu.614B20230630 within the cloudupdatecheck binary, specifically in the sub402414 function that handles cloud update parameters. User-supplied 'magicid' and 'url' values are directly concatenated into shell...

CVE-2025-60682

A command injection vulnerability exists in the ToToLink A720R Router firmware V4.1.5cu.614B20230630 within the cloudupdatecheck binary, specifically in the sub402414 function that handles cloud update parameters. User-supplied 'magicid' and 'url' values are directly concatenated into shell...

CVE-2025-60682

The connected CNVD/Red Hat/EUVD/NVD entries confirm CVE-2025-60682 affecting TOTOLINK A720R router firmware V4.1.5cu.614_B20230630, in the cloudupdate_check binary (sub_402414) where cloud update parameters are processed. User-controlled magicid and url are concatenated into shell commands and ex...

CVE-2025-60682

A command injection vulnerability exists in the ToToLink A720R Router firmware V4.1.5cu.614B20230630 within the cloudupdatecheck binary, specifically in the sub402414 function that handles cloud update parameters. User-supplied 'magicid' and 'url' values are directly concatenated into shell...

PT-2025-46843

A command injection vulnerability exists in the ToToLink A720R Router firmware V4.1.5cu.614 B20230630 within the cloudupdate check binary, specifically in the sub 402414 function that handles cloud update parameters. User-supplied 'magicid' and 'url' values are directly concatenated into shell...

EUVD-2025-28077

Malicious code in bioql PyPI...

CVE-2025-4692

Actors can use a maliciously crafted JavaScript object notation JSON web token JWT to perform privilege escalation by submitting the malicious JWT to a vulnerable method exposed on the cloud platform. If the exploit is successful, the user can escalate privileges to access any device managed by t...

CVE-2025-4692

Actors can use a maliciously crafted JavaScript object notation JSON web token JWT to perform privilege escalation by submitting the malicious JWT to a vulnerable method exposed on the cloud platform. If the exploit is successful, the user can escalate privileges to access any device managed by t...

CVE-2025-4692

CVE-2025-4692 : Affects ABUP Cloud Update Platform (IoT cloud platform). A maliciously crafted JSON Web Token (JWT) can be submitted to a vulnerable cloud method to perform privilege escalation, allowing access to any device managed by the platform. Root cause: JWT-based privilege escalation via ...

PT-2025-22569 · Unknown · Abup Cloud Update Platform

Name of the Vulnerable Software and Affected Versions: ABUP Cloud Update Platform affected versions not specified Description: The issue allows actors to perform privilege escalation by submitting a maliciously crafted JavaScript object notation JSON web token JWT to a vulnerable method exposed o...

ABUP Cloud Update Platform 安全漏洞

ABUP Cloud Update Platform is an IoT cloud platform from China's Airabi ABUP. A security vulnerability exists in ABUP Cloud Update Platform that stems from a malicious JSON web token that could lead to elevation of privilege...

PT-2025-21824 · Totolink · Totolink N300Rt

Name of the Vulnerable Software and Affected Versions: TOTOLINK N300RH version 6.1c.1390 B20191101 Description: A critical issue affects the function CloudACMunualUpdateUserdata of the file "/cgi-bin/cstecgi.cgi". The manipulation of the url argument leads to command injection. This issue can be...

PT-2024-17517 · Orbisius · Orbisius-Child-Theme-Creator

Name of the Vulnerable Software and Affected Versions: Child Theme Creator by Orbisius plugin for WordPress versions up to, and including, 1.5.5 Description: The issue is related to unauthorized modification of data due to a missing capability check on the cloud delete and cloud update functions...

WordPress plugin Child Theme Creator by Orbisius 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPress...

L2Blocker Sensor setup screen vulnerable to authentication bypass

Overview L2Blocker provided by SOFTCREATE CORP. contains a vulnerability CWE-288 in which the login authentication is bypassed by using alternative paths or channels for Sensor. Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

CVE-2022-29639

TOTOLINK A3100R V4.1.2cu.5050B20200504 and V4.1.2cu.5247B20211129 were discovered to contain a command injection vulnerability via the magicid parameter in the function ucicloudupdateconfig...

PT-2022-19306 · Totolink · Totolink N600R

Name of the Vulnerable Software and Affected Versions: TOTOLink N600R version 5.3c.7159 B20190425 Description: A command injection issue was found via the filename parameter in the "/setting/CloudACMunualUpdate" API endpoint. Recommendations: For TOTOLink N600R version 5.3c.7159 B20190425, avoid...