276 matches found
CVE-2025-40591
CVE-2025-40591 affects Siemens RUGGEDCOM ROX II family devices (MX5000, MX5000RE, RX1400, RX1500, RX1501, RX1510, RX1511, RX1512, RX1524, RX1536, RX5000) with
CVE-2025-5763
The CVE-2025-5763 entry concerns Tenda CP3 (11.10.00.2311090948) where the function sub_F3C8C in the apollo file allows arbitrary command execution due to improper filtering. Exploitation is remote and the vulnerability is confirmed in multiple sources. Affected component: apollo -> sub_F3C8C;...
PT-2025-24101 · Tenda · Tenda Cp3
Name of the Vulnerable Software and Affected Versions: Tenda CP3 version 11.10.00.2311090948 Description: A critical issue has been found, affecting the function sub F3C8C of the file apollo, leading to command injection. The attack can be launched remotely. Recommendations: For Tenda CP3 version...
CVE-2025-5695
A vulnerability has been found in Teledyne FLIR AX8 up to 1.46.16. This impacts the function subscribetospot/subscribetodelta/subscribetoalarm of the file /usr/www/application/models/subscriptions.php of the component Backend. Such manipulation leads to command injection. It is possible to launch...
CVE-2025-5504
A vulnerability has been found in TOTOLINK X2000R 1.0.0-B20230726.1108 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formWsc. The manipulation of the argument peerRptPin leads to command injection. The attack can be initiated remotely. The exploit has bee...
CVE-2025-5492
A vulnerability has been found in D-Link DI-500WF-WT up to 20250511 and classified as critical. Affected by this vulnerability is the function sub456DE8 of the file /mspinfo.htm?flag=cmd of the component /usr/sbin/jhttpd. The manipulation of the argument cmd leads to command injection. The attack...
CVE-2025-5445
A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 and classified as critical. Affected by this issue is the function RPcheckFWByBBS of the file /goform/RPcheckFWByBBS. The manipulation of the argument...
CVE-2025-5443
A vulnerability, which was classified as critical, was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected is the function wirelessAdvancedHidden of the file /goform/wirelessAdvancedHidden. The manipulation of the...
CVE-2025-5573 D-Link DCS-932L setSystemWizard setSystemControl os command injection
A vulnerability was found in D-Link DCS-932L 2.18.01. It has been rated as critical. Affected by this issue is the function setSystemWizard/setSystemControl of the file /setSystemWizard. The manipulation of the argument AdminID leads to os command injection. The attack may be launched remotely. T...
CVE-2025-5573 D-Link DCS-932L setSystemWizard setSystemControl os command injection
A vulnerability was found in D-Link DCS-932L 2.18.01. It has been rated as critical. Affected by this issue is the function setSystemWizard/setSystemControl of the file /setSystemWizard. The manipulation of the argument AdminID leads to os command injection. The attack may be launched remotely. T...
CVE-2025-5525 Jrohy trojan linux.go LogChan os command injection
A vulnerability was found in Jrohy trojan up to 2.15.3. It has been declared as critical. This vulnerability affects the function LogChan of the file trojan/util/linux.go. The manipulation of the argument c leads to os command injection. The attack can be initiated remotely. The complexity of an...
CVE-2025-5492
A vulnerability has been found in D-Link DI-500WF-WT up to 20250511 and classified as critical. Affected by this vulnerability is the function sub456DE8 of the file /mspinfo.htm?flag=cmd of the component /usr/sbin/jhttpd. The manipulation of the argument cmd leads to command injection. The attack...
CVE-2025-5492 D-Link DI-500WF-WT /usr/sbin/jhttpd msp_info.htm sub_456DE8 command injection
A vulnerability has been found in D-Link DI-500WF-WT up to 20250511 and classified as critical. Affected by this vulnerability is the function sub456DE8 of the file /mspinfo.htm?flag=cmd of the component /usr/sbin/jhttpd. The manipulation of the argument cmd leads to command injection. The attack...
CVE-2025-5492 D-Link DI-500WF-WT /usr/sbin/jhttpd msp_info.htm sub_456DE8 command injection
A vulnerability has been found in D-Link DI-500WF-WT up to 20250511 and classified as critical. Affected by this vulnerability is the function sub456DE8 of the file /mspinfo.htm?flag=cmd of the component /usr/sbin/jhttpd. The manipulation of the argument cmd leads to command injection. The attack...
CVE-2025-5447 Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 ssid1MACFilter os command injection
A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been declared as critical. This vulnerability affects the function ssid1MACFilter of the file /goform/ssid1MACFilter. The manipulation of the...
CVE-2025-5445
A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 and classified as critical. Affected by this issue is the function RPcheckFWByBBS of the file /goform/RPcheckFWByBBS. The manipulation of the argument...
CVE-2025-5443 Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 wirelessAdvancedHidden os command injection
A vulnerability, which was classified as critical, was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected is the function wirelessAdvancedHidden of the file /goform/wirelessAdvancedHidden. The manipulation of the...
CVE-2025-5443
CVE-2025-5443 affects Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 (versions 1.0.013.001–1.2.07.001). The vulnerable component is the wirelessAdvancedHidden function in /goform/wirelessAdvancedHidden. Malicious manipulation of ExtChSelector/24GSelector/5GSelector leads to OS command injectio...
CVE-2025-5441
A vulnerability classified as critical was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function setDeviceURL of the file /goform/setDeviceURL. The manipulation of the argument DeviceURL...
PT-2025-23503 · Linksys · Linksys Re6300 +5
Name of the Vulnerable Software and Affected Versions: Linksys RE6500, RE6250, RE6300, RE6350, RE7000, and RE9000 versions 1.0.013.001 through 1.2.07.001 Description: A critical issue has been found, affecting the function RP pingGatewayByBBS of the file /goform/RP pingGatewayByBBS. The...