Stack overflow

TOTOLINK N350RT V9.3.5u.6139B20201216 was discovered to contain a stack overflow via the command parameter in the function setTracerouteCfg...

Stack overflow

TOTOLINK A3700R V9.1.2u.6134B20201202 was discovered to contain a stack overflow via the command parameter in the function setTracerouteCfg...

CVE-2022-37080

TOTOLINK A7000R V9.1.0u.6115B20201022 was discovered to contain a stack overflow via the command parameter at setting/setTracerouteCfg...

CVE-2022-32048

TOTOLINK T6 V4.1.9cu.5179B20201015 was discovered to contain a stack overflow via the command parameter in the function FUN0041cc88...

CVE-2022-32048

TOTOLINK T6 V4.1.9cu.5179B20201015 was discovered to contain a stack overflow via the command parameter in the function FUN0041cc88...

Stack overflow

TOTOLINK T6 V4.1.9cu.5179B20201015 was discovered to contain a stack overflow via the command parameter in the function FUN0041cc88...

CVE-2022-32048

TOTOLINK T6 vulnerable version: V4.1.9cu.5179_B20201015. A stack overflow exists in the function FUN_0041cc88 triggered via the command parameter. Descriptions across CNVD, Red Hat, and related records confirm the issue stems from insufficient input length validation, potentially enabling a denia...

PT-2022-21072 · Totolink · Totolink T6

Name of the Vulnerable Software and Affected Versions: TOTOLINK T6 version 4.1.9cu.5179 B20201015 Description: A stack overflow issue was discovered via the command parameter in the FUN 0041cc88 function. This issue allows for potential exploitation. Recommendations: For TOTOLINK T6 version...

IVPN Client 安全漏洞

IVPN Client is a VPN software client from IVPN Inc. It is used to encrypt Internet activity from hackers, ISPs, and others who have no business logging content that they have not chosen to share. A security vulnerability exists in IVPN Client version 2.6.6120.33863, which stems from the...

CVE-2022-31874

ASUS RT-N53 3.0.0.4.376.3754 has a command injection vulnerability in the SystemCmd parameter of the apply.cgi interface...

CVE-2022-30909

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the CMD parameter at /goform/aspForm...

CVE-2022-1152

The Menubar WordPress plugin before 5.8 does not sanitise and escape the command parameter before outputting it back in the response via the menubar AJAX action available to any authenticated users, leading to a Reflected Cross-Site Scripting...

VulnCheck KEV: CVE-2019-19824

On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI syscmd.htm is not available. This allows for full control over the device's internals. This affects A3002RU through...

Arbitrary Code Execution

Overview Affected versions of this package are vulnerable to Arbitrary Code Execution. If the command parameter of the Docker.command method can at least be partially controlled by a user, they will be in a position to execute any arbitrary OS commands on the host system. Steps to Reproduce 1...

CVE-2021-36706

In ProLink PRC2402M V1.0.18 and older, the setsyscmd function in the adm.cgi binary, accessible with a page parameter value of sysCMD contains a trivial command injection where the value of the command parameter is passed directly to system...

SYS.1.3.A14

Die Ausgabe von Informationen ueber das Betriebssystem und der Zugriff auf Protokoll- und Konfigurationsdateien SOLLTE fuer Benutzer auf das notwendige Mass beschraenkt werden. Ausserdem SOLLTEN bei Befehlsaufrufen keine vertraulichen Informationen als Parameter uebergeben werden. Copyright C 202...

NCR Command Center Agent Operating System Command Injection Vulnerability

NCR Aloha Essentials is the mobile POS enabled hardware from NCR USA. It provides an end-to-end restaurant management platform A security vulnerability exists in the CMCAgent in NCR Command Center Agent 16.3, which originates from allowing submission of the runCommand parameter in an XML document...

D-Link DIR-610 Remote Code Execution Vulnerability

The D-Link DIR-610 is a wireless router from AUO D-Link of Taiwan, China. A remote code execution vulnerability exists in the D-Link DIR-610, which arises from a failure of a network system or product to properly filter specific elements of externally entered data during the construction of a cod...

PT-2020-6844

Name of the Vulnerable Software and Affected Versions D-Link DIR-610 devices affected versions not specified Description The issue allows for Remote Command Execution via the cmd parameter to "command.php". This is due to the lack of measures to neutralize special elements used in the operating...

adb-driver injection vulnerability

adb-driver is a universal Android USB driver. An injection vulnerability exists in adb-driver. The vulnerability can be exploited to execute arbitrary commands with the help of the 'command' parameter...