TOTOLINK EX1800T NTPSyncWithHost Interface Command Execution Vulnerability

The TOTOLINK EX1800T is a Wi-Fi range extender from China's Gion Electronics TOTOLINK. A command execution vulnerability exists in the TOTOLINK EX1800T version v9.1.0cu.2112B20220316. The vulnerability stems from the hosttime parameter of the NTPSyncWithHost interface of cstecgi .cgi failing to...

Command Execution Vulnerability in Green Alliance WAF of Beijing Shenzhou Green Alliance Technology Co., Ltd (CNVD-2024-07088)

Beijing Shenzhou Green Alliance Technology Co., Ltd. is an enterprise mainly engaged in science and technology promotion and application services. Ltd. Green Alliance WAF has a command execution vulnerability that can be exploited by attackers to execute arbitrary commands...

TOTOLINK EX1200L setOpModeCfg Interface Command Execution Vulnerability

TOTOLINK EX1200L is a dual-band wireless signal booster, mainly used to extend Wi-Fi coverage in home or office environments, solving the problem of weak signals or dead spots. The TOTOLINK EX1200L suffers from a command execution vulnerability that stems from the setOpModeCfg interface of...

TOTOLINK EX1200L NTPSyncWithHost Interface Command Execution Vulnerability

TOTOLINK EX1200L is a dual-band wireless signal booster, mainly used to extend Wi-Fi coverage in home or office environments, solving the problem of weak signals or dead spots. The TOTOLINK EX1200L suffers from a command execution vulnerability that stems from the NTPSyncWithHost interface of...

TOTOLINK EX1800T cstecgi.cgi lanSecDns Parameter Arbitrary Command Execution Vulnerability

TOTOLINK EX1800T is a Wi-Fi range extender from China's TOTOLINK, which supports Wi-Fi 6 technology and enhances signal coverage by connecting wirelessly to a router, making it suitable for home and small office environments. The TOTOLINK EX1800T suffers from a command execution vulnerability tha...

CVE-2023-50651

TOTOLINK X6000R v9.4.0cu.852B20230719 was discovered to contain a remote command execution RCE vulnerability via the component /cgi-bin/cstecgi.cgi...

TOTOLINK EX1800T 安全漏洞

TOTOLINK EX1800T is a Wi-Fi range extender from China's TOTOLINK, which supports Wi-Fi 6 technology and enhances signal coverage by connecting wirelessly to a router, making it suitable for home and small office environments. A command execution vulnerability exists in the TOTOLINK EX1800T, which...

IBM Informix JDBC Remote Code Execution Vulnerability

IBM Informix JDBC Driver is a driver from International Business Machines IBM. A remote code execution vulnerability exists in IBM Informix JDBC that stems from a failure to properly filter special elements of a constructed code segment when passing unchecked parameters to an API, which could be...

Tenda i29 sysScheduleRebootSet Method Command Execution Vulnerability

The Tenda i29 is a wireless router from the Chinese company Tenda. The Tenda i29 suffers from a command execution vulnerability that stems from the sysScheduleRebootSet method failing to properly filter construct command special characters, commands, etc. The vulnerability can be exploited to cau...

TOTOLINK EX1800T 安全漏洞

The TOTOLINK EX1800T is a Wi-Fi range extender from China's Gion Electronics TOTOLINK. A command execution vulnerability exists in the TOTOLINK EX1800T setWiFiApConfig interface, which originates from the failure of the opmode parameter of the cstecgi .cgi's setWiFiApConfig interface to correctly...

NETGEAR WNR2000 Command Execution Vulnerability

The NETGEAR WNR2000 is a wireless router from NETGEAR. A command execution vulnerability exists in NETGEAR WNR2000 v4 version 1.0.0.70, which stems from an application failing to properly filter constructed command special characters, commands, and more. An attacker could exploit this vulnerabili...

Dell PowerProtect Data Domain Command Execution Vulnerability

Dell PowerProtect Data Domain Dell PowerProtect DD is a suite of hardware appliances for data protection, backup, storage, and deduplication from Dell, USA. A command execution vulnerability exists in Dell PowerProtect Data Domain that stems from a failure to properly filter construct command...

Tenda AX12 list parameter command execution vulnerability

Tenda AX12 is a dual-band Gigabit Wifi 6 wireless router from Tenda China. A command execution vulnerability exists in Tenda AX12 version V22.03.01.46, which is caused due to the failure of the "list" parameter of /goform/SetNetControlList to correctly filter constructed command special character...

Command Execution Vulnerability in Isthmus Electronic Document Security Management System (CNVD-2024-03028)

Beijing Yisaitong Technology Development Co., Ltd. is an enterprise mainly engaged in science and technology promotion and application service industry. A command execution vulnerability exists in the Yisetong Electronic Document Security Management System, which can be exploited by an attacker t...

Buildroot Security Vulnerabilities

Buildroot is Buildroot open source set of Makefile and Patch files. It is used to simplify and automate the process of building a complete and bootable Linux environment for embedded systems. A security vulnerability exists in Buildroot version 2023.08.1 and dev commit 622698d7847, which stems fr...

TOTOLINK X6000R pass parameter command execution vulnerability

TOTOLINK X6000R is a wireless router from China Gion Electronics that supports WiFi 6 technology with high concurrent connections and dual-band transmission. TOTOLINK X6000R suffers from a command execution vulnerability that stems from the pass parameter of the sub4119A0 function failing to...

TOTOLINK X6000R url Parameter Command Execution Vulnerability

TOTOLINK X6000R is a wireless router from China Gion Electronics that supports WiFi 6 technology with high concurrent connections and dual-band transmission. TOTOLINK X6000R suffers from a command execution vulnerability that stems from the url parameter of the sub4119A0 function failing to...

CVE-2023-48800

In TOTOLINK X6000RFirmware V9.4.0cu.852B20230719, the shttpd file sub417338 function obtains fields from the front-end, connects them through the snprintf function, and passes them to the CsteSystem function, resulting in a command execution vulnerability...

CVE-2023-48801

In TOTOLINK X6000RFirmware V9.4.0cu.852B20230719, the shttpd file sub415534 function obtains fields from the front-end, connects them through the snprintf function, and passes them to the CsteSystem function, resulting in a command execution vulnerability...

CVE-2023-48812

In TOTOLINK X6000R V9.4.0cu.852B20230719, the shttpd file sub4119A0 function obtains fields from the front-end through Uci Set The Str function that when passed to the CsteSystem function creates a command execution vulnerability...