PT-2026-35409

A vulnerability was detected in Tenda HG3 2.0. The impacted element is an unknown function of the file /boaform/formCountrystr. The manipulation of the argument countrystr results in os command injection. The attack may be performed from remote. The exploit is now public and may be used...

EUVD-2026-25898

A command injection vulnerability exists in Tenda AC18 V15.03.05.05multi. The vulnerability is located in the /goform/SetSambaCfg interface, where improper handling of the guestuser parameter allows attackers to execute arbitrary system commands...

PT-2026-35571

A vulnerability has been found in Totolink A8000RU 7.1cu.643 b20200521. This affects the function setWiFiWpsStart of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument wscDisabled leads to os command injection. The attack can be initiated remotely. The...

PT-2026-35520

A vulnerability was identified in Totolink A8000RU 7.1cu.643 b20200521. The affected element is the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument telnet enabled leads to os command injection. It is possible to launch the...

PT-2026-35419

A vulnerability was identified in Totolink A8000RU 7.1cu.643 b20200521. Affected by this issue is the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument merge leads to os command injection. The attack may be initiated remotely...

TOTOLINK A8000RU 命令注入漏洞

TOTOLINK A8000RU is a wireless router produced by TOTOLINK, a Chinese company. The TOTOLINK A8000RU 7.1cu.643b20200521 version contains a command injection vulnerability. This vulnerability stems from the operation of the setIpv6LanCfg function in the /cgi-bin/cstecgi.cgi file, specifically relat...

📄 thumbler 1.1.2 Command Injection

The thumbler package through version 1.1.2 contains a critical command injection vulnerability in the thumbnail function. User-supplied input parameters input, output, time, size are concatenated into a single ffmpeg command string and executed via childprocess.exec without proper sanitization. A...

AutoForge 命令注入漏洞

AutoForge is an intelligent coding proxy tool open source by AutoForgeAI. Version 79d02a of AutoForge has a command injection vulnerability, which stems from the /devserver/start endpoint’s command injection. This vulnerability could allow attackers to execute arbitrary code...

D-Link DIR-822 注入漏洞

The D-Link DIR-822 is a wireless router produced by D-Link Corporation. The D-Link DIR-822 A101 version has a vulnerability related to command injection. This vulnerability stems from the handling of the parameter “Hostname” in the system function of the udhcpd DHCP service, located in the...

Tenda AC18 安全漏洞

The Tenda AC18 is a router produced by the Chinese company Tenda. The Tenda AC18 V15.03.05.05multi version has a security vulnerability. This vulnerability stems from the improper handling of the guestuser parameter in the /goform/SetSambaCfg interface, which may lead to command injection...

TOTOLINK A8000RU 命令注入漏洞

TOTOLINK A8000RU is a wireless router produced by TOTOLINK, a Chinese company. The TOTOLINK A8000RU 7.1cu.643b20200521 version contains a command injection vulnerability. This vulnerability stems from the function setDmzCfg in the CGI Handler component’s file/cgi-bin/cstecgi.cgi, which processes...

TOTOLINK A8000RU 命令注入漏洞

The TOTOLINK A8000RU is a wireless router produced by TOTOLINK Corporation in China. The Totolink A8000RU 7.1cu.643b20200521 version contains a command injection vulnerability. This vulnerability stems from the setWizardCfg function in the CGI Handler component/cgi-bin/cstecgi.cgi file, which...

TOTOLINK A8000RU 命令注入漏洞

TOTOLINK A8000RU is a wireless router produced by TOTOLINK, a Chinese company. The TOTOLINK A8000RU 7.1cu.643b20200521 version contains a command injection vulnerability. This vulnerability stems from the function setStorageCfg in the CGI Handler component’s file/cgi-bin/cstecgi.cgi, which...

PT-2026-35525

A security vulnerability has been detected in Totolink A8000RU 7.1cu.643 b20200521. This impacts the function setLoginPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument admpass leads to os command injection. The attack may be initiated...

TOTOLINK A8000RU 命令注入漏洞

The TOTOLINK A8000RU is a wireless router produced by TOTOLINK Corporation. The Totolink A8000RU 7.1cu.643b20200521 version contains a command injection vulnerability. This vulnerability stems from the setUPnPCfg function in the CGI Handler component/cgi-bin/cstecgi.cgi file, which processes the...

📄 node-tesseract-ocr 2.2.1 Command Injection

In node-tesseract-ocr version 2.2.1, a security vulnerability allows OS command injection when attacker-controlled image paths are passed to the OCR function. ================================================================================================================================== | Title...

TOTOLINK A8000RU 命令注入漏洞

The TOTOLINK A8000RU is a wireless router produced by TOTOLINK, a Chinese company. The Totolink A8000RU 7.1cu.643b20200521 version has a command injection vulnerability. This vulnerability stems from the function CsteSystem in the cgi-bin/cstecgi.cgi file, which handles CGI commands. The operatio...

TOTOLINK A8000RU 命令注入漏洞

TOTOLINK A8000RU is a wireless router produced by TOTOLINK, a Chinese company. The TOTOLINK A8000RU 7.1cu.643b20200521 version has a command injection vulnerability. This vulnerability stems from improper handling of the parameter “telnetenabled” in the function setTelnetCfg within the CGI Handle...

Tenda F456 注入漏洞

The Tenda F456 is a wireless router produced by the Chinese company Tenda. Version 1.0.0.5 of the Tenda F456 contains a vulnerability caused by the FromWriteFacMac function in the httpd component or the goform/WriteFacMac file. This vulnerability arises from the handling of the parameter “mac” in...

PT-2026-35451

A security vulnerability has been detected in Totolink A8000RU 7.1cu.643 b20200521. This affects the function setStorageCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument sambaEnabled leads to os command injection. Remote exploitation of the attack...