PT-2026-43043

A vulnerability has been found in Totolink A8000RU 7.1cu.643 b20200521. This issue affects the function UploadOpenVpnCert of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument FileName leads to os command injection. Remote exploitation of the...

PT-2026-43015

A flaw has been found in Totolink A8000RU 7.1cu.643 b20200521. The impacted element is the function setL2tpServerCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument enable can lead to os command injection. The attack can be...

NEC Aterm 安全漏洞

NEC Aterm is a series of wireless routers from Nippon Electric NEC. A security vulnerability exists in NEC Aterm that stems from an OS command injection issue, which could allow execution of arbitrary OS commands over an adjacent network if a malicious third party gains administrator access to th...

PT-2026-43090

A vulnerability was determined in Totolink A8000RU 7.1cu.643 b20200521. This affects the function setIpQosRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. This manipulation of the argument Comment causes os command injection. Remote exploitation of the attack is...

Linux Distros Unpatched Vulnerability : CVE-2026-39828

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially droppin...

miniclawd 命令注入漏洞

miniclawd is a lightweight personal AI assistant with multi-LLM and multi-channel support by Ziwen Personal Developer. A command injection vulnerability exists in miniclawd, which stems from the parameter requires.bins operation of file /src/application/skills-loader.ts in the component...

Edimax BR-6478AC 命令注入漏洞

Edimax BR-6478AC is a dual-band Gigabit router from China Xunzhou Edimax. Edimax BR-6478AC version 1.23 suffers from a command injection vulnerability, which originates from the operation of the function formiNICbasic in the file /goform/formiNICbasic in the POST Request Handler component, on the...

TOTOLINK A8000RU 操作系统命令注入漏洞

The TOTOLINK A8000RU is a wireless router from China's Gion Electronics TOTOLINK. An OS command injection vulnerability exists in TOTOLINK A8000RU version 7.1cu.643b20200521, which originates from the parameter of the function UploadOpenVpnCert in the file /cgi-bin/cstecgi.cgi in the component We...

PT-2026-42979

A vulnerability was detected in Totolink A8000RU 7.1cu.643 b20200521. Affected by this issue is the function setStaticDhcpRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument enable results in os command injection. The attack may be...

PT-2026-43098

A security flaw has been discovered in Totolink A8000RU 7.1cu.643 b20200521. This issue affects the function setAccessDeviceCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument mac results in os command injection. The attack is...

PT-2026-43012

A security vulnerability has been detected in Totolink A8000RU 7.1cu.643 b20200521. Impacted is the function setWiFiWpsCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument wscDisabled leads to os command injection. The attack may be...

PT-2026-43019

A vulnerability was identified in Edimax BR-6478AC 1.23. Affected by this vulnerability is the function formAccept of the file /goform/formAccept of the component POST Request Handler. Such manipulation of the argument submit-url leads to command injection. It is possible to launch the attack...

PT-2026-43004

Insertion of Sensitive Information into Log File CWE-532 in some Command Centre Service installers could lead to Service Account credentials exposure. Mitigating Factor: Only sites that install Command Centre Services with a custom Service Account not the default Network Service account are...

PT-2026-43016

A vulnerability has been found in DTStack Taier 1.4.0. This affects the function Runtime.exec of the component REST API. The manipulation of the argument sqlText leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may ...

PT-2026-43151

Name of the Vulnerable Software and Affected Versions Totolink CA750-PoE version 6.2c.510 Description A security flaw in the Setting Handler component allows for remote OS command injection. This occurs through the manipulation of the admuser and admpass arguments within the setPasswordCfg functi...

PT-2026-43158

A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The affected element is the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument plugin version results in os command injection. The attack may be launched...

TOTOLINK A8000RU 操作系统命令注入漏洞

The TOTOLINK A8000RU is a wireless router from China's Gion Electronics TOTOLINK. The Totolink A8000RU version 7.1cu.643b20200521 suffers from an OS command injection vulnerability that originates from the operation of the function setL2tpServerCfg on the parameter enable in the Web Management...

ROS-20260525-73-0003

Vulnerability in awscli2 related to the use of an invalid referenced name. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

TOTOLINK A8000RU 操作系统命令注入漏洞

The TOTOLINK A8000RU is a wireless router from China's Gion Electronics TOTOLINK. The Totolink A8000RU version 7.1cu.643b20200521 suffers from an OS command injection vulnerability that originates from the function setParentalRules in the Web Management Interface component file /cgi-bin/cstecgi.c...

TOTOLINK A8000RU 操作系统命令注入漏洞

The TOTOLINK A8000RU is a wireless router from China's Gion Electronics TOTOLINK. An OS command injection vulnerability exists in TOTOLINK A8000RU version 7.1cu.643b20200521, which originates from the operation of the function setIpQosRules on the parameter Comment in the Web Management Interface...