CVE-2024-21846

CVE-2024-21846 describes a Missing Authentication for Critical Function in Electrolink FM/DAB/TV Transmitters. An unauthenticated attacker can send a crafted GET request to the command.cgi gateway, reset the board and stop transmitter operations, causing a denial-of-service. Publicly documented a...

PT-2024-19089 · Electrolink · Compact Dab Transmitter +6

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: An unauthenticated attacker can reset the board and stop transmitter operations by sending a specially-crafted GET request to the "command.cgi" gateway,...

Electrolink FM/DAB/TV Transmitter 访问控制错误漏洞

The Electrolink FM/DAB/TV Transmitter is a series of transmitters from Electrolink. The Electrolink FM/DAB/TV Transmitter suffers from an Access Control Error vulnerability that originates from an unauthenticated attacker being able to cause a Denial of Service DOS by sending a specially crafted...

Electrolink FM/DAB/TV Transmitter Unauthenticated Remote Denial Of Service

Electrolink FM/DAB/TV Transmitter Unauthenticated Remote DoS Vendor: Electrolink s.r.l. Product web page: https://www.electrolink.com Affected version: 10W, 100W, 250W, Compact DAB Transmitter 500W, 1kW, 2kW Medium DAB Transmitter 2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter 100W, 500W, 1kW, 2...

Cross site scripting

A reflected cross site scripting XSS vulnerability was discovered on Samsung sww-3400rw Router devices via the m2 parameter of the sess-bin/command.cgi...

CVE-2018-5757

An issue was discovered on AudioCodes 450HD IP Phone devices with firmware 3.0.0.535.106. The traceroute and ping functionality, which uses a parameter in a request to command.cgi from the Monitoring page in the web UI, unsafely puts user-alterable data directly into an OS command, leading to...

CVE-2018-5757

AudioCodes 450HD IP Phone devices running firmware 3.0.0.535.106 are affected by CVE-2018-5757. The traceroute and ping functions on the Monitoring page’s web UI pass a user-controllable parameter from a request to command.cgi into an OS command, enabling remote code execution via shell metachara...

AudioCode 400HD Remote Command Injection

CVE-2018-10093 Remote command injection vulnerability in AudioCode IP phones Description The AudioCodes 400HD series of IP phones consists in a range of easy-to-use, feature-rich desktop devices for the service provider hosted services, enterprise IP telephony and contact center markets. The CGI...

net-chess.com XSS vulnerability

Vulnerable URL: http://net-chess.com////command.cgi?command=gamesearch&p1;="...

net-chess.com XSS vulnerability

Vulnerable URL: http://net-chess.com///command.cgi?command=gamesearch&p1;="...

Axis Communications Video Server 2.x - Command.cgi File Creation

Axis Communications Video Server 2.x - Command.cgi File Creation source: https://www.securityfocus.com/bid/6987/info It has been reported that the Axis Video Servers do not properly handle input to the 'command.cgi' script. Because of this, an attacker may be able to create arbitrary files that...