Tp-Link Archer AX53 v1.0 configuration restore crt.sed vulnerability

Talos Vulnerability Report TALOS-2025-2304 Tp-Link Archer AX53 v1.0 configuration restore crt.sed vulnerability May 7, 2026 CVE Number CVE-2026-30816 SUMMARY An external config control vulnerability exists in the Openvpn configuration restore crt.sed functionality of Tp-Link Archer AX53 v1.0 1.3....

CVE-2025-59895

Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a remote denial-of-service DoS vulnerability in the configuration restore functionality. The issue is due to insufficient validation of user-supplied data during this process. An attacker could send malicious reques...

EUVD-2022-29169

Malicious code in bioql PyPI...

upload-server-for-novi-software-security

project: "TP-Link TL-WR841N Firmware Security Assessment" descr...

CVE-2022-24262

The config restore function of Voipmonitor GUI before v24.96 does not properly check files sent as restore archives, allowing remote attackers to execute arbitrary commands via a crafted file in the web root...

D-LINK DWL-6610 Command Injection Vulnerability

The D-Link DWL-6610 is a wireless access point from D-Link. A security vulnerability exists in the D-LINK DWL-6610 due to a command injection vulnerability in the configuploadhandler function. An attacker can use this vulnerability to execute arbitrary commands via the configRestore parameter...

PT-2023-5381 · D Link · D-Link Dwl-6610Ap

Name of the Vulnerable Software and Affected Versions: D-LINK DWL-6610 version 4.3.0.8B003C Description: The issue is related to a command injection vulnerability in the config upload handler function. This vulnerability allows attackers to execute arbitrary commands via the configRestore...

CVE-2022-24262

The config restore function of Voipmonitor GUI before v24.96 does not properly check files sent as restore archives, allowing remote attackers to execute arbitrary commands via a crafted file in the web root...

CVE-2022-24262

The config restore function of Voipmonitor GUI before v24.96 does not properly check files sent as restore archives, allowing remote attackers to execute arbitrary commands via a crafted file in the web root...

Command injection

The config restore function of Voipmonitor GUI before v24.96 does not properly check files sent as restore archives, allowing remote attackers to execute arbitrary commands via a crafted file in the web root...

CVE-2022-24262

VoIPmonitor GUI vulnerability CVE-2022-24262 affects the GUI prior to v24.96 where the config restore function does not validate restore archive files, enabling remote command execution via a crafted file in the web root. The issue stems from insufficient checks on archive formats during restore....

Command injection

D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Restore Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=configrestore configRestore or configServerip parameter...

DLink DWL-2600AP - Multiple OS Command Injection Vulnerability

Exploit for hardware platform in category web applications Document Title: =============== D-Link DWL-2600AP - Authenticated OS Command Injection Restore Configuration Product & Service Introduction: =============================== The D-Link DWL-2600AP has a web interface for configuration. You...

CVE-2017-5258

In version 3.5 and prior of Cambium Networks ePMP firmware, an attacker who knows or can guess the RW community string can provide a URL for a configuration file over SNMP with XSS strings in certain SNMP OIDs, serve it via HTTP, and the affected device will perform a configuration restore using...

Command injection

An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request trigger this vulnerability...

CVE-2017-2916

An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an arbitrary file to be overwritten. An attacker can send an HTTP request to trigger this vulnerability...

Circle with Disney Backlink Vulnerability

Circle with Disney is a set of network monitoring and management devices for monitoring children's online behavior from Circle Media, Inc. in the United States. A backlink vulnerability exists in the /api/CONFIG/restore function in Circle with Disney version 2.0.1. An attacker can exploit this...