CVE-2026-45255

When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and use bsddialog1 to prompt the user to select a network. This is implemented using a shell script, and the code which handled network names was not careful to prevent expansion by...

CVE-2026-45255 Remote code execution via installer Wi-Fi access point scans

When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and use bsddialog1 to prompt the user to select a network. This is implemented using a shell script, and the code which handled network names was not careful to prevent expansion by...

EUVD-2026-31263

When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and use bsddialog1 to prompt the user to select a network. This is implemented using a shell script, and the code which handled network names was not careful to prevent expansion by...

CVE-2026-45255 Remote code execution via installer Wi-Fi access point scans

When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and use bsddialog1 to prompt the user to select a network. This is implemented using a shell script, and the code which handled network names was not careful to prevent expansion by...

CVE-2026-45255

When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and use bsddialog1 to prompt the user to select a network. This is implemented using a shell script, and the code which handled network names was not careful to prevent expansion by...

FreeBSD-SA-26:23.bsdinstall

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:23.bsdinstall Security Advisory The FreeBSD Project Topic: Remote code execution via installer Wi-Fi access point scans Category: core Module: bsdinstall...

CVE-2023-45208

A command injection in the parsingxmlstasurvey function inside libcgifunc.so of the D-Link DAP-X1860 repeater 1.00 through 1.01b05-01 allows attackers within range of the repeater to run shell commands as root during the setup process of the repeater, via a crafted SSID. Also, network names...

Anyka Microelectronics AK3918EV300 MCU 命令注入漏洞

Anyka Microelectronics AK3918EV300 MCU is a single chip from Anyka Microelectronics China. A security vulnerability exists in the Anyka Microelectronics AK3918EV300 MCU v18. The vulnerability can be exploited by an attacker to execute arbitrary commands via a specially crafted wifi SSID or passwo...

PT-2021-7934 · Luci +1 · Luci +1

Name of the Vulnerable Software and Affected Versions: OpenWrt versions 18.06.0 through 18.06.4 Description: The issue is related to a stored XSS vulnerability in LuCI, a component of OpenWrt. This vulnerability can be exploited via a crafted SSID, potentially allowing a remote attacker to perfor...

CVE-2017-18483

ANNKE SP1 HD wireless camera 3.4.1.1604071109 devices allow XSS via a crafted SSID...

CVE-2018-17337

Intelbras NPLUG 1.0.0.14 devices have XSS via a crafted SSID that is received via a network broadcast...

Tenda D152 ADSL Cross-Site Scripting Vulnerability

Tenda D152 ADSL is a wireless router product from Tenda China. A security vulnerability exists in the Tenda D152 ADSL. The vulnerability can be exploited by remote attackers to inject arbitrary web script or HTML via a specially crafted SSID...

CVE-2018-8772

Coship RT3052 4.0.0.48 devices allow XSS via a crafted SSID field on the "Wireless Setting - Basic" screen...

PT-2017-13302 · Intelbras · Intelbras Wireless N 150Mbps Router

Name of the Vulnerable Software and Affected Versions: Intelbras Wireless N 150Mbps router with firmware WRN 240 Description: The issue allows attackers to steal wireless credentials without being connected to the network. This is related to userRpm/popupSiteSurveyRpm.htm and...

Newphoria applican framework cross-site scripting vulnerability (CNVD-2015-07764)

Newphoria applican framework for Android and iOS is a set of application development framework based on Android and iOS platforms from Newphoria, Japan. A cross-site scripting vulnerability exists in the runtime engine of Newphoria applican framework 1.12.6 and earlier versions for Android and...