VulnCheck KEV: CVE-2023-51833

A command injection issue in TRENDnet TEW-411BRPplus v.2.07eu that allows a local attacker to execute arbitrary code via the data1 parameter in the debug.cgi page...

VulnCheck KEV: CVE-2010-2506

Cross-site scripting XSS vulnerability in debug.cgi in Linksys WAP54Gv3 firmware 3.05.03 and 3.04.03 allows remote attackers to inject arbitrary web script or HTML via the data1 parameter...

CVE-2023-51833

A command injection issue in TRENDnet TEW-411BRPplus v.2.07eu that allows a local attacker to execute arbitrary code via the data1 parameter in the debug.cgi page...

CVE-2023-51833

A command injection issue in TRENDnet TEW-411BRPplus v.2.07eu that allows a local attacker to execute arbitrary code via the data1 parameter in the debug.cgi page...

Command injection

A command injection issue in TRENDnet TEW-411BRPplus v.2.07eu that allows a local attacker to execute arbitrary code via the data1 parameter in the debug.cgi page...

CVE-2023-51833

Affected product: TRENDnet TEW-411BRPplus router (firmware v2.07_eu). Description across sources: a command-injection vulnerability exists in the debug.cgi page, exploitable via the data1 parameter. Root cause is unsanitized/unsafe input handling in the debug.cgi endpoint, enabling local users to...

TRENDnet TEW-411BRPplus Command Injection Vulnerability

The TRENDnet TEW-411BRPplus is a wireless router from Trendnet, Inc. A command injection vulnerability exists in the TRENDnet TEW-411BRPplus version v.2.07eu, which originates from a vulnerability that allows a local attacker to execute arbitrary code via the data1 parameter in the debug.cgi page...

CVE-2023-51833

A command injection issue in TRENDnet TEW-411BRPplus v.2.07eu that allows a local attacker to execute arbitrary code via the data1 parameter in the debug.cgi page...

PT-2024-14307

Name of the Vulnerable Software and Affected Versions TRENDnet TEW-411BRPplus version 2.07 eu Description A command injection issue exists in TRENDnet TEW-411BRPplus version 2.07 eu that allows a local attacker to execute arbitrary code. This is achieved by manipulating the data1 parameter within...

Cross site scripting

Cross-site scripting XSS vulnerability in debug.cgi in Linksys WAP54Gv3 firmware 3.05.03 and 3.04.03 allows remote attackers to inject arbitrary web script or HTML via the data1 parameter...

Code injection

Linksys WAP54Gv3 firmware 3.04.03 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the 1 data2 and 2 data3 parameters to a Debugcommandpage.asp and b debug.cgi...

PT-2010-3244 · Linksys · Linksys Wap54Gv3

Name of the Vulnerable Software and Affected Versions: Linksys WAP54Gv3 firmware versions 3.04.03 and earlier Description: The issue allows remote attackers to execute arbitrary commands due to the use of hard-coded credentials for a debug interface on certain web pages. Specifically, the...