TRENDnet TEW-821DAP 数据伪造问题漏洞

TRENDnet TEW-821DAP is a wireless access point from the company TRENDnet. The version TRENDnet TEW-821DAP 1.12B01 has a vulnerability related to data falsification. This vulnerability stems from improper handling of the parameter dest in the findHWid/newGuiUpdateFirmware function within the...

Open Redirect

Overview @saltcorn/server is a Server app for Saltcorn, open-source no-code platform Affected versions of this package are vulnerable to Open Redirect via the isrelativeurl function. An attacker can redirect users to an external, attacker-controlled domain by crafting a malicious URL that exploit...

TRENDnet TEW-713RE Command Injection Vulnerability

The TRENDnet TEW-713RE is a wireless network range extender from TRENDnet. The TRENDnet TEW-713RE suffers from a command injection vulnerability that originates from a misuse of the parameter dest in the file /goform/addRouting, which can be exploited by an attacker to cause arbitrary command...

CVE-2026-5183

A vulnerability was determined in TRENDnet TEW-713RE up to 1.02. The affected element is the function sub421494 of the file /goform/addRouting. Executing a manipulation of the argument dest can lead to command injection. It is possible to launch the attack remotely. The exploit has been publicly...

CVE-2026-5183

CVE-2026-5183 affects TRENDNet TEW-713RE (up to firmware 1.02). The vulnerable element is the function sub_421494 in the file /goform/addRouting; manipulating the argument dest can cause a remote command injection. Public exploit information exists; vendor has not responded to disclosure. Connect...

PT-2026-29200

A vulnerability was determined in TRENDnet TEW-713RE up to 1.02. The affected element is the function sub 421494 of the file /goform/addRouting. Executing a manipulation of the argument dest can lead to command injection. It is possible to launch the attack remotely. The exploit has been publicly...

TRENDnet TEW-713RE 命令注入漏洞

The TRENDnet TEW-713RE is a wireless network range extender from TRENDnet. The TRENDnet TEW-713RE suffers from a command injection vulnerability that originates from a misuse of the parameter dest in the file /goform/addRouting, which can be exploited by an attacker to cause arbitrary command...

EUVD-2007-2041

Malware in sbrugna...

EUVD-2008-0926

Malware in sbrugna...

TOTOLINK T6 dest parameter buffer overflow vulnerability

TOTOLINK T6 is a wireless dual-band router from China's Gion Electronics TOTOLINK. A buffer overflow vulnerability exists in TOTOLINK T6 version 4.1.5cu.748B20211015, which originates from the parameter dest of the recvSlaveStaInfo function of the MQTT service failing to correctly validate the...

The vulnerability of the recvSlaveStaInfo() function in the MQTT service of the TOTOLink T6 microprogramming system allows a attacker to execute arbitrary code.

The vulnerability of the recvSlaveStaInfo function in the MQTT service of the TOTOLink T6 mesh-system’s microprogramming system is related to the issue of the operation going beyond the buffer in memory when processing the dest parameter. Exploiting this vulnerability allows a remote attacker to...

The vulnerability of the fromTraceroutGet() function (/goform/getTraceroute) in the Tenda O3 wireless access point software allows a intruder to execute arbitrary commands.

The vulnerability of the fromTraceroutGet function /goform/getTraceroute in the Tenda O3 wireless access point software exists because measures are not taken to neutralize special elements when processing the dest parameter. Exploiting this vulnerability allows a remote attacker to execute...

Tenda O3V2 /goform/getTraceroute file command injection vulnerability

Tenda O3V2 is an outdoor wireless bridge from Tenda, China. The Tenda O3V2 suffers from a command injection vulnerability that stems from the parameter dest in the file /goform/getTraceroute failing to correctly filter constructed command special characters, commands, and so on. No details of the...

CVE-2025-3882

eCharge Hardy Barth cPH2 nwcheckexec.php dest Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of eCharge Hardy Barth cPH2 charging stations. Authentication is not required to exploit th...

eCharge Hardy Barth cPH2 操作系统命令注入漏洞

The eCharge Hardy Barth cPH2 is an electric vehicle charging station from eCharge. The eCharge Hardy Barth cPH2 suffers from an operating system command injection vulnerability that stems from the dest parameter not being properly validated in the nwcheckexec.php endpoint, which could lead to...

GFI Kerio Control 安全漏洞

GFI Kerio Control is a Unified Threat Management UTM solution from GFI Malta. The product includes features such as virus protection, web content filtering and application filtering. A security vulnerability exists in GFI Kerio Control that stems from the Dest parameter on some pages not being...

WAVLINK AC3000 命令注入漏洞

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. A command injection vulnerability exists in the WAVLINK AC3000 M33A8.V5030.210505 version, which originates from the internet.cgi setaddrouting function's dest parameter failing to properly filter constructed command special character...

PT-2025-2555 · Wavlink · Wavlink Ac3000

Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 M33A8.V5030.210505 Description: Multiple OS command injection vulnerabilities exist in the set add routing functionality of the internet.cgi script. A specially crafted HTTP request can lead to arbitrary command execution. An...

VulnCheck KEV: CVE-2024-52875

Several vulnerabilities are present in GFI KerioControl due to improper sanitization of the 'dest' GET parameter used to generate a 'Location' HTTP header. The affected endpoints include /nonauth/addCertException.cs, /nonauth/guestConfirm.cs, and /nonauth/expiration.cs. Exploitation could allow...

VulnCheck KEV: CVE-2021-22873

Revive Adserver before 5.1.0 is vulnerable to open redirects via the dest, oadest, and/or ct0 parameters of the lg.php and ck.php delivery scripts. Such open redirects had previously been available by design to allow third party ad servers to track such metrics when delivering ads. However,...