15 matches found
EUVD-2026-10092
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain an OS command injection vulnerability in the /goform/PingTestSet endpoint that allows unauthenticated remote attackers to execute arbitrary operating system commands. Attackers can inject malicious commands through th...
CVE-2026-25070
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain an OS command injection vulnerability in the /goform/PingTestSet endpoint that allows unauthenticated remote attackers to execute arbitrary operating system commands. Attackers can inject malicious commands through th...
CVE-2026-25070 XikeStor SKS8310-8X PingTestSet Command Injection
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain an OS command injection vulnerability in the /goform/PingTestSet endpoint that allows unauthenticated remote attackers to execute arbitrary operating system commands. Attackers can inject malicious commands through th...
The vulnerability of the fromPingResultGet() function (/goform/setPing) in the Tenda O3 wireless access point software allows a hacker to execute arbitrary code or cause service failure.
The vulnerability of the fromPingResultGet /goform/setPing function in the Tenda O3 wireless access point software lies in the issue of the operation going beyond the buffer in memory when processing the destIP parameter. Exploiting this vulnerability allows an attacker to execute arbitrary code ...
Tenda O3V2 /goform/setPing file buffer overflow vulnerability
Tenda O3V2 is an outdoor wireless bridge from Tenda, China. The Tenda O3V2 suffers from a buffer overflow vulnerability, which originates from the failure of the parameter destIP in the file /goform/setPing to correctly validate the length and size of the input data, which can be exploited by an...
CVE-2025-7419
A vulnerability was found in Tenda O3V2 1.0.0.123880. It has been classified as critical. This affects the function fromSpeedTestSet of the file /goform/setRateTest of the component httpd. The manipulation of the argument destIP leads to stack-based buffer overflow. It is possible to initiate the...
CVE-2025-7419 Tenda O3V2 httpd setRateTest fromSpeedTestSet stack-based overflow
A vulnerability was found in Tenda O3V2 1.0.0.123880. It has been classified as critical. This affects the function fromSpeedTestSet of the file /goform/setRateTest of the component httpd. The manipulation of the argument destIP leads to stack-based buffer overflow. It is possible to initiate the...
CVE-2025-7418 Tenda O3V2 httpd setPing fromPingResultGet stack-based overflow
A vulnerability was found in Tenda O3V2 1.0.0.123880 and classified as critical. Affected by this issue is the function fromPingResultGet of the file /goform/setPing of the component httpd. The manipulation of the argument destIP leads to stack-based buffer overflow. The attack may be launched...
The vulnerability of the DestIP parameter in the microprogramming software for industrial Ethernet switches Moxa MGate 5105-MB-EIP allows a hacker to enhance their privileges or execute arbitrary code.
The vulnerability of the DestIP parameter in the microprogrammed industrial Ethernet switch Moxa MGate 5105-MB-EIP relates to the lack of measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability can allow a remote attacker to increase their...
VulnCheck KEV: CVE-2013-5948
The Network Analysis tab MainAnalysisContent.asp in the ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the Target field destIP parameter...
Moxa MGate 5105-MB-EIP OS Command Injection Vulnerability
The MGate 5105-MB-EIP is an industrial Ethernet gateway that supports MQTT or third-party cloud services e.g., Azure and Alibaba Cloud to build Modbus RTU/ASCII/TCP and EtherNet/IP network communications for IIoT applications. An operating system command injection vulnerability exists in the...
CVE-2020-8858
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Moxa MGate 5105-MB-EIP firmware version 4.1. Authentication is required to exploit this vulnerability. The specific flaw exists within the DestIP parameter within MainPing.asp. The issue results from...
CVE-2018-15887
MainAnalysisContent.asp in ASUS DSL-N12EC1 1.1.2.3345 is prone to Authenticated Remote Command Execution, which allows a remote attacker to execute arbitrary OS commands via service parameters, such as shell metacharacters in the destIP parameter of a cmdMethod=ping request...
CVE-2018-9285
MainAnalysisContent.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68U, RT-AC86U, RT-AC88U, RT-AC1900, RT-AC2900, and RT-AC3100 devices before 3.0.0.4.38410007; RT-N18U devices before 3.0.0.4.382.39935; RT-AC87U and RT-AC3200 devices before 3.0.0.4.382.50010; and RT-AC5300 devices before...
PT-2014-3002
Name of the Vulnerable Software and Affected Versions: ASUS RT-AC68U and other RT series routers versions prior to 3.0.0.4.374.5047 Description: The issue allows remote authenticated users to execute arbitrary commands via shell metacharacters in the destIP parameter in the Target field of the...