14 matches found
EUVD-2026-10092
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain an OS command injection vulnerability in the /goform/PingTestSet endpoint that allows unauthenticated remote attackers to execute arbitrary operating system commands. Attackers can inject malicious commands through th...
CVE-2026-25070
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain an OS command injection vulnerability in the /goform/PingTestSet endpoint that allows unauthenticated remote attackers to execute arbitrary operating system commands. Attackers can inject malicious commands through th...
CVE-2026-25070 XikeStor SKS8310-8X PingTestSet Command Injection
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain an OS command injection vulnerability in the /goform/PingTestSet endpoint that allows unauthenticated remote attackers to execute arbitrary operating system commands. Attackers can inject malicious commands through th...
Tenda O3V2 /goform/setPing file buffer overflow vulnerability
Tenda O3V2 is an outdoor wireless bridge from Tenda, China. The Tenda O3V2 suffers from a buffer overflow vulnerability, which originates from the failure of the parameter destIP in the file /goform/setPing to correctly validate the length and size of the input data, which can be exploited by an...
CVE-2025-7419
A vulnerability was found in Tenda O3V2 1.0.0.123880. It has been classified as critical. This affects the function fromSpeedTestSet of the file /goform/setRateTest of the component httpd. The manipulation of the argument destIP leads to stack-based buffer overflow. It is possible to initiate the...
CVE-2025-7419 Tenda O3V2 httpd setRateTest fromSpeedTestSet stack-based overflow
A vulnerability was found in Tenda O3V2 1.0.0.123880. It has been classified as critical. This affects the function fromSpeedTestSet of the file /goform/setRateTest of the component httpd. The manipulation of the argument destIP leads to stack-based buffer overflow. It is possible to initiate the...
CVE-2025-7418 Tenda O3V2 httpd setPing fromPingResultGet stack-based overflow
A vulnerability was found in Tenda O3V2 1.0.0.123880 and classified as critical. Affected by this issue is the function fromPingResultGet of the file /goform/setPing of the component httpd. The manipulation of the argument destIP leads to stack-based buffer overflow. The attack may be launched...
The vulnerability of the DestIP parameter in the microprogramming software for industrial Ethernet switches Moxa MGate 5105-MB-EIP allows a hacker to enhance their privileges or execute arbitrary code.
The vulnerability of the DestIP parameter in the microprogrammed industrial Ethernet switch Moxa MGate 5105-MB-EIP relates to the lack of measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability can allow a remote attacker to increase their...
VulnCheck KEV: CVE-2013-5948
The Network Analysis tab MainAnalysisContent.asp in the ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the Target field destIP parameter...
Moxa MGate 5105-MB-EIP OS Command Injection Vulnerability
The MGate 5105-MB-EIP is an industrial Ethernet gateway that supports MQTT or third-party cloud services e.g., Azure and Alibaba Cloud to build Modbus RTU/ASCII/TCP and EtherNet/IP network communications for IIoT applications. An operating system command injection vulnerability exists in the...
CVE-2020-8858
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Moxa MGate 5105-MB-EIP firmware version 4.1. Authentication is required to exploit this vulnerability. The specific flaw exists within the DestIP parameter within MainPing.asp. The issue results from...
CVE-2018-15887
MainAnalysisContent.asp in ASUS DSL-N12EC1 1.1.2.3345 is prone to Authenticated Remote Command Execution, which allows a remote attacker to execute arbitrary OS commands via service parameters, such as shell metacharacters in the destIP parameter of a cmdMethod=ping request...
CVE-2018-9285
MainAnalysisContent.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68U, RT-AC86U, RT-AC88U, RT-AC1900, RT-AC2900, and RT-AC3100 devices before 3.0.0.4.38410007; RT-N18U devices before 3.0.0.4.382.39935; RT-AC87U and RT-AC3200 devices before 3.0.0.4.382.50010; and RT-AC5300 devices before...
PT-2014-3002
Name of the Vulnerable Software and Affected Versions: ASUS RT-AC68U and other RT series routers versions prior to 3.0.0.4.374.5047 Description: The issue allows remote authenticated users to execute arbitrary commands via shell metacharacters in the destIP parameter in the Target field of the...