Tigo Energy Cloud Connect Advanced Command Injection Vulnerability

The Tigo Energy Cloud Connect Advanced is a compact data logger from Tigo Energy USA. Tigo Energy Cloud Connect Advanced suffers from a command injection vulnerability due to a flaw in the /cgi-bin/mobileapi endpoint when the DEVICEPING command is invoked. An attacker could exploit the...

The vulnerability of the DEVICE_PING command in the monitoring and control software for solar energy systems, Tigo Cloud Connect Advanced (CCA), allows a hacker to gain unauthorized access to protected information, execute arbitrary commands, or cause service interruptions.

The vulnerability of the DEVICEPING command in the monitoring and management tool for solar energy systems, Tigo Cloud Connect Advanced CCA, is related to the lack of data cleaning at the control level during the processing of the final endpoint /cgi-bin/mobileapi. Exploiting this vulnerability c...

Tigo Energy Cloud Connect Advanced 命令注入漏洞

The Tigo Energy Cloud Connect Advanced is a compact data logger from Tigo Energy USA. Tigo Energy Cloud Connect Advanced suffers from a command injection vulnerability due to a flaw in the /cgi-bin/mobileapi endpoint when the DEVICEPING command is invoked. An attacker could exploit the...

CVE-2025-26320

CVE-2025-26320 affects BroadlinkManager v5.9.1. The vulnerability is an OS command injection via the IP Address parameter in /device/ping. Reported scores show CVSS 3.1: Network vector, low attack complexity, no privileges required, no user interaction, confidentiality/integrity impact Low, avail...