17 matches found
PT-2026-8243
OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted POST requests to the diag ping.php endpoint with script payloads ...
Deciso OPNsense 跨站脚本漏洞
Deciso OPNsense is a firewall and router operating system developed by the Dutch company Deciso. Version 19.1 of Decivo OPNsense contains a cross-site scripting vulnerability. This vulnerability stems from insufficient input validation for the host parameter in the diagping.php endpoint, which ma...
CVE-2025-10401
A vulnerability was detected in D-Link DIR-823x up to 250416. The affected element is an unknown function of the file /goform/diagping. Performing manipulation of the argument targetaddr results in command injection. Remote exploitation of the attack is possible. The exploit is now public and may...
CVE-2025-10401
A vulnerability was detected in D-Link DIR-823x up to 250416. The affected element is an unknown function of the file /goform/diagping. Performing manipulation of the argument targetaddr results in command injection. Remote exploitation of the attack is possible. The exploit is now public and may...
CVE-2025-10401 D-Link DIR-823x diag_ping command injection
A vulnerability was detected in D-Link DIR-823x up to 250416. The affected element is an unknown function of the file /goform/diagping. Performing manipulation of the argument targetaddr results in command injection. Remote exploitation of the attack is possible. The exploit is now public and may...
CVE-2025-10401
CVE-2025-10401 concerns the D-Link DIR-823x family (firmware up to 250416). The vulnerability exists in the diag_ping handling (file path /goform/diag_ping) where manipulation of the target_addr argument enables arbitrary command execution via a command-injection flaw. It is a remote exploit with...
D-Link DIR-823X 命令注入漏洞
The D-Link DIR-823X is a wireless router from China's AUO D-Link. A command injection vulnerability exists in the D-Link DIR-823x 250416 and prior versions, which stems from the failure to properly filter constructed command special characters, commands, etc. in the parameter targetaddr in the fi...
PT-2025-37415
Name of the Vulnerable Software and Affected Versions: D-Link DIR-823x versions up to 250416 Description: A command injection issue exists in D-Link DIR-823x firmware. The issue is located in an unknown function within the /goform/diag ping file. Manipulation of the target addr argument allows fo...
CVE-2023-32632
A command execution vulnerability exists in the validate.so diagpingstart functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability...
The vulnerability of the setNetworkDiag function in TOTOLINK CA300-PoE router microprogramming software allows a attacker to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the setNetworkDiag function in TOTOLINK CA300-PoE router microprogramming software is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibili...
Overtek OT-E801G 安全漏洞
The Overtek OT-E801G is a network device from Overtek. Overtek OT-E801G OTE801G65.1.1.0 has a security vulnerability that originates from the file /diagping.cmd?action=test&interface=ppp0.1&ipaddr=8.8.8.8%26%26cat%20/etc/passwd& ipversion=4&sessionKey=test causes OS command injection...
EnGenius多款产品 注入漏洞
The EnGenius ENH1350EXT and others are an outdoor wireless access point from EnGenius. An injection vulnerability exists in several EnGenius products, which stems from a mis-manipulation of the parameter diagping that can lead to command injection. The following products are affected: EnGenius...
PT-2024-17164 · Engenius · Engenius Ens500-Ac +2
Name of the Vulnerable Software and Affected Versions: EnGenius ENH1350EXT versions up to 20241118 EnGenius ENS500-AC versions up to 20241118 EnGenius ENS620EXT versions up to 20241118 Description: A critical vulnerability was found in the specified EnGenius devices, affecting the file...
PT-2024-33071 · Linksys · Linksys E3000
Name of the Vulnerable Software and Affected Versions: Linksys E3000 version 1.0.06.002 US Description: The issue is related to command injection via the diag ping start function. Recommendations: For Linksys E3000 version 1.0.06.002 US, consider disabling the diag ping start function until a pat...
CVE-2023-24140
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingNum parameter in the setNetworkDiag function...
TOTOLINK CA300-PoE 命令注入漏洞
The TOTOLINK CA300-PoE is a wireless access point from China Gion Electronics TOTOLINK. A security vulnerability exists in TOTOLINK CA300-PoE version V6.2c.884, which is caused by a command injection issue in the NetDiagPingNum parameter of the setNetworkDiag method...
PT-2022-8676 · Optilink · Optilink Op-Xt71000N
Name of the Vulnerable Software and Affected Versions: OPTILINK OP-XT71000N version 2.2 Description: The issue is related to Remote Code Execution. It occurs when an attacker sends arbitrary code to the "/diag ping admin.asp" API endpoint, specifically to the "PingTest" interface, leading to...