Lucene search
K

17 matches found

Positive Technologies
Positive Technologies
added 2026/02/15 12:0 a.m.13 views

PT-2026-8243

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted POST requests to the diag ping.php endpoint with script payloads ...

6.1CVSS5.5AI score0.00241EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/02/15 12:0 a.m.9 views

Deciso OPNsense 跨站脚本漏洞

Deciso OPNsense is a firewall and router operating system developed by the Dutch company Deciso. Version 19.1 of Decivo OPNsense contains a cross-site scripting vulnerability. This vulnerability stems from insufficient input validation for the host parameter in the diagping.php endpoint, which ma...

6.1CVSS5.9AI score0.00241EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/09/16 7:24 p.m.6 views

CVE-2025-10401

A vulnerability was detected in D-Link DIR-823x up to 250416. The affected element is an unknown function of the file /goform/diagping. Performing manipulation of the argument targetaddr results in command injection. Remote exploitation of the attack is possible. The exploit is now public and may...

8.8CVSS6.8AI score0.0815EPSS
Exploits1References1
OSV
OSV
added 2025/09/14 4:15 p.m.5 views

CVE-2025-10401

A vulnerability was detected in D-Link DIR-823x up to 250416. The affected element is an unknown function of the file /goform/diagping. Performing manipulation of the argument targetaddr results in command injection. Remote exploitation of the attack is possible. The exploit is now public and may...

8.8CVSS5.6AI score0.0815EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/09/14 3:32 p.m.17 views

CVE-2025-10401 D-Link DIR-823x diag_ping command injection

A vulnerability was detected in D-Link DIR-823x up to 250416. The affected element is an unknown function of the file /goform/diagping. Performing manipulation of the argument targetaddr results in command injection. Remote exploitation of the attack is possible. The exploit is now public and may...

6.5CVSS0.0815EPSS
Exploits1References5
CVE
CVE
added 2025/09/14 3:32 p.m.17 views

CVE-2025-10401

CVE-2025-10401 concerns the D-Link DIR-823x family (firmware up to 250416). The vulnerability exists in the diag_ping handling (file path /goform/diag_ping) where manipulation of the target_addr argument enables arbitrary command execution via a command-injection flaw. It is a remote exploit with...

8.8CVSS6.6AI score0.0815EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2025/09/14 12:0 a.m.4 views

D-Link DIR-823X 命令注入漏洞

The D-Link DIR-823X is a wireless router from China's AUO D-Link. A command injection vulnerability exists in the D-Link DIR-823x 250416 and prior versions, which stems from the failure to properly filter constructed command special characters, commands, etc. in the parameter targetaddr in the fi...

8.8CVSS7.8AI score0.0815EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/09/14 12:0 a.m.6 views

PT-2025-37415

Name of the Vulnerable Software and Affected Versions: D-Link DIR-823x versions up to 250416 Description: A command injection issue exists in D-Link DIR-823x firmware. The issue is located in an unknown function within the /goform/diag ping file. Manipulation of the target addr argument allows fo...

6.5CVSS6.4AI score0.0815EPSS
Exploits1References10
RedhatCVE
RedhatCVE
added 2025/05/23 2:34 a.m.7 views

CVE-2023-32632

A command execution vulnerability exists in the validate.so diagpingstart functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability...

9.8CVSS7.3AI score0.01212EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/04/23 12:0 a.m.6 views

The vulnerability of the setNetworkDiag function in TOTOLINK CA300-PoE router microprogramming software allows a attacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the setNetworkDiag function in TOTOLINK CA300-PoE router microprogramming software is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibili...

10CVSS7.7AI score0.01946EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2024/12/27 12:0 a.m.4 views

Overtek OT-E801G 安全漏洞

The Overtek OT-E801G is a network device from Overtek. Overtek OT-E801G OTE801G65.1.1.0 has a security vulnerability that originates from the file /diagping.cmd?action=test&interface=ppp0.1&ipaddr=8.8.8.8%26%26cat%20/etc/passwd& ipversion=4&sessionKey=test causes OS command injection...

6.5CVSS6.7AI score0.01795EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/11/25 12:0 a.m.4 views

EnGenius多款产品 注入漏洞

The EnGenius ENH1350EXT and others are an outdoor wireless access point from EnGenius. An injection vulnerability exists in several EnGenius products, which stems from a mis-manipulation of the parameter diagping that can lead to command injection. The following products are affected: EnGenius...

7.2CVSS5.4AI score0.27489EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/11/25 12:0 a.m.5 views

PT-2024-17164 · Engenius · Engenius Ens500-Ac +2

Name of the Vulnerable Software and Affected Versions: EnGenius ENH1350EXT versions up to 20241118 EnGenius ENS500-AC versions up to 20241118 EnGenius ENS620EXT versions up to 20241118 Description: A critical vulnerability was found in the specified EnGenius devices, affecting the file...

7.2CVSS5.5AI score0.27489EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2024/11/21 12:0 a.m.7 views

PT-2024-33071 · Linksys · Linksys E3000

Name of the Vulnerable Software and Affected Versions: Linksys E3000 version 1.0.06.002 US Description: The issue is related to command injection via the diag ping start function. Recommendations: For Linksys E3000 version 1.0.06.002 US, consider disabling the diag ping start function until a pat...

8CVSS7.8AI score0.12449EPSS
Exploits1References2
OSV
OSV
added 2023/02/03 4:15 p.m.6 views

CVE-2023-24140

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingNum parameter in the setNetworkDiag function...

9.8CVSS7.3AI score0.01946EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/02/03 12:0 a.m.5 views

TOTOLINK CA300-PoE 命令注入漏洞

The TOTOLINK CA300-PoE is a wireless access point from China Gion Electronics TOTOLINK. A security vulnerability exists in TOTOLINK CA300-PoE version V6.2c.884, which is caused by a command injection issue in the NetDiagPingNum parameter of the setNetworkDiag method...

9.8CVSS8.5AI score0.01946EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/11/23 12:0 a.m.6 views

PT-2022-8676 · Optilink · Optilink Op-Xt71000N

Name of the Vulnerable Software and Affected Versions: OPTILINK OP-XT71000N version 2.2 Description: The issue is related to Remote Code Execution. It occurs when an attacker sends arbitrary code to the "/diag ping admin.asp" API endpoint, specifically to the "PingTest" interface, leading to...

9.8CVSS8.3AI score0.02088EPSS
Exploits0References4
Rows per page
Query Builder