7 matches found
CVE-2026-12219 Yealink SIP-T46U Web FastCGI Service start mod_diagnose.CommandShellByType command injection
A flaw has been found in Yealink SIP-T46U 108.86.0.118. The impacted element is the function moddiagnose.CommandShellByType of the file /api/diagnosis/start of the component Web FastCGI Service. This manipulation of the argument Time causes command injection. The attack can be initiated remotely...
CVE-2022-45551
An issue discovered in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to escalate privileges via WGET command to the Network Diagnosis endpoint...
CVE-2022-45551
An issue discovered in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to escalate privileges via WGET command to the Network Diagnosis endpoint...
PT-2023-14702 · Shenzhen Zhiboton Electronics · Zbt We1626 Router
Name of the Vulnerable Software and Affected Versions: Shenzhen Zhiboton Electronics ZBT WE1626 Router version 21.06.18 Description: An issue in the router allows attackers to escalate privileges via the WGET command to the "Network Diagnosis" endpoint. Recommendations: For Shenzhen Zhiboton...
CVE-2022-45551
CVE-2022-45551 concerns Shenzhen Zhiboton Electronics ZBT WE1626 Router (version 21.06.18). The issue allows attackers to escalate privileges via the WGET command to the router’s Network Diagnosis endpoint. Affected component/flow appears to be the URL used for network diagnosis, with root cause ...
CVE-2022-45551
An issue discovered in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to escalate privileges via WGET command to the Network Diagnosis endpoint...
PT-2022-23828 · D Link · D-Link Dir-878 +1
Name of the Vulnerable Software and Affected Versions: D-Link DIR-816 versions A2 v1.10CNB04 D-Link DIR-878 version DIR 878 FW1.30B08 Description: A command injection issue occurs in the /goform/Diagnosis endpoint, where the setnum variable is spliced into v10 by snprintf, allowing system executi...