EUVD-2026-30955

In the web management interface of Archer AX72 SG v1, the network diagnostic feature improperly handles invalid user input, resulting in limited exposure of diagnostic command usage information. An authenticated attacker with administrative privileges could exploit this issue to confirm the...

CVE-2026-5511

In the web management interface of Archer AX72 SG v1, the network diagnostic feature improperly handles invalid user input, resulting in limited exposure of diagnostic command usage information. An authenticated attacker with administrative privileges could exploit this issue to confirm the...

CVE-2026-1735 Yealink MeetingBar A30 Diagnostic command injection

A weakness has been identified in Yealink MeetingBar A30 133.321.0.3. This issue affects some unknown processing of the component Diagnostic Handler. This manipulation causes command injection. It is feasible to perform the attack on the physical device. The exploit has been made available to the...

Arista Edge Threat Management - Arista Next Generation Firewall Versions 安全漏洞

Arista Edge Threat Management - Arista Next Generation Firewall Versions is a next-generation firewall from Arista USA. A security vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall Versions that stems from a diagnostic command injection flaw...

EUVD-2023-31725

Malicious code in bioql PyPI...

upload-server-for-novi-software-security

project: "TP-Link TL-WR841N Firmware Security Assessment" descr...

CVE-2020-6648

A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an authenticated attacker to obtain sensitive information such as users passwords by connecting to FortiGate CLI and executi...

CVE-2019-14094

Integer overflow in diag command handler when user inputs a large value for number of tasks field in the request packet in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT...

U.S. Dept Of Defense: Unauthenticated LFI (Local File Inclusion) using the symbol `!` At the target `https://████/`

The endpoint at https://████/jolokia/exec/com.sun.management:type=DiagnosticCommand/compilerDirectivesAdd/ was vulnerable to unauthenticated local file inclusion using the symbol '!'. This allowed reading local files on the server, such as /etc/passwd and /etc/crontab...

PT-2023-24141 · Qualcomm · 315 5G Iot Modem Firmware +220

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves memory corruption when using the UIM diag command to retrieve the operator's name. No information is provided about the estimated...

PT-2022-9970 · Qualcomm · Snapdragon Compute +6

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon affected versions not specified Description: The issue is related to a possible buffer overflow due to the lack of a range check while processing a DIAG command for COEX management. This affects various Qualcomm Snapdragon...

多款Qualcomm产品缓冲区错误漏洞

Qualcomm MDM9206 and others are products of Qualcomm Incorporated Qualcomm.MDM9206 is a central processing unit CPU product.MDM9607 is a central processing unit CPU product.MDM9640 is a central processing unit CPU product.MDM9640 is a central processing unit CPU product.MDM9640 is a central...

Cisco IOS XE elevation of privilege vulnerability (CNVD-2021-22187)

Cisco IOS XE is a set of modular operating system based on Linux kernel developed by Cisco for its network equipment. An elevation of privilege vulnerability exists in the diagnostic command of the Plug and Play PnP subsystem of Cisco IOS XE. The vulnerability stems from inadequate protection of...

CVE-2021-1442

A vulnerability in a diagnostic command for the Plug-and-Play PnP subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to the level of an Administrator user level 15 on an affected device. The vulnerability is due to insufficient protection of...

CVE-2021-1390

A vulnerability in one of the diagnostic test CLI commands of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker would need to have valid user credentials at privilege level 15. This...

CVE-2021-1442 Cisco IOS XE Software Plug-and-Play Privilege Escalation Vulnerability

A vulnerability in a diagnostic command for the Plug-and-Play PnP subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to the level of an Administrator user level 15 on an affected device. The vulnerability is due to insufficient protection of...

CVE-2021-1442 Cisco IOS XE Software Plug-and-Play Privilege Escalation Vulnerability

A vulnerability in a diagnostic command for the Plug-and-Play PnP subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to the level of an Administrator user level 15 on an affected device. The vulnerability is due to insufficient protection of...

CVE-2021-1442

CVE-2021-1442 describes a privilege-escalation in Cisco IOS XE’s Plug-and-Play (PnP) subsystem. An authenticated, local attacker can exploit the diagnostic CLI (show pnp profile) on a device with a specific PnP listener enabled to obtain a privileged authentication token and execute privileged co...

Cisco IOS XE Software Plug-and-Play Privilege Escalation Vulnerability

A vulnerability in a diagnostic command for the Plug-and-Play PnP subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to the level of an Administrator user level 15 on an affected device. The vulnerability is due to insufficient protection of...

Cisco IOS XE Software 安全漏洞

Cisco IOS XE is a set of modular operating system based on Linux kernel developed by Cisco for its network equipment. A local elevation of privilege vulnerability exists in one of the diagnostic test CLI commands for Cisco IOS XE. The vulnerability stems from the fact that the affected software...