PT-2026-36601

Name of the Vulnerable Software and Affected Versions TRENDnet TEW-821DAP versions prior to 1.12B01 Description A flaw in the Firmware Update component allows remote OS command injection. The issue exists within the tools diagnostic function located in the /tmp/diagnostic file. This allows a remo...

TRENDnet TEW-821DAP 命令注入漏洞

TRENDnet TEW-821DAP is a wireless access point from the company TRENDnet. Versions of TRENDnet TEW-821DAP prior to 1.12B01 contained a command injection vulnerability. This vulnerability stemmed from improper operation of the toolsdiagnostic function, which could lead to OS command injections...

EUVD-2021-8898

Malicious code in bioql PyPI...

CVE-2021-21726

Some ZTE products have an input verification vulnerability in the diagnostic function interface. Due to insufficient verification of some parameters input by users, an attacker with high privileges can cause process exception by repeatedly inputting illegal parameters. This affects:...

CVE-2018-16217

The network diagnostic function ping in the Yeahlink Ultra-elegant IP Phone SIP-T41P firmware 66.83.0.35 allows a remote authenticated attacker to trigger OS commands or open a reverse shell via command injection...

CVE-2024-11253

A post-authentication command injection vulnerability in the "DNSServer” parameter of the diagnostic function in the Zyxel VMG8825-T50K firmware version V5.50ABOM.8.5C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system OS commands on a...

CVE-2024-9200

A post-authentication command injection vulnerability in the "host" parameter of the diagnostic function in Zyxel VMG4005-B50A firmware versions through V5.15ABQA.2.2C0 could allow an authenticated attacker with administrator privileges to execute operating system OS commands on a vulnerable devi...

CVE-2024-9200

CVE-2024-9200 describes a post-authentication command injection in the Zyxel VMG4005-B50A diagnostic function via the vulnerable host parameter. A user with administrator privileges can trigger OS commands on the device. Affected firmware: through V5.15(ABQA.2.2)C0. Root cause: lack of input hand...

PT-2024-9042 · Zyxel · Zyxel Vmg4005-B50A

Name of the Vulnerable Software and Affected Versions: Zyxel VMG4005-B50A firmware versions through V5.15ABQA.2.2C0 Description: The issue is related to a post-authentication command injection vulnerability in the host parameter of the diagnostic function. This vulnerability could allow an...

D-Link DWR-2000M 命令注入漏洞

The D-Link DWR-2000M is a wireless router from China AUO D-Link. A security vulnerability exists in the D-Link DWR-2000M. A local attacker can exploit the vulnerability to execute arbitrary code by sending a crafted payload to the diagnostic function...

CVE-2021-21726

Some ZTE products have an input verification vulnerability in the diagnostic function interface. Due to insufficient verification of some parameters input by users, an attacker with high privileges can cause process exception by repeatedly inputting illegal parameters. This affects:...

Input validation

Some ZTE products have an input verification vulnerability in the diagnostic function interface. Due to insufficient verification of some parameters input by users, an attacker with high privileges can cause process exception by repeatedly inputting illegal parameters. This affects:...

CVE-2021-21726

CVE-2021-21726 affects ZTE ZXONE series (ZXONE 9700, ZXONE 8700, ZXONE 19700) with specific firmware/version identifiers (e.g., V1.40.021.021CP049, V1.0P02B219_@NCPM-RELEASE_2.40R1-20200914.set). The vulnerability is an input verification flaw in the diagnostic function interface caused by insuff...

CVE-2021-21726

Some ZTE products have an input verification vulnerability in the diagnostic function interface. Due to insufficient verification of some parameters input by users, an attacker with high privileges can cause process exception by repeatedly inputting illegal parameters. This affects:...

CVE-2018-16217

The network diagnostic function ping in the Yeahlink Ultra-elegant IP Phone SIP-T41P firmware 66.83.0.35 allows a remote authenticated attacker to trigger OS commands or open a reverse shell via command injection...

Heap overflow

Unspecified vulnerability in the Modbus/TCP Diagnostic function in MiniHMI.exe for the Automated Solutions Modbus Slave ActiveX Control before 1.5 allows remote attackers to corrupt the heap and possibly execute arbitrary code via malformed Modbus requests to TCP port 502...

openmotif libUil buffer overflows

Multiple buffer overflows in libUil libUil.so in OpenMotif 2.2.3, and possibly other versions, allows attackers to execute arbitrary code via the 1 diagissuediagnostic function in UilDiags.c and 2 opensourcefile function in UilSrcSrc.c...