CVE-2026-5511

The CVE-2026-5511 entry affects TP-Link Archer AX72 (SG) in its web management interface. The network diagnostic feature improperly handles invalid input, allowing an authenticated administrator to confirm the diagnostic utility’s presence and view its valid command-line syntax and options. The i...

CVE-2026-5511 Information Disclosure via Diagnostic Interface Due to Improper Input Validation on TP-Link's Archer AX72

In the web management interface of Archer AX72 SG v1, the network diagnostic feature improperly handles invalid user input, resulting in limited exposure of diagnostic command usage information. An authenticated attacker with administrative privileges could exploit this issue to confirm the...

CVE-2026-5511 Information Disclosure via Diagnostic Interface Due to Improper Input Validation on TP-Link's Archer AX72

In the web management interface of Archer AX72 SG v1, the network diagnostic feature improperly handles invalid user input, resulting in limited exposure of diagnostic command usage information. An authenticated attacker with administrative privileges could exploit this issue to confirm the...

CVE-2026-31847

Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows remote enablement of a Telnet service. By sending a crafted POST request with parameters such as telnetManageEn=true and telnetPwd, an authenticated attacker can...

CVE-2026-31847

CVE-2026-31847 concerns Nexxt Solutions Nebula 300+ devices running firmware up to 12.01.01.37. A hidden functionality in the /goform/setSysTools endpoint can remotely enable Telnet, which then exposes a privileged diagnostic management interface over the network. This increases attack surface an...

CVE-2026-31847 Hidden Functionality Enables Remote Telnet Activation via /goform/setSysTools in Nexxt Nebula 300+

Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows remote enablement of a Telnet service. By sending a crafted POST request with parameters such as telnetManageEn=true and telnetPwd, an authenticated attacker can...

PT-2026-27114

Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows remote enablement of a Telnet service. Once enabled, the service exposes a privileged diagnostic management interface over the network, increasing the attack surface...

Exploit for CVE-2025-67780

MARMALADE 2/CVE-2025-67780 Exploit PoC Exploit PoCs for MARM...

PT-2025-44921

Name of the Vulnerable Software and Affected Versions Core Services affected versions not specified Description An information disclosure issue exists when registering commands from clients using diag through diagHal. The issue involves a buffer over-read. Recommendations At the moment, there is ...

EUVD-2013-2994

Malware in sbrugna...

EUVD-2024-19399

Malicious code in bioql PyPI...

CVE-2013-10059

An authenticated OS command injection vulnerability exists in various D-Link routers tested on DIR-615H1 running firmware version 8.04 via the toolsvct.htm endpoint. The web interface fails to sanitize input passed from the pingipaddr parameter to the toolsvct.htm diagnostic interface, allowing...

CVE-2013-10059 D-Link Routers tools_vct.htm OS Command Injection

An authenticated OS command injection vulnerability exists in various D-Link routers tested on DIR-615H1 running firmware version 8.04 via the toolsvct.htm endpoint. The web interface fails to sanitize input passed from the pingipaddr parameter to the toolsvct.htm diagnostic interface, allowing...

CVE-2013-10059 D-Link Routers tools_vct.htm OS Command Injection

An authenticated OS command injection vulnerability exists in various D-Link routers tested on DIR-615H1 running firmware version 8.04 via the toolsvct.htm endpoint. The web interface fails to sanitize input passed from the pingipaddr parameter to the toolsvct.htm diagnostic interface, allowing...

CVE-2024-22387

External Control of Critical State Data CWE-642 in the Controller 6000 and Controller 7000 diagnostic web interface allows an authenticated user to modify device I/O connections leading to unexpected behavior that in some circumstances could compromise site physical security controls. Gallagher...

CVE-2019-14021

Possible buffer overrun when processing EFS filename and payload sent over diag interface due to lack of check for filename length and payload size received in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in...

ZTE MF258 Pro 安全漏洞

ZTE MF258 Pro is a desktop router from ZTE Corporation ZTE, China. A security vulnerability exists in ZTE MF258 Pro version 1.0.0B03, which originates from insufficient validation of Ping diagnostic interface parameters, resulting in a command injection vulnerability...

PT-2024-19380 · Gallagher · Gallagher Controller 6000 +1

Name of the Vulnerable Software and Affected Versions: Gallagher Controller 6000 and 7000 versions 8.60 and prior Gallagher Controller 6000 and 7000 versions 8.70 prior to vCR8.70.240520a Gallagher Controller 6000 and 7000 versions 8.80 prior to vCR8.80.240520a Gallagher Controller 6000 and 7000...

CVE-2024-21785

A leftover debug code vulnerability exists in the Telnet Diagnostic Interface functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted series of network requests can lead to unauthorized access. An attacker can send a sequence of requests to trigger this vulnerability...

CVE-2024-21785

A leftover debug code vulnerability exists in the Telnet Diagnostic Interface functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted series of network requests can lead to unauthorized access. An attacker can send a sequence of requests to trigger this vulnerability...