EUVD-2021-27588

Malicious code in bioql PyPI...

The vulnerability of the bs_SetDNSInfo() function in the libshare-0.0.26.so library of the LB-LINK router software allows a attacker to execute arbitrary commands.

The vulnerability of the bsSetDNSInfo function in the libshare-0.0.26.so library of the LB-LINK router software is related to the lack of data cleaning measures at the management level when processing the parameters dns1 and dns2. Exploiting this vulnerability allows a remote attacker to execute...

CVE-2019-5072

An exploitable command injection vulnerability exists in the /goform/WanParameterSetting functionality of Tenda AC9 Router AC1200 Smart Dual-Band Gigabit WiFi Route AC9V1.0 Firmware V15.03.05.16multiTRU. A specially crafted HTTP POST request can cause a command injection in the DNS2 post...

CVE-2024-36728

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action vlansetting with a sufficiently long dns1 or dns 2 key...

The vulnerability of the SetLocalLink-dns2 component of the Reolink RLC-410W camera’s software allows a intruder to execute arbitrary commands.

The vulnerability of the SetLocalLink-dns2 component of the Reolink RLC-410W video camera software exists because measures to neutralize the special elements used in the operating system commands have not been taken. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

CVE-2022-24144

Tenda AX3 v16.03.12.10CN was discovered to contain a command injection vulnerability in the function WanParameterSetting. This vulnerability allows attackers to execute arbitrary commands via the gateway, dns1, and dns2 parameters...

Command injection

Tenda AX3 v16.03.12.10CN was discovered to contain a command injection vulnerability in the function WanParameterSetting. This vulnerability allows attackers to execute arbitrary commands via the gateway, dns1, and dns2 parameters...

CVE-2022-24144

Tenda AX3 v16.03.12.10CN was discovered to contain a command injection vulnerability in the function WanParameterSetting. This vulnerability allows attackers to execute arbitrary commands via the gateway, dns1, and dns2 parameters...

CVE-2021-40411

An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.13620121102. At 6 the dnsdata-dns2 variable, that has the value of the dns2 parameter provided through the SetLocalLink API, is not validated properly. This would lead to an OS...

CVE-2019-5072

An exploitable command injection vulnerability exists in the /goform/WanParameterSetting functionality of Tenda AC9 Router AC1200 Smart Dual-Band Gigabit WiFi Route AC9V1.0 Firmware V15.03.05.16multiTRU. A specially crafted HTTP POST request can cause a command injection in the DNS2 post...

Command injection

An exploitable command injection vulnerability exists in the /goform/WanParameterSetting functionality of Tenda AC9 Router AC1200 Smart Dual-Band Gigabit WiFi Route AC9V1.0 Firmware V15.03.05.16multiTRU. A specially crafted HTTP POST request can cause a command injection in the DNS2 post...

Foscam IP Video Camera CGIProxy.fcgi DNS2 Address Configuration Command Injection Vulnerability

Summary An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configurati...

FiberHome Modem Router HG-110 Authentication Bypass

Exploit Title: Directory Path Traversal FiberHome Modem Router HG-110 / Remote Change DNS Servers Date: 22/09/2013 Exploit Author: Javier Perez - [email protected] - @thes41nt Vendor Homepage: http://hk.fiberhomegroup.com/ Version: HG110BHV1.6 PoC: Remote Change DNS Servers Example file...