16 matches found
CVE-2026-42364
CVE-2026-42364 concerns a command-injection in the GeoVision LPC2011/LPC2211 web interface. The vulnerability resides in the DdnsSetting.cgi endpoint of version 1.10, where a specially crafted DDNS configuration can trigger arbitrary command execution. The description notes an attacker can modify...
EUVD-2026-19547
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313b20191024. Impacted is the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument provider leads to os command injection. The attack may be launched remotely. The exploit has been disclosed...
CVE-2026-5688
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313b20191024. Impacted is the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument provider leads to os command injection. The attack may be launched remotely. The exploit has been disclosed...
EUVD-2018-8412
Malware in sbrugna...
EUVD-2019-10628
Malware in sbrugna...
EUVD-2019-10632
Malware in sbrugna...
CVE-2019-20076
On Netis DL4323 devices, XSS exists via the form2Ddns.cgi username parameter DynDns settings of the Dynamic DNS Configuration...
CVE-2019-20072
On Netis DL4323 devices, XSS exists via the form2Ddns.cgi hostname parameter Dynamic DNS Configuration...
The vulnerability of the formSetSysToolDDNS function in the /goform/SetDDNSCfg file of the Tenda AX1803 router’s microprogramming system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the formSetSysToolDDNS function in the /goform/SetDDNSCfg file of the Tenda AX1803 router’s microprogramming system is related to buffer overflow in the stack. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of...
CVE-2024-4236
A vulnerability, which was classified as critical, has been found in Tenda AX1803 1.0.0.1. This issue affects the function formSetSysToolDDNS of the file /goform/SetDDNSCfg. The manipulation of the argument serverName/ddnsUser/ddnsPwd/ddnsDomain leads to stack-based buffer overflow. The attack ma...
CVE-2019-20072
On Netis DL4323 devices, XSS exists via the form2Ddns.cgi hostname parameter Dynamic DNS Configuration...
Design/Logic Flaw
On Netis DL4323 devices, XSS exists via the form2Ddns.cgi username parameter DynDns settings of the Dynamic DNS Configuration...
Design/Logic Flaw
On Netis DL4323 devices, XSS exists via the form2Ddns.cgi hostname parameter Dynamic DNS Configuration...
CVE-2019-20072
CVE-2019-20072 corresponds to a cross-site scripting vulnerability in Netis DL4323 devices, exploitable via the hostname parameter in form2Ddns.cgi used for Dynamic DNS configuration. The issue stems from insufficient input validation in the web application, enabling execution of arbitrary client...
CVE-2019-20076
CVE-2019-20076 concerns the Netis DL4323 modem, where a stored/reflected cross-site scripting (XSS) vulnerability exists in the DynDns settings page due to the username parameter in form2Ddns.cgi. The issue stems from insufficient input validation in the WEB application, enabling an attacker to i...
CVE-2018-16605
The CVE-2018-16605 entry pertains to D-Link DIR-600M devices where an XSS vulnerability exists in the Dynamic DNS Configuration page, specifically via the Hostname and Username fields. The vulnerability allows remote attackers to inject arbitrary web script or HTML when interacting with these fie...