Siemens RUGGEDCOM ROX II 命令注入漏洞

Siemens RUGGEDCOM ROX II is an operating system for industrial applications from Siemens, Germany. Siemens RUGGEDCOM ROX II suffers from a command injection vulnerability that is caused by a flaw in the dynamic DNS configuration process. An attacker can exploit the vulnerability to execute...

PT-2025-49827

Name of the Vulnerable Software and Affected Versions RUGGEDCOM ROX II versions prior to 2.17.0 Description A flaw exists in the RUGGEDCOM ROX II family that allows for the injection of additional configuration parameters during Dynamic DNS configuration. An attacker could potentially exploit thi...

D-Link DWR-M920和D-Link DIR-822K 缓冲区错误漏洞

The D-Link DWR-M920 and D-Link DIR-822K are both products of China-based AUO D-Link.The D-Link DWR-M920 is a router.The D-Link DIR-822K is a wireless router.The D-Link DWR-M920 and D-Link DIR-822K are both products of China-based AUO D-Link.The D-Link DWR-M920 and D-Link DIR-822K are wireless...

RLSA-2025:21038 Important: kea security update

DHCP implementation from Internet Systems Consortium, Inc. that features fully functional DHCPv4, DHCPv6 and Dynamic DNS servers. Both DHCP servers fully support server discovery, address assignment, renewal, rebinding and release. The DHCPv6 server supports prefix delegation. Both servers suppor...

CVE-2025-60672

An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetDynamicDNSSettings' functionality, where the 'ServerAddress' and 'Hostname' parameters in prog.cgi are stored in NVRAM and later used by rc to...

CVE-2025-60697

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1FW102B02 within the prog.cgi and rc binaries. The sub4438A4 function in prog.cgi stores user-supplied DDNS parameters ServerAddress and Hostname in NVRAM via nvramsafeset. These values are later retrieved in th...

CVE-2025-60697

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1FW102B02 within the prog.cgi and rc binaries. The sub4438A4 function in prog.cgi stores user-supplied DDNS parameters ServerAddress and Hostname in NVRAM via nvramsafeset. These values are later retrieved in th...

D-Link DIR-878 安全漏洞

The D-Link DIR-878 is a wireless router from China-based AUO D-Link. A security vulnerability exists in the D-Link DIR-878 version A1FW101B04.bin, which originates from the unvalidated ServerAddress and Hostname parameters in the SetDynamicDNSSettings function, which can lead to remote command...

CVE-2025-60697

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1FW102B02 within the prog.cgi and rc binaries. The sub4438A4 function in prog.cgi stores user-supplied DDNS parameters ServerAddress and Hostname in NVRAM via nvramsafeset. These values are later retrieved in th...

CVE-2025-60697

Affects: D-Link DIR-882 router firmware (DIR882A1_FW102B02). Vulnerable path: prog.cgi (sub_4438A4) stores user-controlled DDNS fields (ServerAddress, Hostname) in NVRAM via nvram_safe_set; rc (start_DDNS_ipv4) reads them via nvram_safe_get, concatenates into DDNS commands, and executes with twsy...

CVE-2025-60672

An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetDynamicDNSSettings' functionality, where the 'ServerAddress' and 'Hostname' parameters in prog.cgi are stored in NVRAM and later used by rc to...

CVE-2025-60672

CVE-2025-60672 affects the D-Link DIR-878A1 router (firmware FW101B04.bin). The vulnerability is an unauthenticated command-injection in the SetDynamicDNSSettings function, where ServerAddress and Hostname parameters in prog.cgi are stored in NVRAM and later used by rc to build system commands ex...

CVE-2025-60697

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1FW102B02 within the prog.cgi and rc binaries. The sub4438A4 function in prog.cgi stores user-supplied DDNS parameters ServerAddress and Hostname in NVRAM via nvramsafeset. These values are later retrieved in th...

ALSA-2025:21038 Important: kea security update

DHCP implementation from Internet Systems Consortium, Inc. that features fully functional DHCPv4, DHCPv6 and Dynamic DNS servers. Both DHCP servers fully support server discovery, address assignment, renewal, rebinding and release. The DHCPv6 server supports prefix delegation. Both servers suppor...

[SECURITY] Fedora 42 Update: kea-3.0.2-1.fc42

DHCP implementation from Internet Systems Consortium, Inc. that features fully functional DHCPv4, DHCPv6 and Dynamic DNS servers. Both DHCP servers fully support server discovery, address assignment, renewal, rebinding and release. The DHCPv6 server supports prefix delegation. Both servers suppor...

SUSE CVE-2025-11232

To trigger the issue, three configuration parameters must have specific settings: "hostname-char-set" must be left at the default setting, which is "^A-Za-z0-9.-"; "hostname-char-replacement" must be empty the default; and "ddns-qualifying-suffix" must NOT be empty the default is empty. DDNS...

Linux Distros Unpatched Vulnerability : CVE-2025-11232

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - To trigger the issue, three configuration parameters must have specific settings: hostname-char-set must be left at the default setting, which is ^A-Za-z0-9.-;...

EUVD-2025-36693

To trigger the issue, three configuration parameters must have specific settings: "hostname-char-set" must be left at the default setting, which is "^A-Za-z0-9.-"; "hostname-char-replacement" must be empty the default; and "ddns-qualifying-suffix" must NOT be empty the default is empty. DDNS...

CVE-2025-34309

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the SERVICE, LOGIN, and PASSWORD parameters when creating or editing a Dynamic DNS host. When a new Dynamic DNS...

EUVD-2025-36541

Reolink Video Doorbell Wi-Fi DB566128M5MPW stores and transmits DDNS credentials in plaintext within its configuration and update scripts, allowing attackers to intercept or extract sensitive information...