CVE-2022-37406

Cross-site scripting vulnerability in Aficio SP 4210N firmware versions prior to Web Support 1.05 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script...

CVE-2021-47745

CVE-2021-47745 affects Cypress Solutions CTM-200 firmware 2.7.1. The authenticated command injection occurs in the firmware upgrade script via the fw_url parameter in ctm-config-upgrade.sh, allowing a remote attacker to inject and execute arbitrary commands with root privileges. CVSS metrics indi...

CVE-2025-9146 Linksys E5600 Firmware checkFw.sh verify_gemtek_header risky encryption

A flaw has been found in Linksys E5600 1.1.0.26. The affected element is the function verifygemtekheader of the file checkFw.sh of the component Firmware Handler. Executing manipulation can lead to risky cryptographic algorithm. The attack may be launched remotely. The attack requires a high leve...

D-Link DIR-822 安全漏洞

The D-Link DIR-822 is a wireless router from China-based AUO D-Link. A security vulnerability exists in D-Link DIR-822+ version V1.0.5, which originates from a command injection in the ftext function of uploadfirmware.cgi, allowing remote attackers to execute arbitrary commands via a shell...