12 matches found
📄 ZTE ZXHN H188A V6 Authentication Bypass
Unauthenticated requests to the root path of ZTE ZXHN H188A V6 firmware can reach pre-login wizard handlers and disclose WLAN PSKs, SSIDs, and PPPoE usernames. The leaked Wi-Fi password is also the default administrator password after uppercasing, resulting in full authentication bypass. -----BEG...
CVE-2026-23759 Perle IOLAN STS/SCS Authenticated Command Injection via 'shell ps'
Perle IOLAN STS/SCS terminal server models with firmware versions prior to 6.0 allow authenticated OS command injection via the restricted shell accessed over Telnet or SSH. The shell 'ps' command does not perform proper argument sanitization and passes user-supplied parameters into an 'sh -c'...
CVE-2025-14237
Buffer overflow in XPS font parse processing on Small Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. : Satera LBP670C Series/Satera MF750C Series firmware v06.02 a...
PT-2025-47492
Name of the Vulnerable Software and Affected Versions bridgetech probes VB220 IP Network Probe, VB120 Embedded IP + RF Probe, VB330 High-Capacity Probe, VB440 ST 2110 Production Analytics Probe, and NOMAD versions 6.5.0-9 Description An issue exists that allows attackers to gain sensitive...
CVE-2025-29519
A command injection vulnerability in the EXE parameter of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to execute arbitrary commands via supplying a crafted GET request...
CVE-2025-29516
D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the backup function...
CVE-2023-46344
A vulnerability in Solar-Log Base 15 Firmware 6.0.1 Build 161, and possibly other Solar-Log Base products, allows an attacker to escalate their privileges by exploiting a stored cross-site scripting XSS vulnerability in the switch group function under /ilang=DE&b=csmartenergyswgroups in the web...
Peplink Surf SOHO HW1 Operating System Command Injection Vulnerability
The Peplink Surf SOHO HW1 is a small router from Peplink. An OS command injection vulnerability exists in Peplink Surf SOHO HW1 v6.3.5, which stems from an OS command injection vulnerability in the api.cgi cmd.mvpn.x509.write function. An attacker can exploit this vulnerability to execute command...
CVE-2022-28492
TOTOLINK Technology CPE with firmware V6.3c.566 ,allows remote attackers to bypass Login...
CVE-2022-45854
An improper check for unusual conditions in Zyxel NWA110AX firmware verisons prior to 6.50ABTG.0C0, which could allow a LAN attacker to cause a temporary denial-of-service DoS by sending crafted VLAN frames if the MAC address of the vulnerable AP were intercepted by the attacker...
D-Link DAP-1360 Elevation of Privilege Vulnerability
The D-Link DAP-136 is a wireless network signal extender from AUO D-Link of Taiwan, China. A security vulnerability exists in the D-Link DAP-1360 all Fx hardware versions using firmware version v6.13EUb01 and earlier. An attacker could exploit the vulnerability to start a remote terminal protocol...
CVE-2017-17738
The BrightSign Digital Signage 4k242 device Firmware 6.2.63 and below allows renaming and modifying files via /tools.html...