9 matches found
VulnCheck KEV: CVE-2020-35714
Belkin LINKSYS RE6500 devices before 1.0.11.001 allow remote authenticated users to execute arbitrary commands via goform/systemCommand?command= in conjunction with the goform/pingstart program...
CVE-2025-9528
A vulnerability was determined in Linksys E1700 1.0.0.4.003. This vulnerability affects the function systemCommand of the file /goform/systemCommand. Executing manipulation of the argument command can lead to os command injection. The attack may be launched remotely. The exploit has been publicly...
CVE-2025-9528 Linksys E1700 systemCommand os command injection
A vulnerability was determined in Linksys E1700 1.0.0.4.003. This vulnerability affects the function systemCommand of the file /goform/systemCommand. Executing manipulation of the argument command can lead to os command injection. The attack may be launched remotely. The exploit has been publicly...
CVE-2025-9528 Linksys E1700 systemCommand os command injection
A vulnerability was determined in Linksys E1700 1.0.0.4.003. This vulnerability affects the function systemCommand of the file /goform/systemCommand. Executing manipulation of the argument command can lead to os command injection. The attack may be launched remotely. The exploit has been publicly...
Linksys E1700 安全漏洞
The Linksys E1700 is a wireless router from Linksys, USA. A security vulnerability exists in Linksys E1700 version 1.0.0.4.003, which stems from an incorrect operation of the parameter command in the file /goform/systemCommand resulting in os command injection...
PT-2022-23826 · D Link · D-Link Dir-816
Name of the Vulnerable Software and Affected Versions: D-Link DIR-816 A2 version 1.10CNB04 Description: The issue is related to Command Injection via the "/goform/SystemCommand" API endpoint. When a user passes in the command parameter, it is spliced into byte 4836B0 by snprintf, and then...
D-Link DIR-816 操作系统命令注入漏洞
The D-Link DIR-816 is a wireless router from China's AUO D-Link. The D-Link DIR-816 A2v1.10CNB04.img suffers from an operating system command injection vulnerability that stems from susceptibility to a command injection attack via /goform/SystemCommand, where the user passes in command parameters...
CVE-2020-35714
Belkin LINKSYS RE6500 devices before 1.0.11.001 allow remote authenticated users to execute arbitrary commands via goform/systemCommand?command= in conjunction with the goform/pingstart program...
CVE-2017-12577
An issue was discovered on the PLANEX CS-QR20 1.30. A hardcoded account / password "admin:password" is used in the Android application that allows attackers to use a hidden API URL "/goform/SystemCommand" to execute any command with root permission...