CVE-2025-60693

A stack-based buffer overflow exists in the getmergemac function of the httpd binary on Linksys E1200 v2 routers Firmware E1200v2.0.11.001us.tar.gz. The function concatenates up to six user-supplied CGI parameters matching 05 into a fixed-size buffer a2 without proper bounds checking, appending...

EUVD-2019-5848

Malware in sbrugna...

CVE-2019-14699

An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker can exploit OS Command Injection in the filename parameter for remote code execution as root. This occurs in the Mainproc executable file, which can be run from the HTTPD web server...

CVE-2021-44080

A Command Injection vulnerability in httpd web server setup.cgi in SerComm h500s, FW: lowi-h500s-v3.4.22 allows logged in administrators to arbitrary OS commands as root in the device via the connectiontype parameter of the statussupportdiagnostictracing.json endpoint...

Command injection

A Command Injection vulnerability in httpd web server setup.cgi in SerComm h500s, FW: lowi-h500s-v3.4.22 allows logged in administrators to arbitrary OS commands as root in the device via the connectiontype parameter of the statussupportdiagnostictracing.json endpoint...

CVE-2021-44080

The CVE-2021-44080 entry affects SerComm h500s routers (FW lowi-h500s-v3.4.22). The vulnerability is a command-injection in the httpd web server’s setup.cgi, exploitable by a logged-in administrator via the connection_type parameter of the statussupport_diagnostic_tracing.json endpoint, enabling ...

CVE-2021-44080

A Command Injection vulnerability in httpd web server setup.cgi in SerComm h500s, FW: lowi-h500s-v3.4.22 allows logged in administrators to arbitrary OS commands as root in the device via the connectiontype parameter of the statussupportdiagnostictracing.json endpoint...

Buffer overflow

An issue was discovered on Tenda AC6 V1.0 V15.03.05.19multiTD01, AC9 V1.0 V15.03.05.196318CN, AC9 V3.0 V15.03.06.42multi, AC15 V1.0 V15.03.05.19multiTD01, and AC18 V15.03.05.196318CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the...

CVE-2020-13389

An issue was discovered on Tenda AC6 V1.0 V15.03.05.19multiTD01, AC9 V1.0 V15.03.05.196318CN, AC9 V3.0 V15.03.06.42multi, AC15 V1.0 V15.03.05.19multiTD01, and AC18 V15.03.05.196318CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the...

CVE-2019-14699

An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker can exploit OS Command Injection in the filename parameter for remote code execution as root. This occurs in the Mainproc executable file, which can be run from the HTTPD web server...

CVE-2019-14698

An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. In a CGI program running under the HTTPD web server, a buffer overflow in the param parameter leads to remote code execution in the context of the nobody account...

Command injection

An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker can exploit OS Command Injection in the filename parameter for remote code execution as root. This occurs in the Mainproc executable file, which can be run from the HTTPD web server...

Buffer overflow

An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. In a CGI program running under the HTTPD web server, a buffer overflow in the param parameter leads to remote code execution in the context of the nobody account...

CVE-2019-14698

An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. In a CGI program running under the HTTPD web server, a buffer overflow in the param parameter leads to remote code execution in the context of the nobody account...

CVE-2019-14698

MicroDigital N-series cameras (firmware up to 6400.0.8.5) expose a vulnerability in a CGI program running under the HTTPD web server. A buffer overflow in the param parameter allows remote code execution in the nobody context. This is a server-side flaw in the CGI component and is stated as enabl...

CVE-2018-14559

An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44CNAC7, AC9 devices with firmware through V15.03.05.196318CNAC9, and AC10 devices with firmware through V15.03.06.23CNAC10. A buffer overflow vulnerability exists in the router's web server httpd. When processing the li...

CVE-2018-18727

An issue was discovered on Tenda AC7 V15.03.06.44CN, AC9 V15.03.05.196318CN, AC10 V15.03.06.23CN, AC15 V15.03.05.19CN, and AC18 V15.03.05.196318CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'deviceList' parameter for a post request,...

Null pointer dereference

The token processing system pki-tps in Red Hat Certificate System RHCS before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service NULL pointer dereference and Apache httpd web server child process crash via unspecifie...

CVE-2012-4555

CVE-2012-4555 affects Red Hat Certificate System (RHCS) pki-tps before version 8.1.3. The vulnerability arises from improper handling of interruptions during token format operations, allowing a remote attacker to cause a denial of service via a NULL pointer dereference, crashing the Apache httpd ...

CVE-2012-4556

The token processing system pki-tps in Red Hat Certificate System RHCS before 8.1.3 allows remote attackers to cause a denial of service Apache httpd web server child process restart via certain unspecified empty search fields in a user certificate search query...