10 matches found
CVE-2025-60687
An unauthenticated command injection vulnerability exists in the ToToLink LR1200GB Router firmware V9.1.0u.6619B20230130 within the cstecgi.cgi binary sub41EC68 function. The binary reads the "imei" parameter from a web request and verifies only that it is 15 characters long. The parameter is the...
EUVD-2025-175303
An unauthenticated command injection vulnerability exists in the ToToLink LR1200GB Router firmware V9.1.0u.6619B20230130 within the cstecgi.cgi binary sub41EC68 function. The binary reads the "imei" parameter from a web request and verifies only that it is 15 characters long. The parameter is the...
CVE-2025-60687
An unauthenticated command injection vulnerability exists in the ToToLink LR1200GB Router firmware V9.1.0u.6619B20230130 within the cstecgi.cgi binary sub41EC68 function. The binary reads the "imei" parameter from a web request and verifies only that it is 15 characters long. The parameter is the...
CVE-2025-60687
An unauthenticated command injection vulnerability exists in the ToToLink LR1200GB Router firmware V9.1.0u.6619B20230130 within the cstecgi.cgi binary sub41EC68 function. The binary reads the "imei" parameter from a web request and verifies only that it is 15 characters long. The parameter is the...
CVE-2025-60687
Totolink LR1200GB Router firmware V9.1.0u.6619_B20230130 is affected by an unauthenticated command-injection in the cstecgi.cgi binary (sub_41EC68). The binary reads the imei parameter, only checks length (15 chars), then inserts it into a system command via sprintf() and executes it with system(...
CVE-2025-60687
An unauthenticated command injection vulnerability exists in the ToToLink LR1200GB Router firmware V9.1.0u.6619B20230130 within the cstecgi.cgi binary sub41EC68 function. The binary reads the "imei" parameter from a web request and verifies only that it is 15 characters long. The parameter is the...
CVE-2025-60687
An unauthenticated command injection vulnerability exists in the ToToLink LR1200GB Router firmware V9.1.0u.6619B20230130 within the cstecgi.cgi binary sub41EC68 function. The binary reads the "imei" parameter from a web request and verifies only that it is 15 characters long. The parameter is the...
CVE-2024-2566
A vulnerability was found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240313. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file api/client/getextensionyl.php. The manipulation of the argument imei leads to sql...
Fujian Kelixin Command and Dispatch Platform SQL Injection Vulnerability
Fujian Kelixin Command and Dispatch Platform is a command and dispatch platform from Fujian Kelixin Company. A SQL injection vulnerability exists in Fujian Kelixin Command and Dispatch Platform version 20240313 and earlier versions, which stems from an incorrect operation of the parameter imei th...
PT-2024-21076 · Fujian Kelixin · Fujian Kelixin Communication Command/Dispatch Platform
Name of the Vulnerable Software and Affected Versions: Fujian Kelixin Communication Command and Dispatch Platform up to 20240313 Description: A critical issue affects an unknown functionality of the file api/client/get extension yl.php. The manipulation of the imei argument leads to SQL injection...