PT-2025-34904 · Unknown · Raspap Raspap-Webgui

Name of the Vulnerable Software and Affected Versions: RaspAP raspap-webgui versions prior to 3.3.3 Description: A command injection issue exists in the includes/hostapd.php script due to improper sanitization of user input passed via the interface parameter. Recommendations: Update RaspAP...

CVE-2025-50428

In RaspAP raspap-webgui 3.3.2 and earlier, a command injection vulnerability exists in the includes/hostapd.php script. The vulnerability is due to improper sanitizing of user input passed via the interface parameter...

Exploit for CVE-2025-50428

!CVEhttps://img.shields.io/badge/CVE-2025--50428-high?style=f...

CVE-2023-22921

A cross-site scripting XSS vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00AARP.14C0 could allow a remote authenticated attacker with administrator privileges to store malicious scripts using a web management interface parameter, resulting in denial-of-service DoS condition...

NETGEAR RAX5 安全漏洞

The NETGEAR RAX5 is a wireless router from NETGEAR. NETGEAR RAX5 suffers from a command injection vulnerability that stems from the iface parameter in the vifdisable function failing to correctly filter constructed command special characters, commands, and so on. An attacker can exploit this...

SUSE CVE-2012-0410

Directory traversal vulnerability in WebAccess in Novell GroupWise before 8.03 allows remote attackers to read arbitrary files via the User.interface parameter...

CVE-2024-39765

CVE-2024-39765 affects Wavlink AC3000 (M33A8.V5030.210505). Talos-reported vulnerabilities in internet.cgi set_add_routing() allow OS command injection via the custom_interface POST parameter, potentially enabling arbitrary command execution after authentication. The exploit path involves constru...

Linksys E7350 安全漏洞

The Linksys E7350 is a wireless router device from Leadsys. An input validation vulnerability exists in the handling of the iface parameter by the Linksys E7350 vifdisable function, which can be exploited by a remote attacker to submit a special request that can be used in the application context...

PT-2025-3417 · Linksys · Linksys E7350

Name of the Vulnerable Software and Affected Versions: Linksys E7350 version 1.1.00.032 Description: A command injection issue was discovered via the iface parameter in the vif enable function. This allows for potential exploitation. Recommendations: For Linksys E7350 version 1.1.00.032, as a...

Smarts Smart Agent 安全漏洞

Smarts Smart Agent is a powerful, flexible and scalable tool from Smarts for monitoring wireless network performance and services from the end user's perspective. An SQL injection vulnerability exists in Smarts Smart Agent v1.1.0, which stems from a lack of validation of externally entered SQL...

PT-2024-8116 · Totolink · Totolink X6000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A6000R version V1.0.1-B20201211.2000 Description: A command injection issue exists due to the lack of neutralization of special elements used in the operating system command. This issue is related to the vif disable function and can ...

Realtek rtl819x Jungle SDK Security Vulnerability

The Realtek rtl819x Jungle SDK is a driver for a wireless LAN chip from China-based Realtek Semiconductor Realtek. A security vulnerability exists in Realtek rtl819x Jungle SDK version v3.4.11, which originates from a stack-based buffer overflow vulnerability in the boa setRadvdInterfaceParam...

PT-2024-27683 · Totolink · Totolink X6000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A6000R version 1.0.1-B20201211.2000 Description: A command injection issue allows a remote attacker to execute arbitrary code via the iface parameter in the vif enable function. This enables the attacker to inject and execute command...

TOTOLINK A6000R 安全漏洞

TOTOLINK A6000R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A6000R suffers from a code execution vulnerability that originates from allowing a remote attacker to execute arbitrary code via the iface parameter in the vifenable function. No details of the vulnerability...

CVE-2024-33213

Tenda FH1206 V1.2.0.88155EN was discovered to contain a stack-based buffer overflow vulnerability via the mitInterface parameter in ip/goform/RouteStatic...

Tenda AC18 安全漏洞

Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in July 2016, mainly for villas and large home users. Tenda AC18 has a stack buffer overflow vulnerability, which originates from the mitInterface parameter of the fromAddressNat function not checking the...

Cross site scripting

There is a Cross-site scripting XSS vulnerability in ZTE MF258. Due to insufficient input validation of SMS interface parameter, an XSS attack will be triggered...

CVE-2023-25644

There is a denial of service vulnerability in some ZTE mobile internet products. Due to insufficient validation of Web interface parameter, an attacker could use the vulnerability to perform a denial of service attack...

CVE-2023-25644 Denial of Service Vulnerability in Some ZTE Mobile Internet Products

There is a denial of service vulnerability in some ZTE mobile internet products. Due to insufficient validation of Web interface parameter, an attacker could use the vulnerability to perform a denial of service attack...

Sql injection

There is a SQL injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of SMS interface parameter, an authenticated attacker could use the vulnerability to execute SQL injection and cause information leak...