332 matches found
TOTOLINK A7100RU 操作系统命令注入漏洞
The TOTOLINK A7100RU is a wireless router produced by TOTOLINK, a Chinese company. The Totolink A7100RU 7.4cu.2313b20191024 version has a vulnerability related to operating system command injection. This vulnerability stems from the improper handling of the parameter “ip” in the setDiagnosisCfg...
EUVD-2025-209309
D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the ip parameter in the ippositionasp function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...
CVE-2025-45057
D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the ip parameter in the ippositionasp function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...
PT-2026-31336
D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the ip parameter in the ip position asp function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...
CVE-2025-45057
D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the ip parameter in the ippositionasp function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...
AVideo: Reflected XSS via Unescaped ip Parameter in User_Location testIP.php
Summary The UserLocation plugin's testIP.php page reflects the ip request parameter directly into an HTML input element without applying htmlspecialchars or any other output encoding. This allows an attacker to inject arbitrary HTML and JavaScript via a crafted URL. Although the page is restricte...
CVE-2026-34739
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the UserLocation plugin's testIP.php page reflects the ip request parameter directly into an HTML input element without applying htmlspecialchars or any other output encoding. This allows an attacker to inject arbitrary HTM...
CVE-2026-34739 AVideo: Reflected XSS via Unescaped ip Parameter in User_Location testIP.php
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the UserLocation plugin's testIP.php page reflects the ip request parameter directly into an HTML input element without applying htmlspecialchars or any other output encoding. This allows an attacker to inject arbitrary HTM...
CVE-2026-34739
The CVE concerns WWBN AVideo (open source video platform). In AVideo versions up to 26.0, the User_Location plugin’s testIP.php reflects the ip parameter directly into an HTML input without HTML-encoding, enabling reflected XSS. Although the page is admin-restricted, SameSite=None cookies enable ...
CVE-2026-34739 AVideo: Reflected XSS via Unescaped ip Parameter in User_Location testIP.php
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the UserLocation plugin's testIP.php page reflects the ip request parameter directly into an HTML input element without applying htmlspecialchars or any other output encoding. This allows an attacker to inject arbitrary HTM...
CVE-2026-26352
Smoothwall Express versions prior to 3.1 Update 13 contain a stored cross-site scripting vulnerability in the /cgi-bin/vpnmain.cgi script due to improper sanitation of the VPNIP parameter. Authenticated attackers can inject arbitrary JavaScript through VPN configuration settings that executes whe...
CVE-2026-5104
A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557b20221024. Impacted is the function setStaticRoute of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument ip leads to command injection. The attack may be performed from remote. The exploit has been disclosed...
CVE-2026-26352 Smoothwall Express < 3.1 Update 13 Stored XSS in vpnmain.cgi via VPN_IP Parameter
Smoothwall Express versions prior to 3.1 Update 13 contain a stored cross-site scripting vulnerability in the /cgi-bin/vpnmain.cgi script due to improper sanitation of the VPNIP parameter. Authenticated attackers can inject arbitrary JavaScript through VPN configuration settings that executes whe...
CVE-2026-26352 Smoothwall Express < 3.1 Update 13 Stored XSS in vpnmain.cgi via VPN_IP Parameter
Smoothwall Express versions prior to 3.1 Update 13 contain a stored cross-site scripting vulnerability in the /cgi-bin/vpnmain.cgi script due to improper sanitation of the VPNIP parameter. Authenticated attackers can inject arbitrary JavaScript through VPN configuration settings that executes whe...
CVE-2026-26352
Affected product/versions: Smoothwall Express
CVE-2026-5104
A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557b20221024. Impacted is the function setStaticRoute of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument ip leads to command injection. The attack may be performed from remote. The exploit has been disclosed...
CVE-2026-5104
The CVE affects Totolink A3300R 17.0.0cu.557_b20221024. The vulnerable component is the setStaticRoute function in /cgi-bin/cstecgi.cgi, where manipulating the ip argument enables command injection. It can be exploited remotely, and public exploit details have been disclosed. Remediation is to up...
CVE-2026-5104
A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557b20221024. Impacted is the function setStaticRoute of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument ip leads to command injection. The attack may be performed from remote. The exploit has been disclosed...
TOTOLINK A3300R 命令注入漏洞
TOTOLINK A3300R is a wireless router produced by TOTOLINK, a Chinese company. The TOTOLINK A3300R version 17.0.0cu.557b20221024 contains a command injection vulnerability. This vulnerability arises from incorrect handling of the parameter “ip” in the file /cgi-bin/cstecgi.cgi, which may lead to...
PT-2026-28758
Name of the Vulnerable Software and Affected Versions Totolink A3300R version 17.0.0cu.557 b20221024 Description A security issue exists in Totolink A3300R version 17.0.0cu.557 b20221024. The setStaticRoute function within the /cgi-bin/cstecgi.cgi file is susceptible to command injection through...