CVE-2022-37075

TOTOLink A7000R (version 9.1.0u.6115_B20201022) contains a stack overflow in setDiagnosisCfg() triggered via the ip parameter. Exploitation would be local, with low privileges and no user interaction; impact is high on confidentiality, integrity, and availability per CVSS. No official patch detai...

CVE-2022-37075

TOTOLink A7000R V9.1.0u.6115B20201022 was discovered to contain a stack overflow via the ip parameter in the function setDiagnosisCfg...

CVE-2022-36481

TOTOLINK N350RT version 9.3.5u.6139_B20201216 contains a command-injection vulnerability in setDiagnosisCfg reachable via the ip parameter. Root cause: input in the ip parameter is unsafely processed, enabling arbitrary commands with local access (attack vector: LOCAL; impact: CONFIDENTIALITY, IN...

CVE-2022-36466

TOTOLINK A3700R is affected by a stack overflow in the setDiagnosisCfg function triggered via the ip parameter, in firmware version 9.1.2u.6134_B20201202. The vulnerability is documented across multiple sources (NVD, Red Hat advisory, CNNVD, PT-SEC) with a local attack vector and high impact on c...

TOTOLINK N350RT 操作系统命令注入漏洞

The TOTOLINK N350RT is a small home router from China's Gion Electronics TOTOLINK. An operating system command injection vulnerability exists in TOTOLINK N350RT version V9.3.5u.6139B20201216, which stems from an ip parameter command injection issue in the setDiagnosisCfg method...

PT-2022-23389 · Totolink · Totolink A3700R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3700R version 9.1.2u.6134 B20201202 Description: A stack overflow issue was discovered in the setDiagnosisCfg function via the ip parameter. Recommendations: For version 9.1.2u.6134 B20201202, avoid using the ip parameter in the...

PT-2022-23789 · Totolink · Totolink A7000R

Name of the Vulnerable Software and Affected Versions: TOTOLink A7000R version 9.1.0u.6115 B20201022 Description: A stack overflow issue was discovered via the ip parameter in the setDiagnosisCfg function. Recommendations: For TOTOLink A7000R version 9.1.0u.6115 B20201022, consider restricting...

WAVLINK WN535K2 和 WN535K3 操作系统命令注入漏洞

The WAVLINK WN535K2 and WAVLINK WN535K3 are both wireless routers from the Chinese company WAVLINK. A security vulnerability exists in the WAVLINK WN535K2 and WN535K3 versions, which stems from certain unknown processing in /cgi-bin/touchlistsync.cgi, where manipulation of IP parameters may resul...

CVE-2022-32054

Tenda AC10 USAC10V1.0RTLV15.03.06.26multiTD01 was discovered to contain a remote code execution RCE vulnerability via the lanIp parameter...

PT-2022-21079 · Tenda · Tenda Ac10

Name of the Vulnerable Software and Affected Versions: Tenda AC10 version US AC10V1.0RTL V15.03.06.26 multi TD01 Description: A remote code execution issue was discovered, allowing exploitation via the lanIp parameter. Recommendations: For Tenda AC10 version US AC10V1.0RTL V15.03.06.26 multi TD01...

CVE-2021-41738

ZeroShell 3.9.5 has a command injection vulnerability in /cgi-bin/kerbynet IP parameter, which may allow an authenticated attacker to execute system commands...

CVE-2021-41738

ZeroShell 3.9.5 is affected by a command injection in the /cgi-bin/kerbynet endpoint (IP parameter). An authenticated attacker could execute system commands through this parameter. Affected product/version: ZeroShell 3.9.5. Root cause: command injection via the IP parameter in kerbynet. Impact: p...

CVE-2022-25149

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the IP parameter found in the /includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive...

CVE-2022-25305

The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the IP parameter found in the /includes/class-wp-statistics-ip.php file which allows attackers to inject arbitrary web scripts onto several pages that execute when site...

Sql injection

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the IP parameter found in the /includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive...

CVE-2022-25305 WP Statistics <= 13.1.5 Unauthenticated Stored Cross-Site Scripting via IP

The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the IP parameter found in the /includes/class-wp-statistics-ip.php file which allows attackers to inject arbitrary web scripts onto several pages that execute when site...

CVE-2022-25305 WP Statistics <= 13.1.5 Unauthenticated Stored Cross-Site Scripting via IP

The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the IP parameter found in the /includes/class-wp-statistics-ip.php file which allows attackers to inject arbitrary web scripts onto several pages that execute when site...

CVE-2022-25305

CVE-2022-25305 affects the WordPress WP Statistics plugin (versions up to 13.1.5). The vulnerability is an unauthenticated stored XSS via the IP parameter in the file includes/class-wp-statistics-ip.php, enabling attackers to inject scripts that execute when site administrators view statistics. P...

CVE-2022-25149

Affected software: WordPress plugin WP Statistics (versions up to 13.1.5). Component/entry point: SQL injection via improper escaping/parameterization of the IP parameter in ~/includes/class-wp-statistics-hits.php. Impact: Unauthenticated attackers can inject arbitrary SQL to obtain sensitive inf...

Tenda AX3 命令注入漏洞

Tenda Ax3 is an Ax1800 Gigabit Port Dual Band Wifi 6 Wireless Router from Tenda China. A command injection vulnerability exists in Tenda AX3 v16.03.12.10CN, which can be exploited by an attacker to cause a denial of service DoS via the remoteIp parameter...