CVE-2023-29802

TOTOLINK X18 V9.1.0cu.2024B20220329 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function...

Exploit for OS Command Injection in Amttgroup Hibos

CVE-2016-15048 Test Environment This directory contains a vul...

EUVD-2025-205476

Xspeeder SXZOS through 2025-12-26 allows root remote code execution via base64-encoded Python code in the chkid parameter to vLogin.py. The title and oIP parameters are also used...

CVE-2025-29228

Linksys E5600 V1.1.0.26 is vulnerable to command injection in the runtime.macClone function via the mc.ip parameter...

CVE-2025-29228

Linksys E5600 V1.1.0.26 is vulnerable to command injection in the runtime.macClone function via the mc.ip parameter...

CVE-2025-29228

Linksys E5600 V1.1.0.26 is vulnerable to command injection in the runtime.macClone function via the mc.ip parameter...

EUVD-2021-34736

OpenBMCS 2.4 contains an unauthenticated SSRF vulnerability that allows attackers to bypass firewalls and initiate service and network enumeration on the internal network through the affected application, allowing hijacking of current sessions. Attackers can specify an external domain in the 'ip'...

CVE-2021-47703

OpenBMCS 2.4 contains an unauthenticated SSRF vulnerability that allows attackers to bypass firewalls and initiate service and network enumeration on the internal network through the affected application, allowing hijacking of current sessions. Attackers can specify an external domain in the 'ip'...

OpenBMCS 代码问题漏洞

OpenBMCS is a building management and control system from OpenBMCS Australia. A code issue vulnerability exists in OpenBMCS version 2.4 that stems from a server-side request forgery issue with the ip parameter, which could lead to internal network enumeration and session hijacking...

PT-2025-50233

Name of the Vulnerable Software and Affected Versions OpenBMCS version 2.4 Description The software contains an unauthenticated Server-Side Request Forgery SSRF issue. This allows attackers to bypass firewalls and perform service and network enumeration on the internal network. Attackers can...

CVE-2025-14186 Grandstream GXP1625 Network Status api.values.post cross site scripting

A security flaw has been discovered in Grandstream GXP1625 1.0.7.4. The impacted element is an unknown function of the file /cgi-bin/api.values.post of the component Network Status Page. Performing manipulation of the argument vpnip results in basic cross site scripting. Remote exploitation of th...

EUVD-2025-198313

An issue in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before Logic Version v6.00 - 20250721 and before allows a remote attacker to execute arbitrary code via the ping.php component does not perform secure filtering on IP parameters...

CVE-2025-60738

An issue in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before Logic Version v6.00 - 20250721 and before allows a remote attacker to execute arbitrary code via the ping.php component does not perform secure filtering on IP parameters...

CVE-2025-60738

Affected product/versions: Ilevia EVE X1 Server Firmware v4.7.18.0.eden and prior, with Logic v6.00 - 2025_07_21 and before. Vulnerability: remote code execution via the ping.php component due to inadequate filtering of IP parameters, enabling arbitrary code execution. Impact: high impact (critic...

TOTOLINK A3300R cstecgi.cgi File Buffer Overflow Vulnerability

TOTOLINK A3300R is a dual-band wireless router manufactured by China's Gion Electronics TOTOLINK, mainly used for home and small network environments. The TOTOLINK A3300R suffers from a buffer overflow vulnerability that originates from the parameter ip of the function setDmzCfg in the file...

CVE-2025-12240

A security vulnerability has been detected in TOTOLINK A3300R 17.0.0cu.557B20221024. This affects the function setDmzCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed...

PT-2025-43896

Name of the Vulnerable Software and Affected Versions TOTOLINK A3300R version 17.0.0cu.557 B20221024 Description A security issue exists in TOTOLINK A3300R 17.0.0cu.557 B20221024. The setDmzCfg function within the /cgi-bin/cstecgi.cgi file is susceptible to a buffer overflow when the ip argument ...

CVE-2016-15048

AMTT Hotel Broadband Operation System HiBOS contains an unauthenticated command injection vulnerability in the /manager/radius/serverping.php endpoint. The application constructs a shell command that includes the user-supplied ip parameter and executes it without proper validation or escaping. An...

EUVD-2016-10793

AMTT Hotel Broadband Operation System HiBOS contains an unauthenticated command injection vulnerability in the /manager/radius/serverping.php endpoint. The application constructs a shell command that includes the user-supplied ip parameter and executes it without proper validation or escaping. An...

CVE-2016-15048

AMTT Hotel Broadband Operation System HiBOS contains an unauthenticated command injection vulnerability in the /manager/radius/serverping.php endpoint. The application constructs a shell command that includes the user-supplied ip parameter and executes it without proper validation or escaping. An...