CVE-2025-54405

Planet WGR-500 v1.3411b190912 has OS command injection in the formPingCmd functionality. Two parameters, ipaddr and counts, are used to build a shell command via system("ping -c 2>&1 > /tmp/pingResult &"), allowing arbitrary command execution when specially crafted HTTP requests are sent....

CVE-2025-54405

Multiple OS command injection vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command...

CVE-2025-54405

Multiple OS command injection vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command...

EUVD-2025-32857

Multiple OS command injection vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command...

Planet WGR-500 安全漏洞

The Planet WGR-500 is a WiFi router from Planet in Taiwan, China. A security vulnerability exists in Planet WGR-500 v1.3411b190912, which stems from improper manipulation of the ipaddr request parameter, and could lead to arbitrary command execution...

EUVD-2025-30386

Malicious code in bioql PyPI...

EUVD-2025-29074

Malicious code in bioql PyPI...

CVE-2025-10775

A security vulnerability has been detected in Wavlink WL-NU516U1 240425. This vulnerability affects the function sub4012A0 of the file /cgi-bin/login.cgi. Such manipulation of the argument ipaddr leads to os command injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-10775 Wavlink WL-NU516U1 login.cgi sub_4012A0 os command injection

A security vulnerability has been detected in Wavlink WL-NU516U1 240425. This vulnerability affects the function sub4012A0 of the file /cgi-bin/login.cgi. Such manipulation of the argument ipaddr leads to os command injection. It is possible to launch the attack remotely. The exploit has been...

Wavlink WL-WN578W2 sub_401340 function command injection vulnerability

The Wavlink WL-WN578W2 is a wireless repeater from China's Wavlink. A command injection vulnerability exists in Wavlink WL-WN578W2 version 221110, which originates from the parameter ipaddr in the sub401340 function of the file /cgi-bin/login.cgi that fails to correctly filter the constructor...

CVE-2025-10325 Wavlink WL-WN578W2 login.cgi sub_401BA4 command injection

A vulnerability was identified in Wavlink WL-WN578W2 221110. This impacts the function sub401340/sub401BA4 of the file /cgi-bin/login.cgi. Such manipulation of the argument ipaddr leads to command injection. It is possible to launch the attack remotely. The exploit is publicly available and might...

CVE-2025-10325

CVE-2025-10325 affects Wavlink WL-WN578W2 (firmware 221110). The vulnerability centers on the sub_401340/sub_401BA4 function in /cgi-bin/login.cgi, where improper handling of the ipaddr parameter enables remote command injection. Public PoC/exploits exist, and multiple feeds confirm remote execut...

Wavlink WL-WN578W2 命令注入漏洞

The Wavlink WL-WN578W2 is a wireless repeater from China's Wavlink. A command injection vulnerability exists in Wavlink WL-WN578W2 version 221110, which originates from the parameter ipaddr in the sub401340 function of the file /cgi-bin/login.cgi that fails to correctly filter the constructor...

CVE-2022-29322

D-Link DIR-816 A2v1.10CNB04 was discovered to contain a stack overflow via the IPADDR and nvmacaddr parameters in /goform/form2Dhcpip...

CVE-2024-30568

Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the c4-IPAddr parameter...

CVE-2024-30568

Netgear R6850 router, firmware v1.1.0.88, is affected by a command injection vulnerability in the ping_test function triggered via the c4_IPAddr parameter. The issue arises because input is not properly validated/filtered, allowing an unauthenticated attacker to inject arbitrary system commands, ...

CVE-2024-2330

A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. This affects an unknown part of the file /protocol/index.php. The manipulation of the argument IPAddr leads to sql injection. It is possible to initiate the attack remotely. The...

VulnCheck KEV: CVE-2023-45852

In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method...

Viessmann Vitogate Command Injection Vulnerability

Viessmann Vitogate is an intelligent control system from Viessmann. A security vulnerability exists in Viessmann Vitogate 300 version 2.1.3.0 that originates from allowing an unauthenticated attacker to bypass authentication and execute arbitrary commands via the ipaddr parameter of the put metho...

CVE-2022-29322

D-Link DIR-816 A2v1.10CNB04 was discovered to contain a stack overflow via the IPADDR and nvmacaddr parameters in /goform/form2Dhcpip...