CVE-2026-3613

The CVE describes a stack-based buffer overflow in Wavlink WL-NU516U1 (firmware v240425) via the function sub_401A0C in /cgi-bin/login.cgi, caused by manipulation of the ipaddr argument. This allows a remote attacker to exploit a vulnerability with a publicly available exploit, potentially impact...

WAVLINK WL-NU516U1 安全漏洞

The WAVLINK WL-NU516U1 is a wireless print server developed by WAVLINK Corporation. The Wavlink WL-NU516U1 V240425 version contains a security vulnerability. This vulnerability stems from incorrect handling of the parameter ipaddr in the file/cgi-bin/login.cgi, which may lead to a stack buffer...

TOTOLINK WA300 OS Command Injection Vulnerability

TOTOLINK WA300 is a wireless access point from China Gion Electronics TOTOLINK. The TOTOLINK WA300 suffers from an operating system command injection vulnerability that originates from the parameter Ipaddr in the file /cgi-bin/cstecgi.cgi failing to correctly filter constructed command special...

CVE-2026-2167

A vulnerability was detected in Totolink WA300 5.2cu.7112B20190227. The impacted element is the function setAPNetwork of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument Ipaddr results in os command injection. The attack may be performed from remote. The exploit is now public and m...

CVE-2026-2129

A vulnerability was found in D-Link DIR-823X 250416. Affected by this issue is some unknown functionality of the file /goform/setacstatus. Performing a manipulation of the argument acipaddr/acipstatus/aprandtime results in os command injection. The attack may be initiated remotely. The exploit ha...

CVE-2026-2167

A vulnerability was detected in Totolink WA300 5.2cu.7112B20190227. The impacted element is the function setAPNetwork of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument Ipaddr results in os command injection. The attack may be performed from remote. The exploit is now public and m...

CVE-2026-2167

A vulnerability was detected in Totolink WA300 5.2cu.7112B20190227. The impacted element is the function setAPNetwork of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument Ipaddr results in os command injection. The attack may be performed from remote. The exploit is now public and m...

CVE-2026-2167 Totolink WA300 cstecgi.cgi setAPNetwork os command injection

A vulnerability was detected in Totolink WA300 5.2cu.7112B20190227. The impacted element is the function setAPNetwork of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument Ipaddr results in os command injection. The attack may be performed from remote. The exploit is now public and m...

EUVD-2026-5782

A vulnerability was detected in Totolink WA300 5.2cu.7112B20190227. The impacted element is the function setAPNetwork of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument Ipaddr results in os command injection. The attack may be performed from remote. The exploit is now public and m...

CVE-2026-2167

CVE-2026-2167 affects Totolink WA300 with firmware 5.2cu.7112_B20190227. The vulnerability lies in the setAPNetwork function in /cgi-bin/cstecgi.cgi where unfiltered Ipaddr input enables OS command injection. Exploitation can be performed remotely and public exploit exists. Multiple connected sou...

CVE-2026-2129 D-Link DIR-823X set_ac_status os command injection

A vulnerability was found in D-Link DIR-823X 250416. Affected by this issue is some unknown functionality of the file /goform/setacstatus. Performing a manipulation of the argument acipaddr/acipstatus/aprandtime results in os command injection. The attack may be initiated remotely. The exploit ha...

CVE-2026-2129 D-Link DIR-823X set_ac_status os command injection

A vulnerability was found in D-Link DIR-823X 250416. Affected by this issue is some unknown functionality of the file /goform/setacstatus. Performing a manipulation of the argument acipaddr/acipstatus/aprandtime results in os command injection. The attack may be initiated remotely. The exploit ha...

PT-2026-6998

Name of the Vulnerable Software and Affected Versions Totolink WA300 version 5.2cu.7112 B20190227 Description A flaw exists in the Totolink WA300 device that allows for remote command execution. This is due to a vulnerability within the setAPNetwork function located in the /cgi-bin/cstecgi.cgi...

PT-2026-6979

Name of the Vulnerable Software and Affected Versions D-Link DIR-615 version 4.10 Description A flaw exists in the DMZ Host Feature of the D-Link DIR-615. Specifically, the issue resides within the adv firewall.php file. Manipulation of the dmz ipaddr argument can lead to operating system command...

D-Link DIR-823X 操作系统命令注入漏洞

The D-Link DIR-823X is a wireless router produced by D-Link Corporation. The D-Link DIR-823X 250416 version has a vulnerability related to operating system command injection. This vulnerability stems from incorrect operations on parameters such as acipaddr, acipstatus, and aprandtime in the...

TOTOLINK WA300 操作系统命令注入漏洞

TOTOLINK WA300 is a wireless access point from China Gion Electronics TOTOLINK. The TOTOLINK WA300 suffers from an operating system command injection vulnerability that originates from the parameter Ipaddr in the file /cgi-bin/cstecgi.cgi failing to correctly filter constructed command special...

D-Link DIR-615 操作系统命令注入漏洞

The D-Link DIR-615 is a wireless router produced by D-Link Corporation. Version 4.10 of the D-Link DIR-615 contains a vulnerability related to operating system command injection. This vulnerability arises from incorrect handling of parameters in the file advfirewall.php, specifically the dmzipadd...

D-Link DIR-615 Operating System Command Injection

The D-Link DIR-615 is a wireless router produced by D-Link Corporation. Versions of D-Link DIR-615 prior to 4.10 contained a vulnerability related to operating system command injection. This vulnerability stemmed from incorrect operations on the parameter ipaddr in the component Web Management...

CVE-2026-1448 D-Link DIR-615 Web Management wiz_policy_3_machine.php os command injection

A vulnerability was detected in D-Link DIR-615 up to 4.10. This impacts an unknown function of the file /wizpolicy3machine.php of the component Web Management Interface. Performing a manipulation of the argument ipaddr results in os command injection. It is possible to initiate the attack remotel...

PT-2026-4835

Name of the Vulnerable Software and Affected Versions D-Link DIR-615 versions up to 4.10 Description A flaw exists in the Web Management Interface component of D-Link DIR-615. Specifically, a manipulation of the ipaddr argument in the /wiz policy 3 machine.php file can lead to os command injectio...