CVE-2026-3703

A flaw has been found in Wavlink NU516U1 251208. This affects the function sub401A10 of the file /cgi-bin/login.cgi. Executing a manipulation of the argument ipaddr can lead to out-of-bounds write. The attack may be performed from remote. The exploit has been published and may be used. Upgrading...

CVE-2026-2527 Wavlink WL-WN579A3 login.cgi command injection

A vulnerability was determined in Wavlink WL-WN579A3 up to 20210219. Affected is an unknown function of the file /cgi-bin/login.cgi. Executing a manipulation of the argument key can lead to command injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be...

CVE-2022-35526

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 login.cgi has no filtering on parameter key, which leads to command injection in page /login.shtml...

EUVD-2017-18473

Malware in sbrugna...

CVE-2025-10775

The CVE-2025-10775 entry concerns Wavlink WL-NU516U1 (firmware 240425). The vulnerability exists in the login.cgi function sub_4012A0 where improper handling of the ipaddr parameter enables remote OS command injection. Exploitation is feasible over the network, and public exploit disclosures exis...

WAVLINK WL-NU516U1 安全漏洞

WAVLINK WL-NU516U1 is a wireless print server from China Ruiyin WAVLINK. A security vulnerability exists in the Wavlink WL-NU516U1 version 240425, which originates from the incorrect operation of the parameter ipaddr in the file /cgi-bin/login.cgi, which could lead to a remote os command injectio...

CVE-2025-10325

CVE-2025-10325 affects Wavlink WL-WN578W2 (firmware 221110). The vulnerability centers on the sub_401340/sub_401BA4 function in /cgi-bin/login.cgi, where improper handling of the ipaddr parameter enables remote command injection. Public PoC/exploits exist, and multiple feeds confirm remote execut...

Wavlink WL-WN578W2 命令注入漏洞

The Wavlink WL-WN578W2 is a wireless repeater from China's Wavlink. A command injection vulnerability exists in Wavlink WL-WN578W2 version 221110, which originates from the parameter ipaddr in the sub401340 function of the file /cgi-bin/login.cgi that fails to correctly filter the constructor...

PT-2024-10139 · Wavlink · Wavlink Ac3000

Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 versions M33A8.V5030.210505 Description: Multiple OS command injection vulnerabilities exist in the login.cgi set sys init functionality. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can ma...

CVE-2023-30806

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /cgi-bin/login.cgi endpoint. This is due to...

CVE-2021-36708

In ProLink PRC2402M V1.0.18 and older, the setsysinit function in the login.cgi binary allows an attacker to reset the password to the administrative interface of the router...

PT-2018-17475 · Pulse · Pulse Policy Secure +1

Name of the Vulnerable Software and Affected Versions: Pulse Connect Secure PCS versions 8.1RX through 8.1R11 Pulse Connect Secure PCS versions 8.3RX through 8.3R1 Pulse Policy Secure PPS versions 5.2RX through 5.2R8 Pulse Policy Secure PPS versions 5.4RX through 5.4R1 Description: A vulnerabilit...