PT-2025-50686

Name of the Vulnerable Software and Affected Versions Ruijie RG-EW1800GX PRO B11P226 EW1800GX-PRO 10223117 Description An issue exists that allows attackers to execute arbitrary commands. This can be achieved by sending a specially crafted POST request to the module get function within the...

PT-2025-50679

Name of the Vulnerable Software and Affected Versions Ruijie RG-BCR RG-BCR860 affected versions not specified Description An OS Command Injection issue exists in Ruijie RG-BCR RG-BCR860. Attackers can execute arbitrary commands by sending a specially crafted POST request to the action deal update...

PT-2025-50675

Name of the Vulnerable Software and Affected Versions Ruijie RG-EW1800GX version B11P226 EW1800GX 10223121 Description An issue exists in Ruijie RG-EW1800GX version B11P226 EW1800GX 10223121 that allows attackers to execute arbitrary commands. This is possible through a crafted POST request to th...

PT-2025-50653

Name of the Vulnerable Software and Affected Versions Ruijie X30-PRO version X30-PRO-V1 09241521 Description An OS Command Injection issue exists in Ruijie X30-PRO version X30-PRO-V1 09241521. Attackers can execute arbitrary commands by sending a specially crafted POST request to the module set...

PT-2025-50650

Name of the Vulnerable Software and Affected Versions Ruijie RG-RAP2200E version 247 2200 Description An issue exists in Ruijie RG-RAP2200E 247 2200 that allows attackers to execute arbitrary commands. This is possible through a crafted POST request to the module set in the /usr/local/lua/dev...

CVE-2025-56084

OS Command Injection vulnerability in Ruijie RG-EW1800GX PRO B11P226EW1800GX-PRO10223117 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devsta/nbrcwmp.lua...

CVE-2025-56117

OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V109241521 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devsta/nbrcwmp.lua...

CVE-2025-56123

OS Command Injection vulnerability in Ruijie RG-EW1200G PRO RG-EW1200G PRO V1.00/V2.00/V3.00/V4.00 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleget in file /usr/local/lua/devsta/networkConnect.lua...

Ruijie X60 PRO 安全漏洞

Ruijie X60 PRO is a home wireless router from China Ruijie Ruijie. A security vulnerability exists in Ruijie X60 PRO X6010212014RG-X60 PRO version V1.00V2.00, which originates from improper handling of a specially crafted POST request for moduleset in the file /usr/local/lua/devsta/nbrcwmp.lua,...

PT-2025-50662

Name of the Vulnerable Software and Affected Versions Ruijie X30 PRO V1 X30-PRO-V1 09241521 Description An issue exists in Ruijie X30 PRO V1 X30-PRO-V1 09241521 that allows attackers to execute arbitrary commands. This is possible through a crafted POST request to the module get function within t...

CVE-2025-56091

OS Command Injection vulnerability in Ruijie RG-EW1800GX B11P226EW1800GX10223121 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devconfig/configretain.lua...

CVE-2025-56130

The CVE-2025-56130 affects Ruijie RG-S1930 series switches (S1930SWITCH_3.0(1)B11P230). AOS vulnerability: OS Command Injection via a crafted POST to the module_update endpoint in /usr/local/lua/dev_config/ace_sw.lua. Impact is arbitrary command execution with high severity (CVSS 3.1: AV:N/AC:L/P...

CVE-2025-56098

Summary of CVE-2025-56098 : Affected device is Ruijie X30-PRO (X30-PRO-V1_09241521). The vulnerability is an OS Command Injection in the Lua module handler at /usr/local/lua/dev_sta/networkConnect.lua, exploitable via a crafted POST request to the module_get endpoint. This is triggered by unvalid...

CVE-2025-56093

CVE-2025-56093 affects Ruijie X30-PRO (X30-PRO-V1_09241521). The vulnerability is an OS command injection in the wireless.lua module (path: /usr/lib/lua/luci/modules/wireless.lua) that can be triggered by a crafted POST request to setWisp. Root cause is unvalidated input leading to arbitrary comm...

CVE-2025-56082

The CVE-2025-56082 entry describes an OS Command Injection in Ruijie RG-BCR600W. Affected component: the LUCI admin controller at /usr/lib/lua/luci/controller/admin/common.lua. Root cause: unvalidated input in the check_changes function allows arbitrary command execution via a crafted POST reques...

CVE-2025-12120

Lite XL

EUVD-2025-30814

Malicious code in bioql PyPI...

CVE-2025-57430

Creacast Creabox Manager 4.4.4 exposes sensitive configuration data via a publicly accessible endpoint /get. When accessed, this endpoint returns internal configuration including the creacodec.lua file, which contains plaintext admin credentials...

CVE-2023-34849

An unauthorized command injection vulnerability exists in the ActionLogin function of the webman.lua file in Ikuai router OS through 3.7.1...

CVE-2025-29227

In Linksys E5600 V1.1.0.26, the \usr\share\lua\runtime.lua file contains a command injection vulnerability in the runtime.pingTest function via the pt"pkgsize" parameter...