CVE-2026-10127

A weakness has been identified in Edimax BR-6478AC 1.23. This affects the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component POST Request Handler. This manipulation of the argument rootAPmac causes command injection. The attack may be initiated remotely. The exploit has...

CVE-2026-42062

ELECOM wireless LAN access point devices contain an OS command injection in processing of username parameter. If processing a crafted request, an arbitrary OS command may be executed. No authentication is required...

CVE-2025-50649

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper input validation in the vlanname parameter in the /shutset.asp endpoint...

CVE-2020-37092

Netis E1+ version 1.2.32533 contains a hardcoded root account vulnerability that allows unauthenticated attackers to access the device with predefined credentials. Attackers can leverage the embedded root account with a crackable password to gain full administrative access to the network device...

Security update for qemu

This update for qemu fixes the following issues: Security issues fixed: CVE-2023-1544: out-of-bounds read in VMWare's paravirtual RDMA device operations can be exploited through a malicious guest driver to crash the QEMU process on the host bsc1209554. CVE-2024-6505: heap-based buffer overflow in...

CVE-2025-56098

OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V109241521 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleget in file /usr/local/lua/devsta/networkConnect.lua...

PT-2025-50680

Name of the Vulnerable Software and Affected Versions Ruijie RG-BCR RG-BCR860 affected versions not specified Description An issue exists that allows attackers to execute arbitrary commands. This can be achieved by sending a specially crafted POST request to the...

CVE-2025-43982

Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices enable the SSH service by default. There is a hidden hard-coded root account that cannot be disabled in the GUI...

CVE-2025-49831 Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) vulnerable to IAM Authenticator Bypass via Mis-configured Network Device

An attacker of Secrets Manager, Self-Hosted installations that route traffic from Secrets Manager to AWS through a misconfigured network device can reroute authentication requests to a malicious server under the attacker’s control. CyberArk believes there to be very few installations where this...

CVE-2025-49831

CVE-2025-49831 affects CyberArk Secrets Manager Self-Hosted and Conjur OSS, with a bypass of IAM authenticator possible when traffic from Secrets Manager to AWS is routed through a misconfigured network device. Affected versions include Secrets Manager Self-Hosted before 13.5.1/13.6.1 and Conjur ...

CVE-1999-0507

An account on a router, firewall, or other network device has a guessable password...

CVE-2025-29029

Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the formSetSpeedWan function...

The vulnerability of Cisco IOS network devices of the Cisco Catalyst 6000 series allows a intruder to trigger a service failure.

The vulnerability of Cisco IOS network devices from the Cisco Catalyst 6000 series relates to an error in handling exceptional states. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

The vulnerability of microprogrammed network devices such as ZyXEL USG, USG FLEX, ATP, and VPN lies in the lack of protective measures for the website structure. This allows attackers to execute arbitrary scripts on the vulnerable device.

The vulnerability of the microprogrammed network device software of ZyXEL USG, USG FLEX, ATP, and VPN relates to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary scripts on the vulnerable device...

CVE-2023-46423

TOTOLINK X6000R v9.4.0cu.652B20230116 was discovered to contain a remote command execution RCE vulnerability via the sub417094 function...

The vulnerability of the access point management function in microprogrammed software for Zyxel USG FLEX, USG FLEX 50(W), USG20(W)-VPN, ATP, and VPN allows a hacker to execute arbitrary commands.

The vulnerability of the access point management function in Zyxel USG FLEX, USG FLEX 50W, USG20W-VPN, ATP, and VPN software for network devices is related to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a...

CVE-2023-37172

TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function...

The vulnerability of the Common Gateway Interface (CGI) interface of microprogramming software for network devices such as ZyXEL USG, USG FLEX, ATP, ZyWALL, VPN, and NSG allows attackers to bypass authentication processes and gain increased privileges.

The vulnerability of the Common Gateway Interface CGI interface of ZyXEL USG, USG FLEX, ATP, ZyWALL, VPN, and NSG network devices is related to deficiencies in authentication procedures. Exploiting this vulnerability allows a malicious actor to bypass authentication processes and gain increased...

CVE-2021-45514

NETGEAR XR1000 devices before 1.0.0.58 are affected by command injection by an unauthenticated attacker...

CVE-2020-9201

There is an out-of-bounds read vulnerability in some versions of NIP6800, Secospace USG6600 and USG9500. The software reads data past the end of the intended buffer when parsing DHCP messages including crafted parameter. Successful exploit could cause certain service abnormal...