18 matches found
CVE-2025-67447
The network diagnosis ping module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable to OS command injection. The application does not properly sanitize user input in the IP address field before passing it to the system's ping command. An attacker can inject arbitrary OS commands,...
EUVD-2026-12462
Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a reflected cross-site scripting vulnerability in the Network Diagnosis ping function that allows attackers to execute arbitrary JavaScript. Attackers can craft malicious links with injected script payloads in the pingipaddr parameter t...
CVE-2026-29520
Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a reflected cross-site scripting vulnerability in the Network Diagnosis ping function that allows attackers to execute arbitrary JavaScript. Attackers can craft malicious links with injected script payloads in the pingipaddr parameter t...
CVE-2026-29520
The CVE-2026-29520 affects Hereta ETH-IMC408M firmware 1.0.15 and earlier. It is a reflected XSS in the Network Diagnosis ping function via the ping_ipaddr parameter, allowing an attacker to execute arbitrary JavaScript and potentially compromise an authenticated administrator session. CVSS 4.0 b...
PT-2026-25783
Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a reflected cross-site scripting vulnerability in the Network Diagnosis ping function that allows attackers to execute arbitrary JavaScript. Attackers can craft malicious links with injected script payloads in the ping ipaddr parameter ...
CVE-2022-45551
An issue discovered in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to escalate privileges via WGET command to the Network Diagnosis endpoint...
CVE-2022-45551
An issue discovered in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to escalate privileges via WGET command to the Network Diagnosis endpoint...
CVE-2022-45551
An issue discovered in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to escalate privileges via WGET command to the Network Diagnosis endpoint...
Command injection
An issue discovered in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to escalate privileges via WGET command to the Network Diagnosis endpoint...
CVE-2022-45551
CVE-2022-45551 concerns Shenzhen Zhiboton Electronics ZBT WE1626 Router (version 21.06.18). The issue allows attackers to escalate privileges via the WGET command to the router’s Network Diagnosis endpoint. Affected component/flow appears to be the URL used for network diagnosis, with root cause ...
PT-2023-14702 · Shenzhen Zhiboton Electronics · Zbt We1626 Router
Name of the Vulnerable Software and Affected Versions: Shenzhen Zhiboton Electronics ZBT WE1626 Router version 21.06.18 Description: An issue in the router allows attackers to escalate privileges via the WGET command to the "Network Diagnosis" endpoint. Recommendations: For Shenzhen Zhiboton...
CVE-2022-45551
An issue discovered in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to escalate privileges via WGET command to the Network Diagnosis endpoint...
CVE-2022-4616
The webserver in Delta DX-3021 versions prior to 1.24 is vulnerable to command injection through the network diagnosis page. This vulnerability could allow a remote unauthenticated user to add files, delete files, and change file permissions...
CVE-2022-4616
The webserver in Delta DX-3021 versions prior to 1.24 is vulnerable to command injection through the network diagnosis page. This vulnerability could allow a remote unauthenticated user to add files, delete files, and change file permissions...
Command injection
The webserver in Delta DX-3021 versions prior to 1.24 is vulnerable to command injection through the network diagnosis page. This vulnerability could allow a remote unauthenticated user to add files, delete files, and change file permissions...
CVE-2022-4616
The webserver in Delta DX-3021 versions prior to 1.24 is vulnerable to command injection through the network diagnosis page. This vulnerability could allow a remote unauthenticated user to add files, delete files, and change file permissions...
CVE-2022-4616
Delta DX-3021 webserver (versions before 1.24) is affected by CVE-2022-4616: command injection via the network diagnosis page due to insufficient input validation. Remote unauthenticated users can add/delete files and change permissions. Impact is high (I/H, A/H) with CVSSv3 scores: 9.1 (NVD) and...
PT-2023-6856 · Delta · Delta Dx-3021
Name of the Vulnerable Software and Affected Versions: Delta DX-3021 versions prior to 1.24 Description: The webserver in Delta DX-3021 is vulnerable to command injection through the network diagnosis page. This issue could allow a remote unauthenticated user to add files, delete files, and chang...