EUVD-2026-31752

A security vulnerability has been detected in Totolink CA750-PoE 6.2c.510. Impacted is the function setNetworkDiag of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument NetDiagHost/NetDiagPingNum/NetDiagPingSize/NetDiagPingTimeOut/NetDiagTracertHop is...

CVE-2026-9514

The CVE-2026-9514 entry concerns Totolink CA750-PoE (firmware 6.2c.510). The vulnerability affects the Setting Handler’s /cgi-bin/cstecgi.cgi setNetworkDiag function, where argument NetDiagHost/NetDiagPingNum/NetDiagPingSize/NetDiagPingTimeOut/NetDiagTracertHop is directly passed by the attacker,...

TOTOLINK CA750-PoE 操作系统命令注入漏洞

The TOTOLINK CA750-PoE is a wireless network access device from China-based TOTOLINK Electronics TOTOLINK. The TOTOLINK CA750-PoE version 6.2c.510 suffers from an operating system command injection vulnerability, which originates from the Setting Handler component's setNetworkDiag function in the...

TP-Link Archer AX72 安全漏洞

The TP-Link Archer AX72 is a Wi-Fi 6 wireless router produced by TP-Link Corporation. The TP-Link Archer AX72 SG v1 version has a security vulnerability. This vulnerability arises from the improper handling of invalid user inputs by the network diagnostic function, which may lead to limited...

CVE-2026-25857

Tenda G300-F router firmware version 16.01.14.2 and prior contain an OS command injection vulnerability in the WAN diagnostic functionality formSetWanDiag. The implementation constructs a shell command that invokes curl and incorporates attacker-controlled input into the command line without...

SDMC NE6037 操作系统命令注入漏洞

The SDMC NE6037 is a cable modem from China's Sinodisk SDMC. An operating system command injection vulnerability exists in the SDMC NE6037 versions prior to 7.1.12.2.44, which stems from a shell command injection vulnerability in the Network Diagnostic Tool...

EUVD-2018-8069

Malware in sbrugna...

EUVD-2020-28999

Malware in sbrugna...

EUVD-2022-40470

Malicious code in bioql PyPI...

CVE-2022-37861

There is a remote code execution RCE vulnerability in Tenhot TWS-100 V4.0-201809201424 router device. It is necessary to know that the device account password is allowed to escape the execution system command through the network tools in the network diagnostic component...

CVE-2018-16217

The network diagnostic function ping in the Yeahlink Ultra-elegant IP Phone SIP-T41P firmware 66.83.0.35 allows a remote authenticated attacker to trigger OS commands or open a reverse shell via command injection...

mtr bug fix update

An update is available for mtr. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list MTR combines the functionality of the 'traceroute' and 'ping' programs in a singl...

SmartNode SN200 3.21.2-23021 OS Command Injection

Advisory ID: SYSS-2023-019 Product: SmartNode SN200 Analog Telephone Adapter ATA & VoIP Gateway Manufacturer: Patton LLC Affected Versions: = 3.21.2-23021 Tested Versions: 2.21.1-22041, 3.21.2-23021, 3.22.0-23083 Vulnerability Type: OS Command Injection CWE-78 Vulnerability Type: Improper Access...

VulnCheck KEV: CVE-2021-36380

Sunhillo SureLine contains an OS command injection vulnerability that allows an attacker to cause a denial-of-service or utilize the device for persistence on the network via shell metacharacters in ipAddr or dnsAddr in /cgi/networkDiag.cgi...

PT-2023-8337 · Unknown · Smartnode Sn200

Name of the Vulnerable Software and Affected Versions: SmartNode SN200 aka SN200 version 3.21.2-23021 Description: The issue is related to the Network Diagnostic Commands function of the SmartNode SN200 analog telephone adapter's firmware, which fails to neutralize special elements used in an...

RG-BCR860 OS Command Injection Vulnerability in Beijing StarNet Ruijie Network Technology Co.

The RG-BCR860 is a commercial cloud router from Ruijie Networks China. Ltd. The RG-BCR860 version 2.5.13 suffers from an operating system command injection vulnerability that originates from the failure of the component Network Diagnostic Page to correctly filter constructed command special...

CVE-2023-3450

A vulnerability was found in Ruijie RG-BCR860 2.5.13 and classified as critical. This issue affects some unknown processing of the component Network Diagnostic Page. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public...

Command injection

A vulnerability was found in Ruijie RG-BCR860 2.5.13 and classified as critical. This issue affects some unknown processing of the component Network Diagnostic Page. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public...

CVE-2023-3450 Ruijie RG-BCR860 Network Diagnostic Page os command injection

A vulnerability was found in Ruijie RG-BCR860 2.5.13 and classified as critical. This issue affects some unknown processing of the component Network Diagnostic Page. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public...

CVE-2023-3450 Ruijie RG-BCR860 Network Diagnostic Page os command injection

A vulnerability was found in Ruijie RG-BCR860 2.5.13 and classified as critical. This issue affects some unknown processing of the component Network Diagnostic Page. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public...