CVE-2026-12197

The CVE-2026-12197 affects Ruijie EG105G-P (firmware 2.340). The issue resides in the nslookup function of /cgi-bin/luci/api/diagnose (JSON-RPC Diagnose Endpoint), where manipulating the params.target argument leads to command injection. It enables remote initiation of an attack, with an exploit ...

CVE-2026-12197 Ruijie EG105G-P JSON-RPC Diagnose Endpoint diagnose nslookup command injection

A security flaw has been discovered in Ruijie EG105G-P 2.340. The impacted element is the function nslookup of the file /cgi-bin/luci/api/diagnose of the component JSON-RPC Diagnose Endpoint. Performing a manipulation of the argument params.target results in command injection. It is possible to...

CVE-2020-12246

Beeline Smart Box 2.0.38 routers allow "Advanced settings Other Diagnostics" OS command injection via the Ping pingipaddr parameter, the Nslookup nslookupipaddr parameter, or the Traceroute tracerouteipaddr parameter...

EUVD-2013-6632

Malware in sbrugna...

EUVD-1999-1564

Malware in sbrugna...

EUVD-2016-5939

Malware in sbrugna...

EUVD-1999-1555

Malware in sbrugna...

EUVD-2002-1533

Malware in sbrugna...

EUVD-1999-0093

Malware in sbrugna...

EUVD-2022-49385

Malicious code in bioql PyPI...

CVE-2022-46581

TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the cameo.cameo.nslookuptarget parameter in the toolsnslookup function...

CVE-2013-6830

admin/confnetworking.html in PineApp Mail-SeCure 3.70 and earlier on 5099SK and earlier platforms allows remote attackers to execute arbitrary commands via shell metacharacters in the nsserver parameter during an nslookup operation...

CVE-1999-0093

AIX nslookup command allows local users to obtain root access by not dropping privileges correctly...

The vulnerability of the sub_41710C function (/goform/diag_nslookup) in the D-Link DIR-823X AX3000 router’s microprogramming system allows a hacker to execute arbitrary commands.

The vulnerability of the sub41710C function /goform/diagnslookup in the D-Link DIR-823X AX3000 router’s microprogramming system exists due to the failure to implement measures to neutralize specific elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands...

CVE-2025-2717

A vulnerability, which was classified as critical, has been found in D-Link DIR-823X 240126/240802. This issue affects the function sub41710C of the file /goform/diagnslookup of the component HTTP POST Request Handler. The manipulation of the argument targetaddr leads to os command injection. The...

ABB Cylon Aspect 3.07.00 Remote Code Execution

ABB Cylon Aspect 3.07.00 networkDiagAjax.php Remote Code Execution Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.07.00 Summary: ASPECT is an award-winning scalable building energy management...

VulnCheck KEV: CVE-2008-3648

nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote attackers to execute arbitrary code, as demonstrated by an attempted DNS zone transfer, and as exploited in the wild in August 2008...

Zyxel Router Command Injection Vulnerability (CVE-2017-6884)

According to its model number and firmware revision, the remote Zyxel Router is affected by a command injection vulnerability within nslookup funciton of the diagnostic tools. An authenticated, remote attacker can exploit this, via various crafted HTTP commands, to execute arbitrary commands...

Zyxel EMG2926 Routers Command Injection Vulnerability

Zyxel EMG2926 routers contain a command injection vulnerability located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute malicious commands on the router, such as the pingip parameter to the expert/maintenance/diagnostic/nslooku...

TRENDnet TEW-755AP stack overflow vulnerability (CNVD-2023-18939)

The TRENDnet TEW-755AP is a router from TRENDnet. A stack overflow vulnerability exists in TRENDnet TEW-755AP version 1.13B01, which stems from a lack of size checking of input data in the comeo.comeo.nslookuptarget parameter of the toolsnslookup function, which can be exploited by an attacker to...