Lucene search
K

3480 matches found

NVD
NVD
added 5 days ago6 views

CVE-2026-32833

Cudy LT300 3.0 running firmware prior to version 2.5.12 contains an OS command injection vulnerability that allows authenticated attackers to execute arbitrary commands by injecting shell metacharacters into the cbid.system.ntp.current POST parameter in the system time configuration interface...

8.8CVSS0.0134EPSS
Exploits0References2
CVE
CVE
added 5 days ago10 views

CVE-2026-32833

CVE-2026-32833 affects Cudy LT300 3.0 firmware prior to 2.5.12. The vulnerability arises in the system time configuration interface, where an authenticated attacker can inject shell metacharacters into the cbid.system.ntp.current POST parameter via the NTP settings endpoint, enabling remote code ...

8.8CVSS6.7AI score0.0134EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago28 views

CVE-2026-32833 Cudy LT300 3.0 OS Command Injection via NTP Configuration

Cudy LT300 3.0 running firmware prior to version 2.5.12 contains an OS command injection vulnerability that allows authenticated attackers to execute arbitrary commands by injecting shell metacharacters into the cbid.system.ntp.current POST parameter in the system time configuration interface...

8.8CVSS0.0134EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 5 days ago10 views

PT-2026-52898

Name of the Vulnerable Software and Affected Versions Cudy LT300 3.0 versions prior to 2.5.12 Description Authenticated attackers can execute arbitrary commands on the underlying system by injecting shell metacharacters into the cbid.system.ntp.current POST parameter within the system time...

8.8CVSS6.6AI score0.0134EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.9 views

CVE-2026-7721

A security vulnerability has been detected in Totolink WA300 5.2cu.7112B20190227. This affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument hostTime leads to command injection. The attack can be executed remotely. The exploit has been disclosed...

6.5CVSS6.4AI score0.00916EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:22 p.m.9 views

CVE-2026-7138

A vulnerability was detected in Totolink A8000RU 7.1cu.643b20200521. This vulnerability affects the function setNtpCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument tz results in os command injection. The attack can be executed remotely. The explo...

10CVSS7.5AI score0.01766EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.9 views

TOTOLINK CA750-PoE 操作系统命令注入漏洞

The TOTOLINK CA750-PoE is a wireless network access device from China's Gion Electronics TOTOLINK. The Totolink CA750-PoE version 6.2c.510 suffers from an operating system command injection vulnerability that originates from os command injection in the operation of the parameter hosttime in the...

6.5CVSS6.6AI score0.01057EPSS
Exploits0References6
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux - уязвимость в ntp

In the file libntp/mstolfp.c, within the NTP version 4.2.8p15, there is a buffer overflow vulnerability in the while loop of the cpcpdec function. An adversary could potentially attack a client NTPQ process, but they cannot attack the ntpd process...

5.6CVSS7.1AI score0.0067EPSS
Exploits0References2
CVE
CVE
added 2026/05/13 12:0 a.m.12 views

CVE-2026-36741

CVE-2026-36741 affects U-SPEED AC1200 Gigabit Wi-Fi Router, Model T18-21K, V1.0. Root cause is improper sanitization of user input in the NTP configuration interface, enabling authenticated users with NTP config permissions to inject arbitrary system commands. Commands execute with elevated privi...

7.2CVSS6AI score0.0109EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/11 4:30 a.m.9 views

CVE-2026-8273

A weakness has been identified in D-Link DNS-320 2.06B01. This impacts the function cgisethost/cgisetntp/cgifancontrol/cgimergeuser of the file /cgi-bin/systemmgr.cgi. This manipulation causes os command injection. It is possible to initiate the attack remotely...

5.8CVSS5.7AI score0.04544EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.25 views

PT-2026-39572

A weakness has been identified in D-Link DNS-320 2.06B01. This impacts the function cgi set host/cgi set ntp/cgi fan control/cgi merge user of the file /cgi-bin/system mgr.cgi. This manipulation causes os command injection. It is possible to initiate the attack remotely...

5.8CVSS5.7AI score0.04544EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.11 views

PT-2026-36751

A security vulnerability has been detected in Totolink WA300 5.2cu.7112 B20190227. This affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument hostTime leads to command injection. The attack can be executed remotely. The exploit has been disclosed...

6.5CVSS6.4AI score0.00916EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/05/01 12:0 a.m.7 views

Wireshark 2.2.x < 2.2.12 Multiple Vulnerabilities (macOS)

The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 2.2.12. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-2.2.12 advisory. - In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could...

7.5CVSS6.9AI score0.03141EPSS
Exploits0References13
NVD
NVD
added 2026/04/29 10:16 p.m.5 views

CVE-2026-7418

A vulnerability was determined in UTT HiPER 1250GW up to 3.2.7-210907-180535. This vulnerability affects the function strcpy of the file route/goform/NTP. Executing a manipulation of the argument Profile can lead to buffer overflow. The attack may be launched remotely. The exploit has been public...

9CVSS0.00563EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.6 views

PT-2026-36020

Name of the Vulnerable Software and Affected Versions UTT HiPER 1250GW versions prior to 3.2.7-210907-180535 Description A buffer overflow can be triggered remotely via the strcpy function within the file route/goform/NTP. This occurs when the Profile argument is manipulated. Recommendations Upda...

9CVSS8.3AI score0.00563EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/04/27 4:0 p.m.6 views

CVE-2026-7138 Totolink A8000RU CGI cstecgi.cgi setNtpCfg os command injection

A vulnerability was detected in Totolink A8000RU 7.1cu.643b20200521. This vulnerability affects the function setNtpCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument tz results in os command injection. The attack can be executed remotely. The explo...

10CVSS8.3AI score0.01766EPSS
Exploits0References5
CVE
CVE
added 2026/04/06 10:30 p.m.8 views

CVE-2026-5689

Totolink A7100RU (firmware 7.4cu.2313_b20191024) is affected by an OS command injection in the setNtpCfg function of /cgi-bin/cstecgi.cgi. Manipulating the tz argument can enable remote exploitation, and public exploits are available. Affected impact and realistic remediation details are not prov...

7.5CVSS6.9AI score0.01459EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/06 10:30 p.m.4 views

CVE-2026-5689

A vulnerability was detected in Totolink A7100RU 7.4cu.2313b20191024. The affected element is the function setNtpCfg of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument tz results in os command injection. Remote exploitation of the attack is possible. The exploit is now...

7.5CVSS6.9AI score0.01459EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:15 p.m.4 views

CVE-2026-4466

A vulnerability has been found in Comfast CF-AC100 2.6.0.8. This affects an unknown function of the file /cgi-bin/mbox-config?method=SET=ntptimezone. The manipulation leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be...

5.8CVSS5.3AI score0.02479EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 2:58 p.m.5 views

CVE-2026-4627

A vulnerability was found in D-Link DIR-825 and DIR-825R 1.0.5/4.5.1. Affected is the function handlerupdatesystemtime of the file libdeuteronmodules.so of the component NTP Service. The manipulation results in os command injection. The attack may be launched remotely. This vulnerability only...

8.6CVSS6.7AI score0.02024EPSS
Exploits0References1
Rows per page
Query Builder