Smoothwall Express Cross-Site Scripting Vulnerability (CNVD-2026-14285)

Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . Smoothwall Express has a cross-site scripting vulnerability. The vulnerability stems from the lack of effective filtering and escaping of user-supplied data in the NTPSERVER parameter of the time.cgi...

CVE-2019-25382

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the NTPSERVER parameter. Attackers can send POST requests to the time.cgi endpoint with script payloads in the...

CVE-2019-25382

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the NTPSERVER parameter. Attackers can send POST requests to the time.cgi endpoint with script payloads in the...

CVE-2019-25382 Smoothwall Express 3.1 'time.cgi' Cross-Site Scripting

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the NTPSERVER parameter. Attackers can send POST requests to the time.cgi endpoint with script payloads in the...

CVE-2019-25382

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the NTPSERVER parameter. Attackers can send POST requests to the time.cgi endpoint with script payloads in the...

EUVD-2020-2672

Malware in sbrugna...

CVE-2025-55603

CVE-2025-55603 affects Tenda AX3 V16.03.12.10_CN. The vulnerability is a buffer overflow in the fromSetSysTime function triggered by the ntpServer parameter, as described across multiple sources (CNVD/CNNVD/RH/NVD). Impact is high: potential instability or crash (DoS) with high confidentiality/in...

CVE-2024-30572

Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the ntpserver parameter...

CVE-2024-57590

TRENDnet TEW-632BRP v1.010B31 devices have an OS command injection vulnerability in the CGl interface "ntpsync.cgi",which allows remote attackers to execute arbitrary commands via parameter "ntpserver" passed to the "ntpsync.cgi" binary through a POST request...

PT-2025-3479 · Trendnet · Trendnet Tew-632Brp

Name of the Vulnerable Software and Affected Versions: TRENDnet TEW-632BRP version 1.010B31 Description: The issue is related to an OS command injection vulnerability in the CGl interface "ntp sync.cgi". This vulnerability allows remote attackers to execute arbitrary commands via the ntp server...

Faraday GM8181和Faraday GM828x 操作系统命令注入漏洞

The Faraday GM8181 and Faraday GM828x are both hardware devices from China-based Smartwon Technology Faraday. An operating system command injection vulnerability exists in the Faraday GM8181 and GM828x version 20240429 and earlier versions, which stems from the fact that incorrect manipulation of...

CVE-2024-30572

Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the ntpserver parameter...

CVE-2023-2391

A vulnerability was found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic. This issue affects some unknown processing of the file scgi-bin/platform.cgi?page=timezone.htm of the component Web Management Interface. The manipulation of the argument ntp.server2 leads to cross site...

CVE-2022-27000

Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the time and time zone function via the hprimaryntpserver, hbackupntpserver, and htimezone parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2019-9122

An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the ntpserver parameter in an ntpsync.cgi POST request...

PT-2019-6344 · D Link · D-Link Dir-825

Name of the Vulnerable Software and Affected Versions: D-Link DIR-825 versions 2.10 Description: The issue is related to the lack of input validation in the firmware of D-Link DIR-825 routers. This can be exploited by a remote attacker to execute arbitrary commands by sending a specially crafted...

TOTOLINK A3002RU System Command Injection Vulnerability (CNVD-2018-26643)

TOTOLINK A3002RU is a wireless router product from Gion Electronics TOTOLINK. A command injection vulnerability exists in fromNtp in TOTOLINK A3002RU version 1.0.8. An attacker can exploit this vulnerability to execute system commands with the help of the 'ntpServerIp2' POST parameter...