9777 matches found
CVE-2026-9424
The vulnerability CVE-2026-9424 affects Edimax EW-7438RPn firmware 1.31, in the Content-Type Handler’s formWlanMP function (/goform/formWlanMP). It allows an attacker to manipulate a wide set of parameters (ateFunc, ateGain, ateTxCount, ateChan, ateRate, ateMacID, e2pTxPower*, ateTxFreqOffset, at...
CVE-2026-8652
CVE-2026-8652 describes an OS Command Injection in the product Aterm . The issue allows an attacker who already has administrator access to the product’s web console to execute arbitrary OS commands via the adjacent network, enabling high-severity impact on confidentiality, integrity, and availab...
PT-2026-43043
A vulnerability has been found in Totolink A8000RU 7.1cu.643 b20200521. This issue affects the function UploadOpenVpnCert of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument FileName leads to os command injection. Remote exploitation of the...
NEC Aterm 安全漏洞
NEC Aterm is a series of wireless routers from Nippon Electric NEC. A security vulnerability exists in NEC Aterm that stems from an OS command injection issue, which could allow execution of arbitrary OS commands over an adjacent network if a malicious third party gains administrator access to th...
TOTOLINK A8000RU 操作系统命令注入漏洞
The TOTOLINK A8000RU is a wireless router from China's Gion Electronics TOTOLINK. An OS command injection vulnerability exists in TOTOLINK A8000RU version 7.1cu.643b20200521, which originates from the parameter of the function UploadFirmwareFile in the file /cgi-bin/cstecgi.cgi in the component W...
TOTOLINK A8000RU 操作系统命令注入漏洞
The TOTOLINK A8000RU is a wireless router from China's Gion Electronics TOTOLINK. The Totolink A8000RU version 7.1cu.643b20200521 suffers from an OS command injection vulnerability that originates from the operation of the parameter enabled of the function setOpenVpnCfg in the file...
TOTOLINK CA750-PoE 操作系统命令注入漏洞
The TOTOLINK CA750-PoE is a wireless network access device from China's Gion Electronics TOTOLINK. The Totolink CA750-PoE version 6.2c.510 suffers from an operating system command injection vulnerability that originates from os command injection in the operation of the parameter hosttime in the...
TOTOLINK A8000RU 操作系统命令注入漏洞
The TOTOLINK A8000RU is a wireless router from China's Gion Electronics TOTOLINK. An OS command injection vulnerability exists in TOTOLINK A8000RU version 7.1cu.643b20200521, which originates from the operation of the parameter enabled of the function setWanCfg in the file /cgi-bin/cstecgi.cgi in...
CVE-2026-9407 Totolink A8000RU Web Management cstecgi.cgi setFirewallType os command injection
A security vulnerability has been detected in Totolink A8000RU 7.1cu.643b20200521. Affected by this vulnerability is the function setFirewallType of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument firewallType leads to os command injection...
CVE-2026-9388 Totolink A8000RU Web Management cstecgi.cgi setScheduleCfg os command injection
A weakness has been identified in Totolink A8000RU 7.1cu.643b20200521. The impacted element is the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument mode can lead to os command injection. It is possible to...
CVE-2026-9386
A vulnerability was identified in Totolink A8000RU 7.1cu.643b20200521. Impacted is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument lang leads to os command injection. The attack may be performed from remote...
PT-2026-42975
Name of the Vulnerable Software and Affected Versions Totolink A8000RU version 7.1cu.643 b20200521 Description An OS command injection issue exists in the Web Management Interface. This occurs when the provider argument is manipulated within the setDdnsCfg function of the '/cgi-bin/cstecgi.cgi'...
PT-2026-42955
A vulnerability was identified in Totolink A8000RU 7.1cu.643 b20200521. Impacted is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument lang leads to os command injection. The attack may be performed from remote...
PT-2026-42976
Name of the Vulnerable Software and Affected Versions Totolink A8000RU version 7.1cu.643 b20200521 Description An OS command injection flaw exists in the Web Management Interface. The issue occurs within the setGameSpeedCfg function of the '/cgi-bin/cstecgi.cgi' endpoint. Remote exploitation is...
CVE-2026-9343
Technical details about CVE-2026-9343 are not publicly available in the provided documents. Please monitor for updates from official advisories and vendor communications.
Unity Linux 20.1060e / 20.1070e Security Update: nodejs-jison (UTSA-2026-016653)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016653 advisory. Insufficient input validation in npm package jison = 0.4.18 may lead to OS command injection attacks. Tenable has extracted the preceding description block directly...
vim: Fix of CVE-2026-42307
CVE-2026-42307: fix OS command injection in netrw plugin via crafted sftp:// URLs by hardening the tempfile suffix regex and escaping the tempfile argument before passing it to the sftp command...
CVE-2026-8603 Improper neutralization of special elements used in an OS command ('OS command injection') in ScadaBR
In ScadaBR version 1.2.0, an OS Command Injection vulnerability could allow an attacker to execute commands as root on the SCADA system...
CVE-2026-8603
In ScadaBR 1.2.0, an OS command injection vulnerability could allow an attacker to execute commands as root on the SCADA system. The issue is described as a network‑level vulnerability with no user interaction required, and could impact confidentiality, integrity, and availability (all HIGH). The...
CVE-2026-37281
An OS command injection vulnerability in the /stream-to-vlc Express route in hitarth-gg Zenshin before 2.7.0 allows remote attackers to execute arbitrary commands via the url parameter...