EUVD-2026-27117

WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the wireless.cgi binary that allow unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the sz11gChannel or PIN POST parameters. Attackers can...

PT-2026-36910

Name of the Vulnerable Software and Affected Versions WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 Description An OS command injection issue exists in the 'wireless.cgi' binary. Unauthenticated remote attackers can execute arbitrary shell commands by injecting malicious input into the...

PT-2026-35165

A vulnerability was identified in Linksys MR9600 2.0.6.206937. This affects the function BTRequestGetSmartConnectStatus of the file /etc/init.d/run central2.sh of the component JNAP Action Handler. The manipulation of the argument pin leads to os command injection. The attack may be initiated...

EUVD-2025-23538

Malicious code in bioql PyPI...

TOTOLINK N600R Command Injection Vulnerability

TOTOLINK N600R is a dual-band wireless router launched by Korean brand TOTOLINK in 2013, which supports 2.4GHz and 5GHz bands to work concurrently, with a maximum wireless transmission rate of up to 300Mbps. The TOTOLINK N600R suffers from a command injection vulnerability that stems from the pin...

CVE-2025-51390

TOTOLINK N600R V4.3.0cu.7647B20210106 was discovered to contain a command injection vulnerability via the pin parameter in the setWiFiWpsConfig function...

TOTOLINK N600R 安全漏洞

TOTOLINK N600R is a dual-band wireless router launched by Korean brand TOTOLINK in 2013, which supports 2.4GHz and 5GHz bands to work concurrently, with a maximum wireless transmission rate of up to 300Mbps. The TOTOLINK N600R suffers from a command injection vulnerability that stems from the pin...

PT-2025-31840 · Totolink · Totolink N600R

Name of the Vulnerable Software and Affected Versions: TOTOLINK N600R version 4.3.0cu.7647 B20210106 Description: The TOTOLINK N600R router firmware contains a command injection vulnerability. This issue is located in the setWiFiWpsConfig function and is triggered through the pin parameter...

Belkin F9K1122 安全漏洞

The Belkin F9K1122 is a WiFi signal extender from Belkin Canada. The Belkin F9K1122 suffers from a stack buffer overflow vulnerability that originates from the incorrect operation of the parameter wpsenroleepin/webpage in the file /goform/formWlanSetupWPS, no details of the vulnerability are...

TOTOLINK CA300-PoE 命令注入漏洞

TOTOLINK CA300-PoE is a wireless access point from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK CA300-PoE wps.so file, which originates from the parameter PIN of the file wps.so failing to correctly filter constructed command special characters,...

Linksys多款产品 注入漏洞

Linksys RE6300 and others are products of Linksys, Inc.Linksys RE6300 is a wireless network signal extender.Linksys RE6250 is a wireless extender.Linksys RE6500 is a wireless extender. An injection vulnerability exists in various Linksys products, which stems from a command injection due to...

CVE-2022-42161

D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the /SetTriggerWPS/PIN parameter at function SetTriggerWPS...

CVE-2025-22903

TOTOLINK N600R V4.3.0cu.7647B20210106 was discovered to contain a stack overflow via the pin parameter in the function setWiFiWpsConfig...

CVE-2025-22903

Summary: CVE-2025-22903 affects TOTOLINK N600R, version 4.3.0cu.7647_B20210106, with a stack/ buffer overflow in setWiFiWpsConfig triggered by the pin parameter. Root cause (per sources): improper validation of input length in the pin parameter leading to overflow. Documented impact: potential de...

CVE-2025-22903

TOTOLINK N600R V4.3.0cu.7647B20210106 was discovered to contain a stack overflow via the pin parameter in the function setWiFiWpsConfig...

PT-2025-3480 · D Link · D-Link Dir-825

Name of the Vulnerable Software and Affected Versions: D-Link DIR-825 REVB version 2.03 Description: The issue concerns an OS command injection vulnerability in the CGl interface apc client pin.cgi, which allows remote attackers to execute arbitrary commands via the wps pin parameter passed to th...

Web-School ERP 跨站脚本漏洞

Web-School ERP is an application from Web-School India, Inc. An ERP application. A cross-site scripting vulnerability exists in School ERP Pro+Responsive version 1.0, which originates from a cross-site scripting vulnerability in the /schoolerp/officeadmin/ page for the esbankacc, esbankname,...

CVE-2023-40041

TOTOLINK T10v2 5.9c.5061B20200511 has a stack-based buffer overflow in setWiFiWpsConfig in /lib/cstemodules/wps.so. Attackers can send crafted data in an MQTT packet, via the pin parameter, to control the return address and execute code...

Stack overflow

TOTOLINK T10v2 5.9c.5061B20200511 has a stack-based buffer overflow in setWiFiWpsConfig in /lib/cstemodules/wps.so. Attackers can send crafted data in an MQTT packet, via the pin parameter, to control the return address and execute code...

CVE-2023-40041

TOTOLINK T10v2 5.9c.5061B20200511 has a stack-based buffer overflow in setWiFiWpsConfig in /lib/cstemodules/wps.so. Attackers can send crafted data in an MQTT packet, via the pin parameter, to control the return address and execute code...