CVE-2026-38834

Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the dopingaction function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2026-38834

Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the dopingaction function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

PT-2026-34016

🚨CVE CVE-2026-38834 Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the do ping action function via the hostName parameter. This vulnerability allow… https://t.co/tKrNtNWoPC ----- Traducción: Se encontró que CV… https://t.co/utmtNgl3sv...

Tenda W30E 安全漏洞

The Tenda W30E is a router produced by the Chinese company Tenda. The Tenda W30E V2.0 V16.01.0.21 version has a security vulnerability. This vulnerability stems from the improper validation of the hostName parameter in the dopingaction function, which may lead to command injection attacks...

CVE-2026-38834

Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the dopingaction function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2026-38834

Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the dopingaction function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

DLink DIR < 2.17.b02 (SAP10018)

The version of DLink DIR installed on the remote host is prior to 2.17.b02. It is, therefore, affected by a vulnerability as referenced in the SAP10018 advisory. - Multiple cross-site request forgery CSRF vulnerabilities in D-Link DIR-600 router rev. Bx with firmware before 2.17b02 allow remote...

CVE-2014-100005

Multiple cross-site request forgery CSRF vulnerabilities in D-Link DIR-600 router rev. Bx with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that 1 create an administrator account or 2 enable remote management via a crafted configuratio...

Alcatel-Lucent OmniPCX Enterprise - masterCGI Arbitrary Command Execution (Metasploit)

$Id: alcatelomnipcxmastercgiexec.rb 10556 2010-10-05 23:13:04Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Alcatel-Lucent OmniPCX Enterprise masterCGI Arbitrary Command Execution

This module abuses a metacharacter injection vulnerability in the HTTP management interface of the Alcatel-Lucent OmniPCX Enterprise Communication Server 7.1 and earlier. The Unified Maintenance Tool contains a 'masterCGI' binary which allows an unauthenticated attacker to execute arbitrary...

CVE-2007-3010

masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action...

PT-2007-4307 · Alcatel · Alcatel Omnipcx Enterprise Communication Server

Name of the Vulnerable Software and Affected Versions: Alcatel OmniPCX Enterprise Communication Server versions R7.1 and earlier Description: The issue allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action. This is related to the...

CVE-2007-3010

masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker...