D-LINK DIR-3040 Libcli 命令注入漏洞(CVE-2021-21819)

The DIR-3040 is an AC3000-based wireless internet router. As discussed in TALOS-2021-1285, a hidden telnet service can be started without authentication by visiting https:///starttelnet This service presents the user with a login prompt for their “libcli test environment”: $ telnet 192.168.0.1...

CVE-2021-28151

Hongdian H8922 3.0.5 devices allow OS command injection via shell metacharacters into the ip-address aka Destination field to the tools.cgi ping command, which is accessible with the username guest and password guest...

Command injection

Hongdian H8922 3.0.5 devices allow OS command injection via shell metacharacters into the ip-address aka Destination field to the tools.cgi ping command, which is accessible with the username guest and password guest...

CVE-2021-28151

Hongdian H8922 3.0.5 devices are vulnerable to remote command injection in tools.cgi ping via shell metacharacters in the ip-address (Destination) field, accessible with guest/guest credentials. The Nuclei template and other sources confirm that an attacker can execute arbitrary commands on the d...

CVE-2021-28151

Hongdian H8922 3.0.5 devices allow OS command injection via shell metacharacters into the ip-address aka Destination field to the tools.cgi ping command, which is accessible with the username guest and password guest...

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Authenticated Command Injection

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Authenticated Command Injection Vendor: KZ Broadband Technologies, Ltd. | Jaton Technology, Ltd. Product web page: http://www.kzbtech.com | http://www.jatontec.com | https://www.neotel.mk http://www.jatontec.com/products/show.php?itemid=258...

CVE-2021-26747

Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metacharacter Injection into the ping command, leading to remote code execution...

Design/Logic Flaw

Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metacharacter Injection into the ping command, leading to remote code execution...

Denial of Service in sebhildebrandt/systeminformation

Description systeminformation is vulnerable to Denial of Service. It is possible to overwrite the ping command parameters, which results in too long execution. Proof of Concept Create a .js file with the content below and run it. javascript const si = require'systeminformation'; si.inetLatency"-c...

Command injection

An issue was discovered in DD-WRT through 16214. The Diagnostic page allows remote attackers to execute arbitrary commands via shell metacharacters in the host field of the ping command. Exploitation through CSRF might be possible. NOTE: software maintainers consider the report invalid because it...

CVE-2020-13976

An issue was discovered in DD-WRT through 16214. The Diagnostic page allows remote attackers to execute arbitrary commands via shell metacharacters in the host field of the ping command. Exploitation through CSRF might be possible. NOTE: software maintainers consider the report invalid because it...

CVE-2019-25065

creationtimestamp| type| source ---|---|--- 2020-02-21 14:58:53+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/opennetadminpingcmdinjection.rb 2025-10-23 21:12:58+00:00| seen| MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7...

CVE-2020-9027

ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection via the TRACE field of the resource ping.cmd. The NTP-2 device is also affected...

CVE-2012-6610

Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote authenticated users to execute arbitrary commands as demonstrated by a ; semicolon to the ping command feature...

CVE-2012-6610

Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote authenticated users to execute arbitrary commands as demonstrated by a ; semicolon to the ping command feature...

CVE-2018-18852

Cerio DT-300N 1.1.6 through 1.1.12 devices allow OS command injection because of improper input validation of the web-interface PING feature's use of Save.cgi to execute a ping command, as exploited in the wild in October 2018...

Command injection

Cerio DT-300N 1.1.6 through 1.1.12 devices allow OS command injection because of improper input validation of the web-interface PING feature's use of Save.cgi to execute a ping command, as exploited in the wild in October 2018...

Blue Angel Software Suite Command Execution

Exploit Title: Blue Angel Software Suite - Authenticated Command Execution Google Dork: N/A Date: 02/05/2019 Exploit Author: Paolo Serracino Vendor Homepage: http://www.5vtechnologies.com Software Link: N/A Version: All Tested on: Embedded Linux OS CVE : N/A Description: Blue Angel Software Suite...

Blue Angel Software Suite - Command Execution Exploit

Exploit Title: Blue Angel Software Suite - Authenticated Command Execution Exploit Author: Paolo Serracino Vendor Homepage: http://www.5vtechnologies.com Software Link: N/A Version: All Tested on: Embedded Linux OS CVE : N/A Description: Blue Angel Software Suite, an application that runs on...

Blue Angel Software Suite - Command Execution

Blue Angel Software Suite - Command Execution Exploit Title: Blue Angel Software Suite - Authenticated Command Execution Google Dork: N/A Date: 02/05/2019 Exploit Author: Paolo Serracino Vendor Homepage: http://www.5vtechnologies.com Software Link: N/A Version: All Tested on: Embedded Linux OS CV...