CVE-2026-31195

The ping diagnostic handler in /bin/httpdclientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized user input into a system call, allowing authenticated remote attackers to execute arbitrary commands as root via crafted destAddr parameters using she...

CVE-2026-31195

The ping diagnostic handler in /bin/httpdclientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized user input into a system call, allowing authenticated remote attackers to execute arbitrary commands as root via crafted destAddr parameters using she...

CVE-2026-31195

The ping diagnostic handler in /bin/httpdclientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized user input into a system call, allowing authenticated remote attackers to execute arbitrary commands as root via crafted destAddr parameters using she...

CVE-2026-31195

The ping diagnostic handler in /bin/httpdclientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized user input into a system call, allowing authenticated remote attackers to execute arbitrary commands as root via crafted destAddr parameters using she...

PT-2026-37057

Name of the Vulnerable Software and Affected Versions ALTICE LABS / SFR France GR140DG affected versions not specified ALTICE LABS / SFR France GR140IG affected versions not specified Description The ping diagnostic handler in the '/bin/httpd clientside' endpoint allows authenticated remote...

Exploit for OS Command Injection in Gl-Inet Gl-Mt300N-V2_Firmware

GL-InjectoR: CVE-2022-31898 Authenticated Command Injection in...

CVE-2026-28773

The CVE-2026-28773 entry concerns the IDC SFX Series SuperFlex SatelliteReceiver Web Management Interface (version 101). Affected component: the web-based Ping diagnostic utility at /IDC_Ping/main.cgi. Root cause: insecure parsing of the IPaddr parameter enables OS command injection by bypassing ...

CVE-2025-66738

CVE-2025-66738 affects Yealink T21P_E2 Phone (version 52.84.0.15). The issue is in the ping function of the diagnostic component, allowing a remote attacker with normal privileges to execute arbitrary code via a crafted request. Exploitation details are not provided in the available documents; no...

PT-2025-53601

Name of the Vulnerable Software and Affected Versions Yealink T21P E2 Phone version 52.84.0.15 Description A flaw exists in the Yealink T21P E2 Phone that could allow a remote attacker with normal privileges to execute arbitrary code. This is possible through a crafted request targeting the ping...

CVE-2025-13304

A security flaw has been discovered in D-Link DWR-M920, DWR-M921, DWR-M960, DWR-M961 and DIR-825M 1.01.07/1.1.47. This vulnerability affects unknown code of the file /boafrm/formPingDiagnosticRun. Performing manipulation of the argument host results in buffer overflow. The attack may be initiated...

EUVD-2025-197897

A security flaw has been discovered in D-Link DWR-M920, DWR-M921, DWR-M960, DWR-M961 and DIR-825M 1.01.07/1.1.47. This vulnerability affects unknown code of the file /boafrm/formPingDiagnosticRun. Performing manipulation of the argument host results in buffer overflow. The attack may be initiated...

CVE-2025-13304 D-Link DWR-M920/DWR-M921/DWR-M960/DWR-M961/DIR-825M formPingDiagnosticRun buffer overflow

A security flaw has been discovered in D-Link DWR-M920, DWR-M921, DWR-M960, DWR-M961 and DIR-825M 1.01.07/1.1.47. This vulnerability affects unknown code of the file /boafrm/formPingDiagnosticRun. Performing manipulation of the argument host results in buffer overflow. The attack may be initiated...

EUVD-2020-23637

Malware in sbrugna...

CVE-2025-52357

Cross-Site Scripting XSS vulnerability exists in the ping diagnostic feature of FiberHome FD602GW-DX-R410 router firmware V2.2.14, allowing an authenticated attacker to execute arbitrary JavaScript code in the context of the router s web interface. The vulnerability is triggered via user-supplied...

CVE-2025-52357

Cross-Site Scripting XSS vulnerability exists in the ping diagnostic feature of FiberHome FD602GW-DX-R410 router firmware V2.2.14, allowing an authenticated attacker to execute arbitrary JavaScript code in the context of the router s web interface. The vulnerability is triggered via user-supplied...

PT-2025-28959 · Fiberhome · Fd602Gw-Dx-R410

Name of the Vulnerable Software and Affected Versions: FiberHome FD602GW-DX-R410 router version V2.2.14 Description: A Cross-Site Scripting XSS issue exists in the ping diagnostic feature. An authenticated attacker can execute arbitrary JavaScript code within the router’s web interface. The issue...

CVE-2025-52357

Cross-Site Scripting XSS vulnerability exists in the ping diagnostic feature of FiberHome FD602GW-DX-R410 router firmware V2.2.14, allowing an authenticated attacker to execute arbitrary JavaScript code in the context of the router s web interface. The vulnerability is triggered via user-supplied...

C-Data FD602GW-DX-R410 Fiber Router 安全漏洞

C-Data FD602GW-DX-R410 Fiber Router is a router from China Sidet C-Data. A security vulnerability exists in the C-Data FD602GW-DX-R410 Fiber Router version V2.2.14, which stems from insufficient input cleanup for the ping diagnostic function and could lead to cross-site scripting attacks...

CVE-2020-36056

Beetel 777VR1-DI Hardware Version REV.1.01 Firmware Version V01.00.0955 was discovered to contain a cross-site scripting XSS vulnerability via the Ping diagnostic option...

CVE-2024-22065

There is a command injection vulnerability in ZTE MF258 Pro product. Due to insufficient validation of Ping Diagnosis interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands...