56 matches found
CVE-2026-46193
In the Linux kernel, the following vulnerability has been resolved: xfrm: ah: account for ESN high bits in async callbacks AH allocates its temporary auth/ICV layout differently when ESN is enabled: the async ahash setup appends a 4-byte seqhi slot before the ICV or authdata area, but the async...
CVE-2026-5353
A vulnerability was detected in Trendnet TEW-657BRM 1.00.1. Affected is the function pingtest of the file /setup.cgi. Performing a manipulation of the argument c4IPAddr results in os command injection. Remote exploitation of the attack is possible. The exploit is now public and may be used. The...
EUVD-2026-18408
A vulnerability was detected in Trendnet TEW-657BRM 1.00.1. Affected is the function pingtest of the file /setup.cgi. Performing a manipulation of the argument c4IPAddr results in os command injection. Remote exploitation of the attack is possible. The exploit is now public and may be used. The...
CVE-2026-5353
Trendnet TEW-657BRM version 1.00.1 contains a vulnerability in the ping_test function of /setup.cgi where manipulating the c4_IPAddr parameter leads to os command injection. Remote exploitation is possible; exploit code is public. The vendor notes the product is discontinued and out of support si...
PT-2026-29801
A vulnerability was detected in Trendnet TEW-657BRM 1.00.1. Affected is the function ping test of the file /setup.cgi. Performing a manipulation of the argument c4 IPAddr results in os command injection. Remote exploitation of the attack is possible. The exploit is now public and may be used. The...
TRENDnet TEW-657BRM 操作系统命令注入漏洞
TRENDnet TEW-657BRM is a WiFi router produced by the TRENDnet company. The version 1.00.1 of Trendnet TEW-657BRM has a vulnerability related to operating system command injection. This vulnerability stems from incorrect handling of the parameter c4IPAddr in the pingtest function of the file...
CVE-2026-25070
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain an OS command injection vulnerability in the /goform/PingTestSet endpoint that allows unauthenticated remote attackers to execute arbitrary operating system commands. Attackers can inject malicious commands through th...
EUVD-2026-10092
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain an OS command injection vulnerability in the /goform/PingTestSet endpoint that allows unauthenticated remote attackers to execute arbitrary operating system commands. Attackers can inject malicious commands through th...
CVE-2026-25070
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain an OS command injection vulnerability in the /goform/PingTestSet endpoint that allows unauthenticated remote attackers to execute arbitrary operating system commands. Attackers can inject malicious commands through th...
CVE-2026-25070 XikeStor SKS8310-8X PingTestSet Command Injection
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain an OS command injection vulnerability in the /goform/PingTestSet endpoint that allows unauthenticated remote attackers to execute arbitrary operating system commands. Attackers can inject malicious commands through th...
CVE-2026-25070
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain an OS command injection vulnerability in the /goform/PingTestSet endpoint that allows unauthenticated remote attackers to execute arbitrary operating system commands. Attackers can inject malicious commands through th...
CVE-2019-25243
FaceSentry 6.4.8 contains an authenticated remote command injection vulnerability in pingTest.php and tcpPortTest.php scripts. Attackers can exploit unsanitized input parameters to inject and execute arbitrary shell commands with root privileges by manipulating the 'strInIP' and 'strInPort'...
CVE-2019-25243
FaceSentry 6.4.8 contains an authenticated remote command injection vulnerability in pingTest.php and tcpPortTest.php scripts. Attackers can exploit unsanitized input parameters to inject and execute arbitrary shell commands with root privileges by manipulating the 'strInIP' and 'strInPort'...
CVE-2019-25243 FaceSentry 6.4.8 Authenticated Remote Command Injection via Ping Test
FaceSentry 6.4.8 contains an authenticated remote command injection vulnerability in pingTest.php and tcpPortTest.php scripts. Attackers can exploit unsanitized input parameters to inject and execute arbitrary shell commands with root privileges by manipulating the 'strInIP' and 'strInPort'...
CVE-2019-25243 FaceSentry 6.4.8 Authenticated Remote Command Injection via Ping Test
FaceSentry 6.4.8 contains an authenticated remote command injection vulnerability in pingTest.php and tcpPortTest.php scripts. Attackers can exploit unsanitized input parameters to inject and execute arbitrary shell commands with root privileges by manipulating the 'strInIP' and 'strInPort'...
CVE-2019-25243
FaceSentry 6.4.8 has an authenticated remote command injection vulnerability in pingTest.php and tcpPortTest.php. The root cause is unsanitized inputs in strInIP/strInPort, enabling arbitrary shell commands with root privileges. Affected product: FaceSentry 6.4.8. Impact is described as high. Rem...
iWT FaceSentry Access Control System 安全漏洞
The iWT FaceSentry Access Control System is an iWT open source application. It provides an access control function. A security vulnerability exists in iWT FaceSentry Access Control System version 6.4.8, which stems from an authenticated remote command injection in the pingTest.php and...
PT-2025-53329
Name of the Vulnerable Software and Affected Versions FaceSentry version 6.4.8 Description FaceSentry 6.4.8 has a remote command injection issue in the pingTest.php and tcpPortTest.php scripts. An attacker with authentication can inject and execute arbitrary shell commands with root privileges...
PT-2025-48677
Command injection vulnerability in the operating system in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2 through the 'GetDNS', 'CheckPing' and 'TraceRoute' functions...
Wavlink-WN530G3A-Cmd-Injection
Wavlink-WN530G3A-Cmd-Injection This repo details the proof of...