CVE-2026-28773 Authenticated OS Command Injection via Ping Utility Leading to RCE as Root

The web-based Ping diagnostic utility /IDCPing/main.cgi in International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web Management Interface version 101 is vulnerable to OS Command Injection. The application insecurely parses the IPaddr parameter. An authenticated attacke...

CVE-2026-28773

The web-based Ping diagnostic utility /IDCPing/main.cgi in International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web Management Interface version 101 is vulnerable to OS Command Injection. The application insecurely parses the IPaddr parameter. An authenticated attacke...

PT-2026-22875

Name of the Vulnerable Software and Affected Versions International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web Management Interface version 101 Description The web-based Ping diagnostic utility '/IDC Ping/main.cgi' is susceptible to OS Command Injection. The applicati...

CVE-2025-70327

TOTOLINK X5000R v9.1.0cu2415B20250515 contains an argument injection vulnerability in the setDiagnosisCfg handler of the /usr/sbin/lighttpd executable. The ip parameter is retrieved via websGetVar and passed to a ping command through CsteSystem without validating if the input starts with a hyphen...

CVE-2025-70327

TOTOLINK X5000R v9.1.0cu2415B20250515 contains an argument injection vulnerability in the setDiagnosisCfg handler of the /usr/sbin/lighttpd executable. The ip parameter is retrieved via websGetVar and passed to a ping command through CsteSystem without validating if the input starts with a hyphen...

EUVD-2002-1950

Malware in sbrugna...

EUVD-2019-3032

Malware in sbrugna...

EUVD-2023-28110

Malicious code in bioql PyPI...

[SECURITY] Fedora 42 Update: iputils-20250602-3.fc42

The iputils package contains basic utilities for monitoring a network, including ping. The ping command sends a series of ICMP protocol ECHOREQUEST packets to a specified network host to discover whether the target machine is alive and receiving network traffic...

RHEL 9 : iputils (RHSA-2025:11321)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:11321 advisory. The iputils packages contain basic utilities for monitoring a network, including ping. Security Fixes: iputils: Signed Integer Overflow in Timestamp...

AlmaLinux 9 : iputils (ALSA-2025:9432)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:9432 advisory. iputils: Signed Integer Overflow in Timestamp Multiplication in iputils ping CVE-2025-47268 Tenable has extracted the preceding description block directly from the...

RHEL 9 : iputils (RHSA-2025:9432)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:9432 advisory. The iputils packages contain basic utilities for monitoring a network, including ping. Security Fixes: iputils: Signed Integer Overflow in Timestamp...

ALSA-2025:9421 Moderate: iputils security update

The iputils packages contain basic utilities for monitoring a network, including ping. Security Fixes: iputils: Signed Integer Overflow in Timestamp Multiplication in iputils ping CVE-2025-47268 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and...

ALSA-2025:9432 Moderate: iputils security update

The iputils packages contain basic utilities for monitoring a network, including ping. Security Fixes: iputils: Signed Integer Overflow in Timestamp Multiplication in iputils ping CVE-2025-47268 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and...

CVE-2022-45701

Arris TG2482A firmware through 9.1.103GEM9 allow Remote Code Execution RCE via the ping utility feature...

CVE-2002-1971

The ping utility in networkingutils.php in Sourcecraft NetworkingUtils 1.0 allows remote attackers to read arbitrary files via shell metacharacters in the Domain name or IP address argument...

CVE-2024-36061

EnGenius EWS356-FIT devices through 1.1.30 allow blind OS command injection. This allows an attacker to execute arbitrary OS commands via shell metacharacters to the Ping and Speed Test utilities...

PT-2024-5338 · Adtran · Adtran 834-5

Name of the Vulnerable Software and Affected Versions: Adtran 834-5 versions 11.1.0.101-202106231430 SmartOS versions prior to 12.6.3.1 Description: The issue is related to the Ping and Traceroute utilities in the SmartOS operating system of AdTran SRG 834-5 Wi-Fi routers. It allows OS Command...

CVE-2023-49038

Command injection in the ping utility on Buffalo LS210D 1.78-0.03 allows a remote authenticated attacker to inject arbitrary commands onto the NAS as root...

CVE-2023-24046

An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to run arbitrary commands via use of a crafted string in the ping utility...