Command injection

Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain a command injection vulnerability via the Ping parameter at pingexec.cgi...

CVE-2022-36559

Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain a command injection vulnerability via the Ping parameter at pingexec.cgi...

Seiko Solutions SkyBridge MB-A100/A110 命令注入漏洞

The Seiko Solutions SkyBridge MB-A100/A110 is an LTE-compatible IoT router from Seiko Solutions, Japan. A security vulnerability exists in the Seiko Solutions SkyBridge MB-A100/A110 v4.2.0 and earlier, which is caused by a command injection in the Ping parameter in pingexec.cgi...

PT-2022-23468 · Seiko · Seiko Skybridge Mb-A200

Name of the Vulnerable Software and Affected Versions: Seiko SkyBridge MB-A200 versions 01.00.04 and below Description: The issue is related to a command injection vulnerability. This vulnerability can be exploited via the Ping parameter at the "ping exec.cgi" endpoint. Recommendations: For Seiko...

WordPress Ping Optimizer plugin <= 2.35.1.2.3 - Arbitrary Settings Update via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary Settings Update via Cross-Site Request Forgery CSRF vulnerability discovered by Daniel Ruf in WordPress Ping Optimizer plugin versions = 2.35.1.3.0. Solution Update the WordPress WordPress Ping Optimizer plugin to the latest available version at least 2.35.1.3.0...

WordPress Ping Optimizer < 2.35.1.3.0 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack http://evil.com aaaa bbbb document.getElementById"test".submit;...

WordPress Ping Optimizer < 2.35.1.3.0 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack PoC http://evil.com aaaa bbbb...

CVE-2022-35559

A stack overflow vulnerability exists in /goform/setAutoPing in Tenda W6 V1.0.0.94122, which allows an attacker to construct ping1 parameters and ping2 parameters for a stack overflow attack. An attacker can use this vulnerability to execute arbitrary code execution...

CVE-2022-35559

A stack overflow vulnerability exists in /goform/setAutoPing in Tenda W6 V1.0.0.94122, which allows an attacker to construct ping1 parameters and ping2 parameters for a stack overflow attack. An attacker can use this vulnerability to execute arbitrary code execution...

Command injection

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameters: remoteManagementEnabled, blockPortScanEnabled, pingFrmWANFilterEnabled and blockSynFloodEnabled, which leads to command injection in page /mansecurity.shtml...

CVE-2022-35521

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameters: remoteManagementEnabled, blockPortScanEnabled, pingFrmWANFilterEnabled and blockSynFloodEnabled, which leads to command injection in page /mansecurity.shtml...

CVE-2022-34974

D-Link DIR810LA1FW102B22 was discovered to contain a command injection vulnerability via the Pingaddr function...

CVE-2022-34973

D-Link DIR820LA1FW106B02 was discovered to contain a buffer overflow via the nextPage parameter at ping.ccp...

CVE-2022-34974

D-Link DIR810LA1FW102B22 was discovered to contain a command injection vulnerability via the Pingaddr function...

D-Link DIR-820L 安全漏洞

The D-Link DIR-820L is a dual-band wireless router from China-based AUO D-Link. A security vulnerability exists in the D-Link DIR-820LA1FW106B02, which stems from the nextPage parameter of its ping.ccp component that can lead to a denial of service due to a buffer overflow...

D-Link DIR-820L 命令注入漏洞

The D-Link DIR-820L is a dual-band wireless router from China-based AUO D-Link. A security vulnerability exists in the D-Link DIR-820LA1FW102B22, which stems from its Pingaddr function that can lead to command injection...

PT-2022-4537 · D Link · D-Link Dir810La1 Fw102B22

Name of the Vulnerable Software and Affected Versions: D-Link DIR810LA1 FW102B22 Description: The issue is related to the lack of input data sanitization in the Ping addr function of the D-Link DIR810LA1 FW102B22 router's firmware. This can be exploited by a remote attacker to execute arbitrary...

CVE-2022-27373

Shanghai Feixun Data Communication Technology Co., Ltd router fir302b A2 was discovered to contain a remote command execution RCE vulnerability via the Ping function...

CVE-2022-27373

Shanghai Feixun Data Communication Technology Co., Ltd router fir302b A2 was discovered to contain a remote command execution RCE vulnerability via the Ping function...

Command injection

Shanghai Feixun Data Communication Technology Co., Ltd router fir302b A2 was discovered to contain a remote command execution RCE vulnerability via the Ping function...