CVE-2025-43953

In 2wcom IP-4c 2.16, the web interface allows admin and manager users to execute arbitrary code as root via a ping or traceroute field on the TCP/IP screen...

CVE-2025-42907

SAP BI Platform allows an attacker to modify the IP address of the LogonToken for the OpenDoc. On accessing the modified link in the browser a different server could get the ping request. This has low impact on integrity with no impact on confidentiality and availability of the system...

CVE-2025-42907 Server-Side Request Forgery in SAP BI Platform

SAP BI Platform allows an attacker to modify the IP address of the LogonToken for the OpenDoc. On accessing the modified link in the browser a different server could get the ping request. This has low impact on integrity with no impact on confidentiality and availability of the system...

CVE-2025-42907

CVE-2025-42907 concerns SAP BI Platform. Multiple connected sources confirm a vulnerability where an attacker can modify the IP address in the LogonToken attached to OpenDoc, and when the modified link is opened in a browser, a different server could receive a ping request. The impact is describe...

PT-2025-39106

Name of the Vulnerable Software and Affected Versions SAP BI Platform affected versions not specified Description An attacker can modify the IP address within the LogonToken associated with OpenDoc. Accessing the modified link in a web browser may redirect a ping request to a different server. Th...

CVE-2025-43953

In 2wcom IP-4c 2.16, the web interface allows admin and manager users to execute arbitrary code as root via a ping or traceroute field on the TCP/IP screen...

2wcom IP-4c 安全漏洞

The 2wcom IP-4c is an audio codec device from the German company 2wcom. A security vulnerability exists in the 2wcom IP-4c version 2.16, which originates from a web interface that allows administrator and manager users to execute arbitrary code as root via the ping or traceroute fields on the...

CVE-2025-43953

In 2wcom IP-4c 2.16, the web interface allows admin and manager users to execute arbitrary code as root via a ping or traceroute field on the TCP/IP screen...

CVE-2025-43953

CVE-2025-43953 affects the 2wcom IP-4c device running version 2.16. The web interface is vulnerable: admin and manager users can execute arbitrary code as root via a ping or traceroute field on the TCP/IP screen. The vulnerability is exposed over the network (CVSS: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H...

CVE-2025-43953

In 2wcom IP-4c 2.16, the web interface allows admin and manager users to execute arbitrary code as root via a ping or traceroute field on the TCP/IP screen...

PT-2025-38748

Name of the Vulnerable Software and Affected Versions 2wcom IP-4c version 2.16 Description The web interface allows admin and manager users to execute arbitrary code as root via a ping or traceroute field on the TCP/IP screen. The affected functionality is accessible through the web interface. Th...

CVE-2025-10401

A vulnerability was detected in D-Link DIR-823x up to 250416. The affected element is an unknown function of the file /goform/diagping. Performing manipulation of the argument targetaddr results in command injection. Remote exploitation of the attack is possible. The exploit is now public and may...

D-Link DIR-823x Command Injection Vulnerability

The D-Link DIR-823X is a wireless router from China's AUO D-Link. A command injection vulnerability exists in the D-Link DIR-823x 250416 and prior versions, which stems from the failure to properly filter constructed command special characters, commands, etc. in the parameter targetaddr in the fi...

CVE-2025-10401

A vulnerability was detected in D-Link DIR-823x up to 250416. The affected element is an unknown function of the file /goform/diagping. Performing manipulation of the argument targetaddr results in command injection. Remote exploitation of the attack is possible. The exploit is now public and may...

CVE-2025-10401

CVE-2025-10401 concerns the D-Link DIR-823x family (firmware up to 250416). The vulnerability exists in the diag_ping handling (file path /goform/diag_ping) where manipulation of the target_addr argument enables arbitrary command execution via a command-injection flaw. It is a remote exploit with...

CVE-2025-10401 D-Link DIR-823x diag_ping command injection

A vulnerability was detected in D-Link DIR-823x up to 250416. The affected element is an unknown function of the file /goform/diagping. Performing manipulation of the argument targetaddr results in command injection. Remote exploitation of the attack is possible. The exploit is now public and may...

D-Link DIR-823X 命令注入漏洞

The D-Link DIR-823X is a wireless router from China's AUO D-Link. A command injection vulnerability exists in the D-Link DIR-823x 250416 and prior versions, which stems from the failure to properly filter constructed command special characters, commands, etc. in the parameter targetaddr in the fi...

PT-2025-37415

Name of the Vulnerable Software and Affected Versions: D-Link DIR-823x versions up to 250416 Description: A command injection issue exists in D-Link DIR-823x firmware. The issue is located in an unknown function within the /goform/diag ping file. Manipulation of the target addr argument allows fo...

OESA-2025-2295 iputils security update

The iputils package contains basic utilities for monitoring a network, including ping. The ping command sends a series of ICMP protocol ECHOREQUEST packets to a specified network host to discover whether the target machine is alive and receiving network traffic. Security Fixes: ping in iputils...

D-Link DIR-825 ping6_ipaddr parameter buffer overflow vulnerability

D-Link DIR-825 is a dual-band wireless router for SMB and SOHO environments from AUO D-Link, supporting 2.4GHz and 5GHz bands at the same time to meet the demand for multi-device HD video transmission. The D-Link DIR-825 suffers from a buffer overflow vulnerability that originates from the...