Tenda HG6 操作系统命令注入漏洞

Tenda HG6 is an intelligent routing passive optical network terminal from Tenda, China.A command injection vulnerability exists in Tenda HG6, which stems from the failure of the pingAddr and traceAddr parameters to properly filter the construction of command special characters, commands, etc. An...

CVE-2022-30425

Affected product : Tenda HG6 router (firmware/software version 3.3.0-210926, HG6). Vulnerability : OS command injection via HTTP POST parameters in the formPing/formPing6 and formTracert/formTracert6, exploiting unfiltered input in the pingAddr and traceAddr fields. Root cause : failure to proper...

CVE-2022-30425

Tenda Technology Co.,Ltd HG6 3.3.0-210926 was discovered to contain a command injection vulnerability via the pingAddr and traceAddr parameters. This vulnerability is exploited via a crafted POST request...

Tenda HG6 3.3.0 Remote Command Injection Vulnerability

Tenda HG6 version 3.3.0 suffers from a remote command injection vulnerability. It can be exploited to inject and execute arbitrary shell commands through the pingAddr and traceAddr HTTP POST parameters in formPing, formPing6, formTracert and formTracert6 interfaces. Tenda HG6 v3.3.0 Remote Comman...

KZTech / JatonTec / Neotel JT3500V 4G LTE CPE 2.0.1 - Command Injection (Authenticated) Vulnerabilit

Exploit Title: KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Command Injection Authenticated Exploit Author: LiquidWorm Vendor Homepage: http://www.kzbtech.com http://www.jatontec.com https://www.neotel.mk Vendor: KZ Broadband Technologies, Ltd. | Jaton Technology, Ltd. Product web page:...

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Command Injection (Authenticated)

Exploit Title: KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Command Injection Authenticated Date: 03.02.2021 Exploit Author: LiquidWorm Vendor Homepage: http://www.kzbtech.com http://www.jatontec.com https://www.neotel.mk Vendor: KZ Broadband Technologies, Ltd. | Jaton Technology, Ltd. Produ...

VulnCheck KEV: CVE-2019-18396

An issue was discovered in certain Oi third-party firmware that may be installed on Technicolor TD5130v2 devices. A Command Injection in the Ping module in the Web Interface in OIFwV20 allows remote attackers to execute arbitrary OS commands in the pingAddr parameter to mntping.cgi. NOTE: This...

The vulnerability of the mnt_ping.cgi service in the microprogramming software of the Technicolor TD5336 router allows a hacker to execute arbitrary operating system commands with superuser privileges.

The vulnerability of the mntping.cgi service in the microprogramming software of the Technicolor TD5336 router exists due to the failure to take measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitra...

Technicolor TD5336 OI_Fw_v7 Command Injection Vulnerability

Technicolor TD5336 OIFwv7 devices is a modem from Technicolor France. A command injection vulnerability exists in the Ping Module of the Web Interface on Technicolor TD5336 OIFwv7 devices. A remote attacker can exploit this vulnerability by sending the 'pingAddr' parameter with metacharacters to...

CVE-2017-14127

Command Injection in the Ping Module in the Web Interface on Technicolor TD5336 OIFwv7 devices allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the pingAddr parameter to mntping.cgi...

CVE-2017-11588

On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is remote command execution via shell metacharacters in the pingAddr parameter to the waitPingqry.cgi URI. The command...

Cisco DDR2200 ADSL2+ Residential Gateway and DDR2201v1 ADSL2+ Residential Gateway Directory Traversal Vulnerability

The Cisco DDR2200 ADSL2+ Residential Gateway and DDR2201v1 ADSL2+ Residential Gateway are both home wireless gateway devices from Cisco. The Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E version and the DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-...