15 matches found
CVE-2026-29520 Hereta ETH-IMC408M Reflected XSS via ping_ipaddr Parameter
Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a reflected cross-site scripting vulnerability in the Network Diagnosis ping function that allows attackers to execute arbitrary JavaScript. Attackers can craft malicious links with injected script payloads in the pingipaddr parameter t...
CVE-2026-29520 Hereta ETH-IMC408M Reflected XSS via ping_ipaddr Parameter
Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a reflected cross-site scripting vulnerability in the Network Diagnosis ping function that allows attackers to execute arbitrary JavaScript. Attackers can craft malicious links with injected script payloads in the pingipaddr parameter t...
CVE-2026-29520
The CVE-2026-29520 affects Hereta ETH-IMC408M firmware 1.0.15 and earlier. It is a reflected XSS in the Network Diagnosis ping function via the ping_ipaddr parameter, allowing an attacker to execute arbitrary JavaScript and potentially compromise an authenticated administrator session. CVSS 4.0 b...
CVE-2026-4172
A vulnerability was detected in TRENDnet TEW-632BRP 1.010B32. This affects an unknown part of the file /pingresponse.cgi of the component HTTP POST Request Handler. The manipulation of the argument pingipaddr results in stack-based buffer overflow. The attack may be performed from remote. The...
VulnCheck KEV: CVE-2020-14080
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by POSTing to applysec.cgi via the action pingtest with a sufficiently long pingipaddr key...
D-Link DIR-825 Buffer Overflow Vulnerability
The D-Link DIR-825 is a router from China-based AUO D-Link. The D-Link DIR-825 suffers from a buffer overflow vulnerability that originates from the incorrect operation of the parameter pingipaddr in the file pingresponse.cgi, which can be exploited by an attacker to crash the system by corruptin...
The vulnerability of the web interface of the microprogrammed software routers DIR-615 allows a hacker to execute arbitrary commands.
The vulnerability of the web interface of the microprogrammed software router DIR-615 arises from the lack of checks on input data in the pingipaddr parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
CVE-2021-28841
Null Pointer Dereference vulnerability in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service by sending a POST request to applycgi via an action pingtest without a pingipaddr key...
CVE-2021-28841
Null Pointer Dereference vulnerability in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service by sending a POST request to applycgi via an action pingtest without a pingipaddr key...
Stack overflow
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by POSTing to applysec.cgi via the action pingtest with a sufficiently long pingipaddr key...
CVE-2020-14080
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by POSTing to applysec.cgi via the action pingtest with a sufficiently long pingipaddr key...
Command injection
On Seowon Intech routers, there is a Command Injection vulnerability in diagnostic.cgi via shell metacharacters in the pingipaddr parameter...
CVE-2016-10760
On Seowon Intech routers, there is a Command Injection vulnerability in diagnostic.cgi via shell metacharacters in the pingipaddr parameter...
CVE-2016-10760
On Seowon Intech routers, there is a Command Injection vulnerability in diagnostic.cgi via shell metacharacters in the pingipaddr parameter...
CVE-2016-10760
On Seowon Intech routers, the vulnerability CVE-2016-10760 is a Command Injection flaw in diagnostic.cgi via shell metacharacters in the ping_ipaddr parameter. Affected software is the diagnostic CGI endpoint; root cause is unsanitized input allowing command execution. This can lead to a remote c...