CVE-2025-44635

There are multiple unauthorized remote command execution vulnerabilities in the H3C ER2200G2, ERG2-450W, ERG2-1200W, ERG2-1350W, NR1200W series routers before ERG2AW-MNW100-R1117; H3C ER3100G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2, ER6300G2, ER8300G2, ER8300G2-X series routers before...

CVE-2025-34030

An OS command injection vulnerability exists in sar2html version 3.2.2 and prior via the plot parameter in index.php. The application fails to sanitize user-supplied input before using it in a system-level context. Remote, unauthenticated attackers can inject shell commands by appending them to t...

CVE-2025-34029

An OS command injection vulnerability exists in the Edimax EW-7438RPn Mini firmware version 1.13 and prior via the syscmd.asp form handler. The /goform/formSysCmd endpoint exposes a system command interface through the sysCmd parameter. A remote authenticated attacker can submit arbitrary shell...

The vulnerability of the ping_test() function in the adm.cgi script of the Wavlink WL-WN530H4 router software allows a hacker to execute arbitrary commands.

The vulnerability of the pingtest function in the adm.cgi script of the Wavlink WL-WN530H4 router software is related to the lack of data cleaning at the control level when processing the pingIp parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the formSetIptv() function in the microprogramming software for Tenda AC18 allows a hacker to execute any command they desire.

The vulnerability of the formSetIptv function /goform/SetIPTVCfg in the Tenda AC18 router’s microprogramming software is related to the lack of measures for cleaning input data. Exploiting this vulnerability could allow a remote attacker to execute arbitrary commands...

The vulnerability of the Tenda AX12 Wi-Fi router’s microprogramming software lies in the lack of measures to neutralize the special elements used in the operating system’s command set. This allows a hacker to execute arbitrary commands.

The vulnerability of the microprogrammed Wi-Fi router Tenda AX12 relates to the lack of measures taken to neutralize special elements used in the operating system’s command processing when handling the list parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

CVE-2025-34030

An OS command injection vulnerability exists in sar2html version 3.2.2 and prior via the plot parameter in index.php. The application fails to sanitize user-supplied input before using it in a system-level context. Remote, unauthenticated attackers can inject shell commands by appending them to t...

CVE-2025-25038

An OS command injection vulnerability exists in MiniDVBLinux version 5.4 and earlier. The system’s web-based management interface fails to properly sanitize user-supplied input before passing it to operating system commands. A remote unauthenticated attacker can exploit this vulnerability to...

CVE-2025-44635

There are multiple unauthorized remote command execution vulnerabilities in the H3C ER2200G2, ERG2-450W, ERG2-1200W, ERG2-1350W, NR1200W series routers before ERG2AW-MNW100-R1117; H3C ER3100G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2, ER6300G2, ER8300G2, ER8300G2-X series routers before...

CVE-2025-44635

There are multiple unauthorized remote command execution vulnerabilities in the H3C ER2200G2, ERG2-450W, ERG2-1200W, ERG2-1350W, NR1200W series routers before ERG2AW-MNW100-R1117; H3C ER3100G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2, ER6300G2, ER8300G2, ER8300G2-X series routers before...

CVE-2025-44635

There are multiple unauthorized remote command execution vulnerabilities in the H3C ER2200G2, ERG2-450W, ERG2-1200W, ERG2-1350W, NR1200W series routers before ERG2AW-MNW100-R1117; H3C ER3100G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2, ER6300G2, ER8300G2, ER8300G2-X series routers before...

H3C多款产品 安全漏洞

H3C ER2200G2 and others are products of China's Xinhua San H3C.H3C ER2200G2 is an enterprise router.H3C ERG2-450W is a wireless router.H3C ERG2-1200W is a wireless router. A security vulnerability exists in various H3C products that stems from authentication bypass and could lead to remote comman...

PT-2025-26438 · H3C · Er6300G2 +14

Name of the Vulnerable Software and Affected Versions: H3C ER2200G2 series routers versions prior to ERG2AW-MNW100-R1117 H3C ER3100G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2, ER6300G2, ER8300G2, ER8300G2-X series routers versions prior to ERHMG2-MNW100-R1126 H3C GR3200, GR5200, GR8300 series...

CVE-2025-44635

CVE-2025-44635 affects H3C ER2200G2, ERG2-450W/1200W/1350W/NR1200W and multiple ER/GR series routers (various models) prior to the fixed builds (e.g., ERG2AW-MNW100-R1117, ERHMG2-MNW100-R1126, MiniGR1B0V100R018L50, MiniGRW1B0V100R009L50, SWBRW1A0V100R007L50, SWBRW1B0V100R009L50). The issue enable...

The vulnerability of the “Import from Excel. Upload product catalog 1C-Bitrix” plugin, which stems from the failure to take measures to neutralize special elements, allows attackers to execute arbitrary commands.

The vulnerability of the plugin “Import from Excel. Uploading product catalogs for 1C-Bitrix” is related to the failure to take measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the “Mass Processing of Infobox Elements (Products)” plugin, which arises from failing to take measures to neutralize special elements, allows a violator to execute arbitrary commands.

The vulnerability of the “Massive Processing of Infoblock Elements Products” plugin is related to the failure to take measures to neutralize special elements used in the operating system’s commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the “Multi-Functional Export/Import in Excel” plugin, which arises from the failure to take measures to neutralize special elements, allows a perpetrator to execute arbitrary commands.

The vulnerability of the “Multi-Functional Export/Import in Excel” plugin is related to the lack of measures taken to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

Security Bulletin: There is a vulnerablity in the torch library affecting IBM watsonx Code Assistant On Prem

Summary There is a vulnerablity in the torch library affecting IBM watsonx Code Assistant On Prem. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2025-32434 DESCRIPTION: PyTorch is a Python package that provides tensor computation with...

The vulnerability of the bs_setCmd() function in the libshare-0.0.26.so library of the LB-LINK microprogramming router software allows a attacker to execute arbitrary commands.

The vulnerability of the bssetCmd function in the libshare-0.0.26.so library of the LB-LINK router software lies in the failure to take data cleaning measures at the control level when processing the cmd parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary comman...

The vulnerability of the bs_SetSSIDHide() function in the libshare-0.0.26.so library of the LB-LINK router software allows a attacker to execute arbitrary commands.

The vulnerability of the bsSetSSIDHide function in the libshare-0.0.26.so library of the LB-LINK router software is related to the lack of measures taken at the management level during the processing of the enable parameter. Exploiting this vulnerability allows a remote attacker to execute...