The vulnerability of the wake_on_lan function in D-Link DIR-600L router software allows a hacker to execute arbitrary commands.

The vulnerability of the wakeonlan function in D-Link DIR-600L router software lies in the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands using the host parameter...

The vulnerability of SCALANCE W-700 IEEE 802.11ax industrial switches, related to insufficient verification of input data, allows a intruder to execute arbitrary commands.

The vulnerability of SCALANCE W-700 IEEE 802.11ax industrial switches lies in insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the FUN_00459fdc function in the Totolink A3002R router’s microprogramming software allows a intruder to execute arbitrary commands.

The vulnerability of FUN00459fdc in the Totolink A3002R router’s microprogramming software relates to the failure to take measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

The vulnerability of the setUploadUserData function in the file /cgi-bin/cstecgi.cgi of the TOTOLINK A3002RH router’s microprogramming system allows a attacker to execute arbitrary commands.

The vulnerability of the setUploadUserData function in the /cgi-bin/cstecgi.cgi file of the TOTOLINK A3002RH router’s microprogramming system is related to the lack of measures taken to neutralize special elements used in operating systems commands. Exploiting this vulnerability can allow a...

The vulnerability of the Remote Logging function of the ctrlX OS allows a perpetrator to execute arbitrary commands.

The vulnerability of the Remote Logging function in the ctrlX OS operating system exists due to the lack of measures to neutralize specific elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands using a special HTTP request...

The vulnerability of the setNoticeCfg function in the Totolink-A810R router’s microprogramming software allows a hacker to execute any command or cause a service failure.

The vulnerability of the setNoticeCfg function in the Totolink-A810R router microprogramming system exists due to the failure to take measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands...

The vulnerability of the setUnloadUserData function in the /cgi-bin/cstecgi.cgi file of the TOTOLINK A3002RH router’s microprogramming system allows a malicious actor to execute arbitrary commands.

The vulnerability of the setUploadUserData function in the /cgi-bin/cstecgi.cgi file of the TOTOLINK A3002RH router’s microprogramming system is related to the lack of measures taken to neutralize special elements used in operating systems commands. Exploiting this vulnerability can allow a...

The vulnerability of the CloudACMunualUpdate function in the microprogramming software for TOTOLINK CP450 allows a hacker to execute arbitrary commands.

The vulnerability of the CloudACMunualUpdate function in TOTOLINK CP450 router microprogramming software is related to the lack of measures for cleaning input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands through the FileName parameter...

The vulnerability of the Telnet component of the Tenda AC9 microprogramming router allows a hacker to execute arbitrary commands.

The vulnerability of the Telnet component in the Tenda AC9 microprogramming system software is related to the failure to take measures to neutralize special elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the CloudACMunualUpdateUserdata function in the /cgi-bin/cstecgi.cgi file of the TOTOLINK A3002RH router’s microprogramming system, which allows a hacker to execute arbitrary commands.

The vulnerability of the CloudACMunualUpdateUserdata function in the /cgi-bin/cstecgi.cgi module of the TOTOLINK A3002RH router’s microprogramming system is related to the failure to eliminate special elements used in operating systems commands. Exploiting this vulnerability can allow a malicious...

PT-2025-22819 · D Link · D-Link Dir-816L +1

Name of the Vulnerable Software and Affected Versions: D-Link DIR-605L version 2.13B01 D-Link DIR-816L version 2.06B01 Description: The issue concerns hardcoded credentials in the Telnet service, allowing attackers to remotely execute arbitrary commands via firmware analysis. Recommendations: For...

CVE-2025-46176

The CVE-2025-46176 entry concerns hardcoded credentials in the Telnet service of D-Link DIR-605L (v2.13B01) and DIR-816L (v2.06B01). The root cause is hardcoded credentials in Telnet, which allows attackers to remotely execute arbitrary commands via firmware analysis. Documented impact is remote ...

MagicINFO SWUpdateFileUploader remote command execution

Added: 05/23/2025 CVE: CVE-2025-4632 Background MagicINFO is digital signage software from Samsung. Problem A path traversal, unsafe file upload, and missing authentication vulnerability allows remote, unauthenticated attackers to upload arbitrary files to the server and then execute them using a...

MagicINFO SWUpdateFileUploader remote command execution

Added: 05/23/2025 CVE: CVE-2025-4632 Background MagicINFO is digital signage software from Samsung. Problem A path traversal, unsafe file upload, and missing authentication vulnerability allows remote, unauthenticated attackers to upload arbitrary files to the server and then execute them using a...

CVE-2022-24299

Improper input validation vulnerability in pfSense CE and pfSense Plus pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01 allows a remote attacker with the privilege to change OpenVPN client or server settings to execute an arbitrary command...

CVE-2022-42121

A SQL injection vulnerability in the Layout module in Liferay Portal 7.1.3 through 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before service pack 3, and 7.4 GA allows remote authenticated attackers to execute arbitrary SQL commands via a crafted payload injected...

CVE-2022-40037

An issue discovered in Rawchen blog-ssm v1.0 allows remote attacker to escalate privileges and execute arbitrary commands via the component /upFile...

CVE-2022-40277

Joplin version 2.8.8 allows an external attacker to execute arbitrary commands remotely on any client that opens a link in a malicious markdown file, via Joplin. This is possible because the application does not properly validate the schema/protocol of existing links in the markdown file before...

CVE-2022-37779

Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1.17 were discovered to contain a remote command execution RCE vulnerability via the sendnum parameter of the ping function...

CVE-2022-33750

CA Automic Automation 12.2 and 12.3 contain an authentication error vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary commands...