PT-2024-14364 · Totolink · Totolink A3700R

Name of the Vulnerable Software and Affected Versions: TOTOlink A3700R version 9.1.2u.5822 B20200513 Description: The issue is related to a remote command execution RCE vulnerability. It can be exploited via the setOpModeCfg function. Recommendations: For TOTOlink A3700R version 9.1.2u.5822...

PT-2024-14365 · Totolink · Totolink A3700R

Name of the Vulnerable Software and Affected Versions: TOTOlink A3700R version 9.1.2u.5822 B20200513 Description: The issue is related to a remote command execution RCE vulnerability. It can be exploited via the UploadFirmwareFile function. Recommendations: For TOTOlink A3700R version 9.1.2u.5822...

PT-2024-14366 · Totolink · Totolink Ex1200T

Name of the Vulnerable Software and Affected Versions: TOTOlink EX1200T version 4.1.2cu.5232 B20210713 Description: The issue is related to a remote command execution RCE vulnerability. It is exploited via the main function. Recommendations: For TOTOlink EX1200T version 4.1.2cu.5232 B20210713,...

CVE-2023-52029

TOTOLINK A3700R (v9.1.2u.5822_B20200513) contains a remote command execution (RCE) in the setDiagnosisCfg function. The issue arises from improper handling/filtering of constructed command characters, enabling arbitrary command execution. Affected component: setDiagnosisCfg; impact: remote comman...

CVE-2023-52029

TOTOlink A3700R v9.1.2u.5822B20200513 was discovered to contain a remote command execution RCE vulnerability via the setDiagnosisCfg function...

The vulnerability of the microprogrammed software of Zyxel GS1900 series switches, related to insecure privilege management, allows attackers to execute arbitrary commands and elevate their privileges to the root level.

The vulnerability of the microprogrammed software of Zyxel GS1900 series switches is related to insecure management of privileges. Exploiting this vulnerability allows an attacker to execute arbitrary commands and elevate their privileges to the root level via SSH...

CVE-2023-52028

CVE-2023-52028 affects TOTOLINK A3700R devices (v9.1.2u.5822_B20200513). The vulnerability is a remote command execution via the setTracerouteCfg function, stemming from insufficient filtering of constructed command characters, allowing an attacker to execute arbitrary commands remotely. Public d...

The vulnerability of the QNAP QVR surveillance system arises from the lack of measures taken to neutralize special elements used in the operating system’s command set. This allows attackers to execute arbitrary commands.

The vulnerability of the QNAP QVR video surveillance system exists due to the failure to take measures to neutralize certain elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

CVE-2023-50982

Stud.IP 5.x through 5.3.3 allows XSS with resultant upload of executable files, because uploadaction and editaction in AdminSmileysController do not check the file extension. This leads to remote code execution with the privileges of the www-data user. The fixed versions are 5.3.4, 5.2.6, 5.1.7,...

CVE-2023-41288 Video Station

An OS command injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.2 2023/11/23 and later...

QNAP Systems Video Station Operating System Command Injection Vulnerability

QNAP Systems Video Station is a video management and playback application from QNAP Systems. An operating system command injection vulnerability exists in QNAP Systems Video Station prior to version 5.7.2 2023/11/23 , which stems from the presence of an operating system command injection...

The vulnerability in the main() function of the csteccgi.cgi script (/cgi-bin/cstecgi.cgi?action=login) of the TOTOLINK A7100RU router software allows a perpetrator to execute arbitrary commands.

The vulnerability of the main function in the csteccgi.cgi script /cgi-bin/cstecgi.cgi?action=login of the TOTOLINK A7100RU router software is related to the output of operations that go beyond the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

CyberPanel < 2.3.8 Remote Command Execution

CyberPanel version prior to 2.3.8 are affected by a vulnerability allowing an unauthenticated attacker to execute commands on the remote machine via a specially forged request. No source data...

OTCLient Injection Vulnerability

OTCLient is a replacement tibia client for otserv, written in C++20 and Lua, and is made on a modular system that uses lua scripting to implement in-game interfaces and features. OTCLient suffers from an injection vulnerability. An attacker could use this vulnerability to remotely run commands on...

The vulnerability of Proscend M330-w, M330-W5, M350-5G, M350-W5G, M350-6, M350-W6, M301-G, M301-GW, and ICR 111WG microprogrammed software in industrial routers stems from the lack of measures to neutralize special elements used in the operating system’s command set. This allows attackers to execute arbitrary commands.

The vulnerability of Proscend M330-w, M330-W5, M350-5G, M350-W5G, M350-6, M350-W6, M301-G, M301-GW, and ICR 111WG microprogrammed software in industrial routers is related to the lack of measures taken to neutralize the special elements used in the operating system’s commands. Exploiting this...

The vulnerability of the TendaTelnet function in the microprogramming software of the Tenda M3 network access controller allows a intruder to execute arbitrary commands.

The vulnerability of the TendaTelnet function in the microprogramming software of the Tenda M3 network access controller exists due to the failure to take measures to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to...

The vulnerability of the downFiles function in the microprogramming software for wireless access point controllers Ruijie WS6008 and WS6108 allows a intruder to execute arbitrary commands.

The vulnerability of the downFiles function in the microprogramming software for wireless access point controllers Ruijie WS6008 and WS6108 is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability can allow a malicious actor to execute arbitrary...

PT-2023-9285 · Apache · Apache Streampark

Name of the Vulnerable Software and Affected Versions: Apache StreamPark versions prior to 2.1.4 Description: The issue is related to incorrect handling of the element in the Project Module of Apache StreamPark, allowing for remote command execution. The vulnerability can be exploited by insertin...

CVE-2023-50651

TOTOLINK X6000R v9.4.0cu.852B20230719 was discovered to contain a remote command execution RCE vulnerability via the component /cgi-bin/cstecgi.cgi...

Command injection

TOTOLINK X6000R v9.4.0cu.852B20230719 was discovered to contain a remote command execution RCE vulnerability via the component /cgi-bin/cstecgi.cgi...