19649 matches found
PT-2025-54180
A vulnerability was found in Tenda W6-S 1.0.0.4510. This affects the function TendaAte of the file /goform/ate of the component ATE Service. Performing manipulation results in os command injection. The attack may be initiated remotely. The exploit has been made public and could be used...
PT-2025-54202
Name of the Vulnerable Software and Affected Versions JD Cloud NAS routers AX1800 versions 4.3.1.r4308 and earlier JD Cloud NAS routers AX3000 versions 4.3.1.r4318 and earlier JD Cloud NAS routers AX6600 versions 4.5.1.r4533 and earlier JD Cloud NAS routers BE6500 versions 4.4.1.r4308 and earlier...
CVE-2025-66848
CVE-2025-66848 affects JD Cloud NAS routers: AX1800 (4.3.1.r4308 and earlier), AX3000 (4.3.1.r4318 and earlier), AX6600 (4.5.1.r4533 and earlier), BE6500 (4.4.1.r4308 and earlier), ER1 (4.5.1.r4518 and earlier), and ER2 (4.5.1.r4518 and earlier). The vulnerability is an unauthorized remote comman...
CVE-2025-15192
A security vulnerability has been detected in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub415328 of the file /boafrm/formLtefotaUpgradeQuectel. Such manipulation of the argument fotaurl leads to command injection. The attack can be executed remotely. The exploit has been...
CVE-2025-15192 D-Link DWR-M920 formLtefotaUpgradeQuectel sub_415328 command injection
A security vulnerability has been detected in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub415328 of the file /boafrm/formLtefotaUpgradeQuectel. Such manipulation of the argument fotaurl leads to command injection. The attack can be executed remotely. The exploit has been...
CVE-2025-15191
A weakness has been identified in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub4155B4 of the file /boafrm/formLtefotaUpgradeFibocom. This manipulation of the argument fotaurl causes command injection. Remote exploitation of the attack is possible. The exploit has been mad...
CVE-2025-15191
A weakness has been identified in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub4155B4 of the file /boafrm/formLtefotaUpgradeFibocom. This manipulation of the argument fotaurl causes command injection. Remote exploitation of the attack is possible. The exploit has been mad...
CVE-2025-15139
A vulnerability has been found in TRENDnet TEW-822DRE 1.00B21/1.01B06. This affects the function sub43ACF4 of the file /boafrm/formWsc. Such manipulation of the argument peerPin leads to command injection. The attack can be executed remotely. The exploit has been disclosed to the public and may b...
CVE-2025-15191
CVE-2025-15191 affects D-Link DWR-M920 devices ≤ 1.1.50. The issue is a command injection in the function sub_4155B4 of /boafrm/formLtefotaUpgradeFibocom caused by manipulated fota_url, enabling remote exploitation. Public PoCs/exploits exist. Remediation in public advisories recommends upgrading...
CVE-2025-15133
A vulnerability was identified in ZSPACE Z4Pro+ 1.0.0440024. The impacted element is the function zfilev2apiCloseSafe of the file /v2/file/safe/close of the component HTTP POST Request Handler. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit...
CVE-2025-15131
A vulnerability was found in ZSPACE Z4Pro+ 1.0.0440024. Impacted is the function zfilev2apiSafeStatus of the file /v2/file/safe/status of the component HTTP POST Request Handler. The manipulation results in command injection. The attack may be performed from remote. The exploit has been made publ...
PT-2025-53723
Name of the Vulnerable Software and Affected Versions D-Link DWR-M920 versions up to 1.1.50 Description A security issue exists in D-Link DWR-M920. Manipulation of the fota url argument within the sub 415328 function of the /boafrm/formLtefotaUpgradeQuectel file can lead to command injection. Thi...
Exploit for Code Injection in Xwiki
CVE-2025-24893 – XWiki Remote Command Execution Proof of Conc...
EUVD-2025-205513
A vulnerability has been found in TRENDnet TEW-822DRE 1.00B21/1.01B06. This affects the function sub43ACF4 of the file /boafrm/formWsc. Such manipulation of the argument peerPin leads to command injection. The attack can be executed remotely. The exploit has been disclosed to the public and may b...
EUVD-2025-205511
A vulnerability was detected in TRENDnet TEW-800MB 1.0.1.0. Affected by this vulnerability is the function subF934 of the file NTPSyncWithHost.cgi. The manipulation results in command injection. The attack may be launched remotely. The exploit is now public and may be used. The vendor was...
CVE-2025-15139
A vulnerability has been found in TRENDnet TEW-822DRE 1.00B21/1.01B06. This affects the function sub43ACF4 of the file /boafrm/formWsc. Such manipulation of the argument peerPin leads to command injection. The attack can be executed remotely. The exploit has been disclosed to the public and may b...
CVE-2025-15139
A vulnerability has been found in TRENDnet TEW-822DRE 1.00B21/1.01B06. This affects the function sub43ACF4 of the file /boafrm/formWsc. Such manipulation of the argument peerPin leads to command injection. The attack can be executed remotely. The exploit has been disclosed to the public and may b...
CVE-2025-15139 TRENDnet TEW-822DRE formWsc sub_43ACF4 command injection
A vulnerability has been found in TRENDnet TEW-822DRE 1.00B21/1.01B06. This affects the function sub43ACF4 of the file /boafrm/formWsc. Such manipulation of the argument peerPin leads to command injection. The attack can be executed remotely. The exploit has been disclosed to the public and may b...
CVE-2025-15139
TRENDnet TEW-822DRE routers (versions 1.00B21 and 1.01B06) are affected by a command-injection vulnerability in the sub_43ACF4 function of /boafrm/formWsc, caused by manipulation of the peerPin argument. This allows remote code execution and has been publicly disclosed; exploitation is possible w...
CVE-2025-15136
A security vulnerability has been detected in TRENDnet TEW-800MB 1.0.1.0. Affected is the function dosetWizardasp of the file /goform/wizardset of the component Management Interface. The manipulation of the argument WizardConfigured leads to command injection. The attack may be initiated remotely...