3896 matches found
EUVD-2026-43254
A security flaw has been discovered in Wavlink WL-NU516U1 260515. This affects the function wlinkucisetvalue of the file /cgi-bin/adm.cgi. Performing a manipulation of the argument lanip results in os command injection. The attack can be initiated remotely. The exploit has been released to the...
CVE-2026-15513
The CVE-2026-15513 vulnerability affects the Wavlink WL-NU516U1 (model 260515) in the CGI handler /cgi-bin/adm.cgi, specifically the wlink_uci_set_value function. An attacker can remotely manipulate the lan_ip argument to trigger an OS command injection. Impact is described as network-accessible ...
CVE-2026-15511
Comfast CF-WR631AX V3 devices affected up to version 2.7.0.8; the FastCGI Backend’s /usr/bin/webmgnt module function system_wl_upload_pic_file accepts a manipulated filename, leading to OS command injection. Attacks can be remotely initiated; the exploit has been publicly disclosed and vendor res...
EUVD-2026-43209
A vulnerability was found in TRENDnet TEW-821DAP 1.11B03. This impacts the function sub41FBD0 of the file /goform/systemntp of the component Firmware Update Handler. Performing a manipulation of the argument Hostname results in os command injection. The attack may be initiated remotely. The vendo...
CVE-2026-15487
TRENDnet TEW-821DAP firmware 1.11B03 contains a vulnerability in the Firmware Update Handler: the function sub_41FBD0 in /goform/system_ntp can be abused by manipulating the Hostname argument to cause an OS command injection. The CVE indicates remote execution is possible via a network attack, wi...
CVE-2026-15486
The vulnerability CVE-2026-15486 affects TRENDnet TEW-821DAP (firmware 1.11B03). It targets the Firmware Update Handler's /goform/tools_ddns component, specifically function sub_42026C, where manipulation of hostname/username/password can trigger an os command injection. The attack is described a...
EUVD-2026-43207
A flaw has been found in TRENDnet TEW-821DAP 1.11B03. The impacted element is the function sub43F2C4 of the file /goform/toolsnslookup of the component DNS Lookup Handler. This manipulation of the argument nslookuptarget/dnsserver causes os command injection. The attack can be initiated remotely...
EUVD-2026-43203
A security flaw has been discovered in Trendnet TEW-635BRM up to 1.00.03. This vulnerability affects the function ipoatest of the file /sbin/rc of the component IPoA WAN Connection Setup. Performing a manipulation of the argument ipoaipaddr results in command injection. The attack is possible to ...
RaspAP <=2.6.5 - Remote Command Injection
RaspAP 2.6 to 2.6.5 allows unauthenticated attackers to execute arbitrary OS commands via the "iface" GET parameter in /ajax/networking/getnetcfg.php, when the "iface" parameter value contains special characters such as ";". id: CVE-2021-33357 info: name: RaspAP =2.6.5 - Remote Command Injection...
YeaLink DM 3.6.0.20 - Remote Command Injection
Yealink Device Management DM 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication. id: CVE-2021-27561 info: name: YeaLink DM 3.6.0.20 - Remote Command Injection author: shifacyclewala,hackergautam severity: critical description: Yealink...
Hongdian H8922 3.0.5 - Remote Command Injection
Hongdian H8922 3.0.5 devices are susceptible to remote command injection via shell metacharacters into the ip-address a/k/a Destination field to the tools.cgi ping command, which is accessible with the username guest and password guest. An attacker can execute malware, obtain sensitive informatio...
Citrix SD-WAN Center - Remote Command Injection
Citrix SD-WAN Center is susceptible to remote command injection via the ping function in DiagnosticsController, which does not sufficiently validate or sanitize HTTP request parameter values used to construct a shell command. An attacker can trigger this vulnerability by routing traffic through t...
Pandora FMS 7.0NG - Remote Command Injection
Pandora FMS 7.0NG allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ipsrc parameter in an index.php?operation/netflow/nfliveview request. id: CVE-2019-20224 info: name: Pandora FMS 7.0NG - Remote Command Injection author: ritikchaddha severity: hig...
Citrix SD-WAN Center - Remote Command Injection
Citrix SD-WAN Center is susceptible to remote command injection via the addModifyZTDProxy function in NmsController. The function does not sufficiently validate or sanitize HTTP request parameter values that are used to construct a shell command. An attacker can trigger this vulnerability by...
Yachtcontrol Webapplication 1.0 - Remote Command Injection
Yachtcontrol Webapplication 1.0 makes it possible to perform direct operating system commands as an unauthenticated user via the "/pages/systemcall.php?command=COMMAND" page and parameter, where COMMAND will be executed and returning the results to the client. Affects Yachtcontrol webservers...
Nagios XI 5.5.6-5.7.5 - Authenticated Remote Command Injection
Nagios XI 5.5.6 through 5.7.5 is susceptible to authenticated remote command injection. There is improper sanitization of authenticated user-controlled input by a single HTTP request via the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php. This in turn can lead to...
Jenkins - Remote Command Injection
Jenkins 2.153 and earlier and LTS 2.138.3 and earlier are susceptible to a remote command injection via stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not intended to be invoked this wa...
Nagios XI 5.5.6-5.7.5 - Authenticated Remote Command Injection
Nagios XI 5.5.6 through 5.7.5 is susceptible to authenticated remote command injection. There is improper sanitization of authenticated user-controlled input by a single HTTP request via the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php. This in turn can lead ...
D-Link Routers - Remote Command Injection
D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 device may allow an authenticated attacker to execute arbitrary code by injecting the shell command into the chkisg.htm page Sip parameter. This allows for...
Citrix SD-WAN Center - Remote Command Injection
Citrix SD-WAN Center is susceptible to remote command injection via the apply action in StorageMgmtController. The callStoragePerl function does not sufficiently validate or sanitize HTTP request parameter values that are used to construct a shell command. An attacker can trigger this vulnerabili...