3874 matches found
CVE-2026-22897
QuNetSwitch is affected by a remote command injection vulnerability (CVE-2026-22897). The issue allows an attacker to execute arbitrary commands with network access, requiring no user interaction and no privileges. The root cause is a command injection reachable over the network, leading to high ...
EUVD-2026-13524
A vulnerability was determined in Comfast CF-AC100 2.6.0.8. Affected is an unknown function of the file /cgi-bin/mbox-config?method=SET§ion=updateinterfacepng. This manipulation causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclose...
CVE-2026-4468
A vulnerability was determined in Comfast CF-AC100 2.6.0.8. Affected is an unknown function of the file /cgi-bin/mbox-config?method=SET§ion=updateinterfacepng. This manipulation causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclose...
CVE-2026-4468
A vulnerability was determined in Comfast CF-AC100 2.6.0.8. Affected is an unknown function of the file /cgi-bin/mbox-config?method=SET§ion=updateinterfacepng. This manipulation causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclose...
CVE-2026-4468
CVE-2026-4468 affects Comfast CF-AC100 2.6.0.8. An unknown function in the URL /cgi-bin/mbox-config?method=SET§ion=update_interface_png is vulnerable to remote command injection. The manipulation can be performed remotely, and the exploit has been publicly disclosed. The vendor was contacted ...
EUVD-2026-13484
A vulnerability has been found in Comfast CF-AC100 2.6.0.8. This affects an unknown function of the file /cgi-bin/mbox-config?method=SET§ion=ntptimezone. The manipulation leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public an...
CVE-2026-4467
A vulnerability was found in Comfast CF-AC100 2.6.0.8. This impacts an unknown function of the file /cgi-bin/mbox-config?method=SET§ion=wirelessdevicedissoc. The manipulation results in command injection. The attack can be executed remotely. The exploit has been made public and could be used...
CVE-2026-4467 Comfast CF-AC100 mbox-config command injection
A vulnerability was found in Comfast CF-AC100 2.6.0.8. This impacts an unknown function of the file /cgi-bin/mbox-config?method=SET§ion=wirelessdevicedissoc. The manipulation results in command injection. The attack can be executed remotely. The exploit has been made public and could be used...
CVE-2026-4467
A vulnerability was found in Comfast CF-AC100 2.6.0.8. This impacts an unknown function of the file /cgi-bin/mbox-config?method=SET§ion=wirelessdevicedissoc. The manipulation results in command injection. The attack can be executed remotely. The exploit has been made public and could be used...
CVE-2026-4467
CVE-2026-4467 affects Comfast CF-AC100 firmware 2.6.0.8. An attacker can remotely trigger command injection via /cgi-bin/mbox-config?method=SET§ion=wireless_device_dissoc, by exploiting a vulnerable function in that path. The exploit is publicly available, and exploitation has activity descri...
CVE-2026-4465
A flaw has been found in D-Link DIR-513 1.10. The impacted element is an unknown function of the file /goform/formSysCmd. Executing a manipulation of the argument sysCmd can lead to os command injection. The attack may be launched remotely. The exploit has been published and may be used. This...
CVE-2026-4466
A vulnerability has been found in Comfast CF-AC100 2.6.0.8. This affects an unknown function of the file /cgi-bin/mbox-config?method=SET§ion=ntptimezone. The manipulation leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public an...
CVE-2026-4466
A vulnerability has been found in Comfast CF-AC100 2.6.0.8. This affects an unknown function of the file /cgi-bin/mbox-config?method=SET§ion=ntptimezone. The manipulation leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public an...
CVE-2026-4466 Comfast CF-AC100 mbox-config command injection
A vulnerability has been found in Comfast CF-AC100 2.6.0.8. This affects an unknown function of the file /cgi-bin/mbox-config?method=SET§ion=ntptimezone. The manipulation leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public an...
CVE-2026-4465
A flaw has been found in D-Link DIR-513 1.10. The impacted element is an unknown function of the file /goform/formSysCmd. Executing a manipulation of the argument sysCmd can lead to os command injection. The attack may be launched remotely. The exploit has been published and may be used. This...
EUVD-2026-13482
A flaw has been found in D-Link DIR-513 1.10. The impacted element is an unknown function of the file /goform/formSysCmd. Executing a manipulation of the argument sysCmd can lead to os command injection. The attack may be launched remotely. The exploit has been published and may be used. This...
PT-2026-26638
A command injection vulnerability has been reported to affect QuNetSwitch. The remote attackers can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuNetSwitch 2.0.4.0415 and later...
PT-2026-26555
A vulnerability was determined in Comfast CF-AC100 2.6.0.8. Affected is an unknown function of the file /cgi-bin/mbox-config?method=SET§ion=update interface png. This manipulation causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly...
PT-2026-26536
A flaw has been found in D-Link DIR-513 1.10. The impacted element is an unknown function of the file /goform/formSysCmd. Executing a manipulation of the argument sysCmd can lead to os command injection. The attack may be launched remotely. The exploit has been published and may be used. This...
PT-2026-26548
A vulnerability was found in Comfast CF-AC100 2.6.0.8. This impacts an unknown function of the file /cgi-bin/mbox-config?method=SET§ion=wireless device dissoc. The manipulation results in command injection. The attack can be executed remotely. The exploit has been made public and could be use...