3875 matches found
CVE-2025-13797 ADSLR B-QE2W401 send_order.cgi parameterdel_swifimac command injection
A vulnerability was detected in ADSLR B-QE2W401 250814-r037c. Affected by this issue is the function parameterdelswifimac of the file /sendorder.cgi. Performing manipulation of the argument delswifimac results in command injection. The attack is possible to be carried out remotely. The exploit is...
CVE-2025-13797
The CVE-2025-13797 issue affects ADSLR B-QE2W401 (version 250814-r037c). The vulnerable component is the function parameter del_swifimac in /send_order.cgi, where manipulation enables remote command injection. Exploitation is publicly available and vendor has not responded. No specific patch/vers...
PT-2025-48403
Name of the Vulnerable Software and Affected Versions ADSLR NBR1005GPEV2 version 250814-r037c Description A flaw exists in ADSLR NBR1005GPEV2 250814-r037c that allows for remote command injection. The issue is located within the ap macfilter del function of the /send order.cgi file. Manipulation ...
PT-2025-48401
Name of the Vulnerable Software and Affected Versions ADSLR NBR1005GPEV2 version 250814-r037c Description A flaw exists in ADSLR NBR1005GPEV2 250814-r037c. The issue is related to the ap macfilter add function within the /send order.cgi file. Manipulation of the mac argument can result in command...
📄 LG Simple Editor 3.21.0 Remote Command Injection
LG Simple Editor version 3.21.0 proof of concept remote command injection exploit. ============================================================================================================================================= | Title : LG Simple Editor 3.21.0 PHP Code Injection Vulnerability | |...
PT-2025-48400
Name of the Vulnerable Software and Affected Versions ADSLR B-QE2W401 version 250814-r037c Description A command injection issue exists in ADSLR B-QE2W401 250814-r037c. Manipulation of the del swifimac parameter within the /send order.cgi file can lead to command execution. This attack can be...
EUVD-2025-199764
TRENDnet TEW-657BRM 1.00.1 has an authenticated remote OS command injection vulnerability in the setup.cgi binary, exploitable via the HTTP parameters "command", "todo", and "nextfile," which allows an attacker to execute arbitrary commands with root privileges...
CVE-2025-64127 Zenitel TCIV-3+ OS Command Injection
An OS command injection vulnerability exists due to insufficient sanitization of user-supplied input. The application accepts parameters that are later incorporated into OS commands without adequate validation. This could allow an unauthenticated attacker to execute arbitrary commands remotely...
TRENDnet TEW-657BRM 安全漏洞
The TRENDnet TEW-657BRM is a WiFi router from TRENDnet. The TRENDnet TEW-657BRM suffers from a command injection vulnerability that is caused by a flaw in the setup.cgi binary file. An attacker can exploit this vulnerability to execute arbitrary operating system commands on the system...
CVE-2025-65202
CVE-2025-65202 affects TRENDnet TEW-657BRM firmware 1.00.1, with an authenticated remote OS command injection in the setup.cgi binary. The vulnerability is exploitable via HTTP parameters named “command”, “todo”, and “next_file,” allowing execution of arbitrary commands with root privileges. Curr...
VulnCheck KEV: CVE-2024-10915
A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been rated as critical. Affected by this issue is the function cgiuseradd of the file /cgi-bin/accountmgr.cgi?cmd=cgiuseradd. The manipulation of the argument group leads to os command injection. T...
CVE-2025-13562
A vulnerability was identified in D-Link DIR-852 1.00. This issue affects some unknown processing of the file /gena.cgi. Such manipulation of the argument service leads to command injection. The attack can be executed remotely. The exploit is publicly available and might be used. This vulnerabili...
PT-2025-47856
Name of the Vulnerable Software and Affected Versions D-Link DIR-852 version 1.00 Description A flaw exists in the processing of the /gena.cgi file on the device. Manipulating the service argument can lead to command injection, allowing for remote execution of commands. The exploit is publicly...
CVE-2025-13442
A security vulnerability has been detected in UTT 进取 750W up to 3.2.2-191225. Affected by this vulnerability is the function system of the file /goform/formPdbUpConfig. Such manipulation of the argument policyNames leads to command injection. The attack may be launched remotely. The exploit has...
CVE-2025-13442 UTT 进取 750W formPdbUpConfig system command injection
A security vulnerability has been detected in UTT 进取 750W up to 3.2.2-191225. Affected by this vulnerability is the function system of the file /goform/formPdbUpConfig. Such manipulation of the argument policyNames leads to command injection. The attack may be launched remotely. The exploit has...
VulnCheck KEV: CVE-2023-41348
ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its code-authentication module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt th...
CVE-2025-13306
A security vulnerability has been detected in D-Link DWR-M920, DWR-M921, DIR-822K and DIR-825M 1.1.5. Impacted is the function system of the file /boafrm/formDebugDiagnosticRun. The manipulation of the argument host leads to command injection. Remote exploitation of the attack is possible. The...
CVE-2025-13306
A security vulnerability has been detected in D-Link DWR-M920, DWR-M921, DIR-822K and DIR-825M 1.1.5. Impacted is the function system of the file /boafrm/formDebugDiagnosticRun. The manipulation of the argument host leads to command injection. Remote exploitation of the attack is possible. The...
CVE-2025-13306 D-Link DWR-M920/DWR-M921/DIR-822K/DIR-825M formDebugDiagnosticRun system command injection
A security vulnerability has been detected in D-Link DWR-M920, DWR-M921, DIR-822K and DIR-825M 1.1.5. Impacted is the function system of the file /boafrm/formDebugDiagnosticRun. The manipulation of the argument host leads to command injection. Remote exploitation of the attack is possible. The...
CVE-2025-13306
CVE-2025-13306 affects D-Link DWR-M920, DWR-M921, DIR-822K and DIR-825M (firmware 1.1.5). The vulnerability is a command injection in the system function of the file /boafrm/formDebugDiagnosticRun, triggered by manipulating the host argument. This allows remote code execution with network access ...