3873 matches found
PT-2025-39811
Name of the Vulnerable Software and Affected Versions Ruijie NBR2100G-E versions up to 20250919 Description A security flaw exists in Ruijie NBR2100G-E. The issue is related to os command injection. This occurs through manipulation of the city argument in the listAction function within the file...
CVE-2025-11121
A security vulnerability has been detected in Tenda AC18 15.03.05.19. The impacted element is an unknown function of the file /goform/AdvSetLanip. The manipulation of the argument lanIp leads to command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and m...
CVE-2025-11100
A vulnerability was identified in D-Link DIR-823X 250416. This affects the function uciset of the file /goform/setwifiblacklists. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used...
CVE-2025-11100
CVE-2025-11100 affects D-Link DIR-823X (firmware 250416). The uci_set function in /goform/set_wifi_blacklists is vulnerable to remote command injection; exploitation can occur over the network and a public exploit exists. Several sources (NVD, Red Hat, CNVD, CVE lists) confirm remote exploitation...
CVE-2025-11098
A vulnerability was found in D-Link DIR-823X 250416. The affected element is an unknown function of the file /goform/setwifiblacklists. The manipulation of the argument macList results in command injection. The attack may be performed from remote. The exploit has been made public and could be use...
CVE-2025-11098 D-Link DIR-823X set_wifi_blacklists command injection
A vulnerability was found in D-Link DIR-823X 250416. The affected element is an unknown function of the file /goform/setwifiblacklists. The manipulation of the argument macList results in command injection. The attack may be performed from remote. The exploit has been made public and could be use...
CVE-2025-11097 D-Link DIR-823X set_device_name command injection
A vulnerability has been found in D-Link DIR-823X 250416. Impacted is an unknown function of the file /goform/setdevicename. The manipulation of the argument mac leads to command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be...
CVE-2025-11096 D-Link DIR-823X diag_traceroute command injection
A flaw has been found in D-Link DIR-823X 250416. This issue affects some unknown processing of the file /goform/diagtraceroute. Executing manipulation of the argument targetaddr can lead to command injection. The attack can be executed remotely. The exploit has been published and may be used...
CVE-2025-11095 D-Link DIR-823X delete_offline_device command injection
A vulnerability was detected in D-Link DIR-823X 250416. This vulnerability affects unknown code of the file /goform/deleteofflinedevice. Performing manipulation of the argument delvalue results in command injection. Remote exploitation of the attack is possible. The exploit is now public and may ...
PT-2025-39761
Name of the Vulnerable Software and Affected Versions D-Link DIR-823X version 250416 Description A flaw exists in the D-Link DIR-823X router. Specifically, manipulating the delvalue argument within the uci del function in the /goform/delete prohibiting file can lead to command injection. This...
PT-2025-39758
Name of the Vulnerable Software and Affected Versions D-Link DIR-823X version 250416 Description A flaw exists in the processing of the /goform/diag traceroute file within D-Link DIR-823X version 250416. Manipulation of the target addr argument can lead to command injection, allowing for remote...
D-Link DIR-823X 命令注入漏洞
The D-Link DIR-823X is a wireless router from China's AUO D-Link. The D-Link DIR-823X suffers from a command injection vulnerability that stems from a misuse of the parameter mac in the file /goform/setdevicename, which can be exploited by an attacker to cause remote command injection...
D-Link DIR-823X 命令注入漏洞
The D-Link DIR-823X is a wireless router from China's AUO D-Link. The D-Link DIR-823X suffers from a command injection vulnerability that originates from a misuse of the parameter targetaddr in the file /goform/diagtraceroute, which can be exploited by an attacker to cause remote command injectio...
PT-2025-39759
Name of the Vulnerable Software and Affected Versions D-Link DIR-823X version 250416 Description A flaw exists in D-Link DIR-823X 250416 that allows remote command injection. The issue is located in an unknown function of the file /goform/set device name. Manipulating the mac argument can trigger...
CVE-2025-11073
A vulnerability was detected in Keyfactor RG-EW5100BE EW3.0B11P280EW5100BE-PRO12183019. The affected element is an unknown function of the file /cgi-bin/luci/api/cmd of the component HTTP POST Request Handler. The manipulation of the argument url results in command injection. The attack can be...
PT-2025-39737
Name of the Vulnerable Software and Affected Versions Keyfactor RG-EW5100BE EW 3.0B11P280 EW5100BE-PRO 12183019 Description A flaw exists in Keyfactor RG-EW5100BE EW 3.0B11P280 EW5100BE-PRO 12183019. The issue is related to command injection stemming from the manipulation of the url argument with...
CVE-2025-11045
A vulnerability was identified in WAYOS LQ04, LQ05, LQ06, LQ07 and LQ09 22.03.17. This affects an unknown function of the file /usbpaswd.asp. The manipulation of the argument Name leads to command injection. The attack can be initiated remotely. The exploit is publicly available and might be used...
CVE-2025-11045 WAYOS LQ_04/LQ_05/LQ_06/LQ_07/LQ_09 usb_paswd.asp command injection
A vulnerability was identified in WAYOS LQ04, LQ05, LQ06, LQ07 and LQ09 22.03.17. This affects an unknown function of the file /usbpaswd.asp. The manipulation of the argument Name leads to command injection. The attack can be initiated remotely. The exploit is publicly available and might be used...
CVE-2025-11045
The CVE-2025-11045 entry concerns WAYOS LQ_04/LQ_05/LQ_06/LQ_07/LQ_09 (version 22.03.17) where the Name parameter in an unknown function of the /usb_paswd.asp file enables remote command injection. Affected products are WAYOS routers in the LQ series; the vulnerability’s root cause is improper ha...
CVE-2025-11045 WAYOS LQ_04/LQ_05/LQ_06/LQ_07/LQ_09 usb_paswd.asp command injection
A vulnerability was identified in WAYOS LQ04, LQ05, LQ06, LQ07 and LQ09 22.03.17. This affects an unknown function of the file /usbpaswd.asp. The manipulation of the argument Name leads to command injection. The attack can be initiated remotely. The exploit is publicly available and might be used...