3873 matches found
CVE-2025-10323 Wavlink WL-WN578W2 wizard_rep.shtml sub_409184 command injection
A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is the function sub409184 of the file /wizardrep.shtml. The manipulation of the argument selEncrypTyp results in command injection. The attack may be performed from remote. The exploit has been made public and could be...
CVE-2025-10323
CVE-2025-10323 affects Wavlink WL-WN578W2 (firmware 221110). A command injection exists in the function sub_409184 of the file wizard_rep.shtml, exploitable via the sel_EncrypTyp parameter. Public exploit evidence and remote execution potential are stated across CNVD/CNNVD/PT-2025-37342 entries; ...
CVE-2025-10265 Digiever|NVR - OS Command Injection
Certain models of NVR developed by Digiever has an OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device...
CVE-2025-10265
Digiever Digiever NVR devices are affected by CVE-2025-10265, an OS command injection vulnerability in the NVR OS that enables authenticated remote attackers to inject and execute arbitrary commands. The issue is described as affecting certain NVR models, with network access required and low priv...
PT-2025-37353
Name of the Vulnerable Software and Affected Versions: MiczFlor RPi-Jukebox-RFID versions up to 2.8.0 Description: A security flaw exists in MiczFlor RPi-Jukebox-RFID up to version 2.8.0. The issue is due to os command injection in an unknown function of the file /htdocs/api/playlist/single.php...
PT-2025-37342
Name of the Vulnerable Software and Affected Versions: Wavlink WL-WN578W2 version 221110 Description: A command injection issue exists in the function sub 409184 of the file /wizard rep.shtml. The manipulation of the argument sel EncrypTyp can lead to command injection. This issue is exploitable...
PT-2025-37344
Name of the Vulnerable Software and Affected Versions: Wavlink WL-WN578W2 version 221110 Description: A vulnerability exists in the Wavlink WL-WN578W2 router. Manipulation of the arguments pingFrmWANFilterEnabled, blockSynFloodEnabled, blockPortScanEnabled, or remoteManagementEnabled within the...
CVE-2025-10107
A vulnerability has been found in TRENDnet TEW-831DR 1.0 601.130.1.1410. Impacted is an unknown function of the file /boafrm/formSysCmd. The manipulation of the argument sysHost leads to command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the...
CVE-2025-10123
A vulnerability was determined in D-Link DIR-823X up to 250416. Affected by this vulnerability is the function sub415028 of the file /goform/setstaticleases. Executing manipulation of the argument Hostname can lead to command injection. The attack can be launched remotely. The exploit has been...
Linux Distros Unpatched Vulnerability : CVE-2023-34254
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The GLPI Agent is a generic management agent. Prior to version 1.5, if glpi-agent is running remoteinventory task against an Unix platform with ssh command, an...
CVE-2025-10107 TRENDnet TEW-831DR formSysCmd command injection
A vulnerability has been found in TRENDnet TEW-831DR 1.0 601.130.1.1410. Impacted is an unknown function of the file /boafrm/formSysCmd. The manipulation of the argument sysHost leads to command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the...
CVE-2025-10107
TRENDnet TEW-831DR v1.0 (601.130.1.1410) contains a command-injection flaw in the /boafrm/formSysCmd function, triggered by manipulating the sysHost argument. This vulnerability can be exploited remotely and has public exploit disclosures. Several sources (including NVD/Red Hat CVE entries and PT...
CVE-2025-10123
A vulnerability was determined in D-Link DIR-823X up to 250416. Affected by this vulnerability is the function sub415028 of the file /goform/setstaticleases. Executing manipulation of the argument Hostname can lead to command injection. The attack can be launched remotely. The exploit has been...
CVE-2025-10123
A vulnerability was determined in D-Link DIR-823X up to 250416. Affected by this vulnerability is the function sub415028 of the file /goform/setstaticleases. Executing manipulation of the argument Hostname can lead to command injection. The attack can be launched remotely. The exploit has been...
CVE-2025-10123 D-Link DIR-823X set_static_leases sub_415028 command injection
A vulnerability was determined in D-Link DIR-823X up to 250416. Affected by this vulnerability is the function sub415028 of the file /goform/setstaticleases. Executing manipulation of the argument Hostname can lead to command injection. The attack can be launched remotely. The exploit has been...
PT-2025-36565
Name of the Vulnerable Software and Affected Versions: D-Link DIR-823X versions up to 250416 Description: A vulnerability exists in D-Link DIR-823X routers that allows for remote command injection. The vulnerability is located in the sub 415028 function of the /goform/set static leases file...
CVE-2025-9935
A vulnerability was determined in TOTOLINK N600R 4.3.0cu.7866B20220506. This vulnerability affects the function sub4159F8 of the file /webcste/cgi-bin/cstecgi.cgi. Executing manipulation can lead to command injection. The attack can be executed remotely. The exploit has been publicly disclosed an...
CVE-2025-9934
A vulnerability was found in TOTOLINK X5000R 9.1.0cu.2415B20250515. This affects the function sub410C34 of the file /cgi-bin/cstecgi.cgi. Performing manipulation of the argument pid results in command injection. Remote exploitation of the attack is possible. The exploit has been made public and...
CVE-2025-9935
A vulnerability was determined in TOTOLINK N600R 4.3.0cu.7866B20220506. This vulnerability affects the function sub4159F8 of the file /webcste/cgi-bin/cstecgi.cgi. Executing manipulation can lead to command injection. The attack can be executed remotely. The exploit has been publicly disclosed an...
CVE-2025-9935
A vulnerability was determined in TOTOLINK N600R 4.3.0cu.7866B20220506. This vulnerability affects the function sub4159F8 of the file /webcste/cgi-bin/cstecgi.cgi. Executing manipulation can lead to command injection. The attack can be executed remotely. The exploit has been publicly disclosed an...