3873 matches found
CVE-2025-9935 TOTOLINK N600R cstecgi.cgi sub_4159F8 command injection
A vulnerability was determined in TOTOLINK N600R 4.3.0cu.7866B20220506. This vulnerability affects the function sub4159F8 of the file /webcste/cgi-bin/cstecgi.cgi. Executing manipulation can lead to command injection. The attack can be executed remotely. The exploit has been publicly disclosed an...
CVE-2025-9935
The CVE-2025-9935 entry concerns TOTOLINK N600R version 4.3.0cu.7866_B20220506. The issue affects the function sub_4159F8 in /web_cste/cgi-bin/cstecgi.cgi, where manipulation can lead to a remote command injection. The exploit is publicly disclosed and may be utilized. Multiple connected sources ...
CVE-2025-9934
CVE-2025-9934 affects TOTOLINK X5000R 9.1.0cu.2415_B20250515. The vulnerability is in the function sub_410C34 of the file /cgi-bin/cstecgi.cgi, where manipulation of the pid argument can trigger a command injection. Remote exploitation is possible and the exploit has been made public. Multiple co...
CVE-2025-9934 TOTOLINK X5000R cstecgi.cgi sub_410C34 command injection
A vulnerability was found in TOTOLINK X5000R 9.1.0cu.2415B20250515. This affects the function sub410C34 of the file /cgi-bin/cstecgi.cgi. Performing manipulation of the argument pid results in command injection. Remote exploitation of the attack is possible. The exploit has been made public and...
CVE-2025-9752
A security vulnerability has been detected in D-Link DIR-852 1.00CN B09. Impacted is the function soapcgimain of the file soap.cgi of the component SOAP Service. Such manipulation of the argument service leads to os command injection. The attack can be launched remotely. The exploit has been...
PT-2025-35851
Name of the Vulnerable Software and Affected Versions: TOTOLINK N600R version 4.3.0cu.7866 B20220506 Description: A vulnerability exists in the function sub 4159F8 of the file /web cste/cgi-bin/cstecgi.cgi that can lead to command injection. This issue can be exploited remotely. The exploit has...
PT-2025-35850
Name of the Vulnerable Software and Affected Versions: TOTOLINK X5000R version 9.1.0cu.2415 B20250515 Description: A command injection issue exists in the sub 410C34 function of the /cgi-bin/cstecgi.cgi file. Manipulation of the pid argument can lead to remote code execution. The exploit has been...
CVE-2025-9745
A security vulnerability has been detected in D-Link DI-500WF 14.04.10A1T. The impacted element is an unknown function of the file /versionupgrade.asp of the component jhttpd. The manipulation of the argument path leads to os command injection. The attack may be initiated remotely. The exploit ha...
CVE-2025-9727
A weakness has been identified in D-Link DIR-816L 206b01. Affected by this issue is the function soapcgimain of the file /soap.cgi. This manipulation of the argument service causes os command injection. Remote exploitation of the attack is possible. The exploit has been made available to the publ...
CVE-2025-9752
A security vulnerability has been detected in D-Link DIR-852 1.00CN B09. Impacted is the function soapcgimain of the file soap.cgi of the component SOAP Service. Such manipulation of the argument service leads to os command injection. The attack can be launched remotely. The exploit has been...
PT-2025-35457
Name of the Vulnerable Software and Affected Versions SkyBridge BASIC MB-A130 versions prior to 1.5.8 Description Improper neutralization of special elements used in an OS command 'OS Command Injection' exists in the software. If exploited, a remote unauthenticated attacker may execute arbitrary ...
CVE-2025-9745
A security vulnerability has been detected in D-Link DI-500WF 14.04.10A1T. The impacted element is an unknown function of the file /versionupgrade.asp of the component jhttpd. The manipulation of the argument path leads to os command injection. The attack may be initiated remotely. The exploit ha...
CVE-2025-9654
A security flaw has been discovered in AiondaDotCom mcp-ssh up to 1.0.3. Affected by this issue is some unknown functionality of the file server-simple.mjs. Performing manipulation results in command injection. The attack can be initiated remotely. Upgrading to version 1.0.4 and 1.1.0 can resolve...
CVE-2025-9727
A weakness has been identified in D-Link DIR-816L 206b01. Affected by this issue is the function soapcgimain of the file /soap.cgi. This manipulation of the argument service causes os command injection. Remote exploitation of the attack is possible. The exploit has been made available to the publ...
CVE-2025-9727
A weakness has been identified in D-Link DIR-816L 206b01. Affected by this issue is the function soapcgimain of the file /soap.cgi. This manipulation of the argument service causes os command injection. Remote exploitation of the attack is possible. The exploit has been made available to the publ...
CVE-2025-9603
A vulnerability was determined in Telesquare TLR-2005KSH 1.2.4. The affected element is an unknown function of the file /cgi-bin/internet.cgi?Command=lanCfg. Executing manipulation of the argument Hostname can lead to command injection. The attack may be performed from a remote location. The...
CVE-2025-9580
A security vulnerability has been detected in LB-LINK BL-X26 1.2.8. This affects an unknown function of the file /goform/setblacklist of the component HTTP Handler. Such manipulation of the argument mac leads to os command injection. The attack can be launched remotely. The exploit has been...
CVE-2025-9584
A vulnerability was found in Comfast CF-N1 2.6.0. Affected by this issue is the function updateinterfacepng of the file /usr/bin/webmgnt. The manipulation of the argument interface/displayname results in command injection. The attack can be executed remotely. The exploit has been made public and...
CVE-2025-9585
A vulnerability was determined in Comfast CF-N1 2.6.0. This affects the function wifilithdeletepicfile of the file /usr/bin/webmgnt. This manipulation of the argument portaldeletepicname causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly...
CVE-2025-9582
A flaw has been found in Comfast CF-N1 2.6.0. Affected is the function ntptimezone of the file /usr/bin/webmgnt. Executing manipulation of the argument timestr can lead to command injection. The attack may be launched remotely. The exploit has been published and may be used...