Lucene search
K

3872 matches found

CVE
CVE
added 2025/08/28 8:2 p.m.17 views

CVE-2025-9584

CVE-2025-9584 affects Comfast CF-N1 v2.6.0. The issue is in the function update_interface_png of /usr/bin/webmgnt, where manipulating the interface/display_name argument leads to a remote command-injection . Exploitation is possible remotely and the exploit has been publicized. Multiple sources c...

8.8CVSS6.5AI score0.08319EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2025/08/28 7:32 p.m.10 views

CVE-2025-9582 Comfast CF-N1 webmgnt ntp_timezone command injection

A flaw has been found in Comfast CF-N1 2.6.0. Affected is the function ntptimezone of the file /usr/bin/webmgnt. Executing manipulation of the argument timestr can lead to command injection. The attack may be launched remotely. The exploit has been published and may be used...

6.5CVSS0.05309EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/08/28 7:32 p.m.3 views

CVE-2025-9582 Comfast CF-N1 webmgnt ntp_timezone command injection

A flaw has been found in Comfast CF-N1 2.6.0. Affected is the function ntptimezone of the file /usr/bin/webmgnt. Executing manipulation of the argument timestr can lead to command injection. The attack may be launched remotely. The exploit has been published and may be used...

6.5CVSS6.3AI score0.05309EPSS
Exploits1References4
NVD
NVD
added 2025/08/28 7:15 p.m.2 views

CVE-2025-9579

A weakness has been identified in LB-LINK BL-X26 1.2.8. The impacted element is an unknown function of the file /goform/sethidessidcfg of the component HTTP Handler. This manipulation of the argument enable causes os command injection. The attack can be initiated remotely. The exploit has been ma...

8.8CVSS0.0692EPSS
Exploits1References5
NVD
NVD
added 2025/08/28 7:15 p.m.4 views

CVE-2025-9580

A security vulnerability has been detected in LB-LINK BL-X26 1.2.8. This affects an unknown function of the file /goform/setblacklist of the component HTTP Handler. Such manipulation of the argument mac leads to os command injection. The attack can be launched remotely. The exploit has been...

8.8CVSS0.06729EPSS
Exploits1References5
OSV
OSV
added 2025/08/28 7:15 p.m.4 views

CVE-2025-9579

A weakness has been identified in LB-LINK BL-X26 1.2.8. The impacted element is an unknown function of the file /goform/sethidessidcfg of the component HTTP Handler. This manipulation of the argument enable causes os command injection. The attack can be initiated remotely. The exploit has been ma...

8.8CVSS5.7AI score0.0692EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/08/28 7:2 p.m.2 views

CVE-2025-9581 Comfast CF-N1 webmgnt multi_pppoe command injection

A vulnerability was detected in Comfast CF-N1 2.6.0. This impacts the function multipppoe of the file /usr/bin/webmgnt. Performing manipulation of the argument phyinterface results in command injection. The attack may be initiated remotely. The exploit is now public and may be used...

6.5CVSS6.5AI score0.05309EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/08/28 6:32 p.m.2 views

CVE-2025-9579 LB-LINK BL-X26 HTTP set_hidessid_cfg os command injection

A weakness has been identified in LB-LINK BL-X26 1.2.8. The impacted element is an unknown function of the file /goform/sethidessidcfg of the component HTTP Handler. This manipulation of the argument enable causes os command injection. The attack can be initiated remotely. The exploit has been ma...

6.5CVSS6.4AI score0.0692EPSS
Exploits1References5
NVD
NVD
added 2025/08/28 6:15 p.m.6 views

CVE-2025-9575

A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This issue affects the function cgiMain of the file /cgi-bin/upload.cgi. Executing manipulation of the argument filename can lead to os command...

8.8CVSS0.08406EPSS
Exploits1References6
OSV
OSV
added 2025/08/28 6:15 p.m.4 views

CVE-2025-9575

A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This issue affects the function cgiMain of the file /cgi-bin/upload.cgi. Executing manipulation of the argument filename can lead to os command...

8.8CVSS5.7AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/08/28 12:0 a.m.4 views

PT-2025-35142

Name of the Vulnerable Software and Affected Versions Comfast CF-N1 version 2.6.0 Description A vulnerability was identified in the wireless device dissoc function of the /usr/bin/webmgnt file. Manipulation of the mac argument leads to command injection. The attack may be performed remotely. The...

8.8CVSS6.3AI score0.08319EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2025/08/28 12:0 a.m.5 views

PT-2025-35135

Name of the Vulnerable Software and Affected Versions: Comfast CF-N1 version 2.6.0 Description: A vulnerability exists in the ping config function of the /usr/bin/webmgnt file, which can lead to command injection. Remote exploitation is possible. The exploit has been publicly disclosed...

6.5CVSS6.4AI score0.05075EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2025/08/28 12:0 a.m.4 views

PT-2025-35137

Name of the Vulnerable Software and Affected Versions: Comfast CF-N1 version 2.6.0 Description: A vulnerability exists in Comfast CF-N1 version 2.6.0 due to command injection. Manipulation of the portal delete picname argument within the wifilith delete pic file function, located in the...

6.5CVSS6.5AI score0.05075EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2025/08/28 12:0 a.m.6 views

PT-2025-35136

Name of the Vulnerable Software and Affected Versions: Comfast CF-N1 version 2.6.0 Description: A vulnerability exists in Comfast CF-N1 version 2.6.0 due to command injection. The issue is located in the update interface png function within the /usr/bin/webmgnt file. Manipulation of the...

6.5CVSS6.9AI score0.08319EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2025/08/28 12:0 a.m.6 views

PT-2025-35124

Name of the Vulnerable Software and Affected Versions Linksys RE6250 version 1.0.013.001 Linksys RE6250 version 1.0.04.001 Linksys RE6250 version 1.0.04.002 Linksys RE6250 version 1.1.05.003 Linksys RE6250 version 1.2.07.001 Linksys RE6300 version 1.0.013.001 Linksys RE6300 version 1.0.04.001...

8.8CVSS6.5AI score0.08406EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2025/08/28 12:0 a.m.4 views

PT-2025-35128

Name of the Vulnerable Software and Affected Versions: LB-LINK BL-X26 version 1.2.8 Description: A weakness exists in the HTTP Handler component due to the manipulation of the enable argument within the /goform/set hidessid cfg file, leading to os command injection. This issue can be exploited...

6.5CVSS6.2AI score0.0692EPSS
Exploits1References8
NVD
NVD
added 2025/08/27 2:15 p.m.3 views

CVE-2025-9528

A vulnerability was determined in Linksys E1700 1.0.0.4.003. This vulnerability affects the function systemCommand of the file /goform/systemCommand. Executing manipulation of the argument command can lead to os command injection. The attack may be launched remotely. The exploit has been publicly...

7.2CVSS0.50053EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2025/08/27 1:2 p.m.3 views

CVE-2025-9528 Linksys E1700 systemCommand os command injection

A vulnerability was determined in Linksys E1700 1.0.0.4.003. This vulnerability affects the function systemCommand of the file /goform/systemCommand. Executing manipulation of the argument command can lead to os command injection. The attack may be launched remotely. The exploit has been publicly...

5.8CVSS7.5AI score0.50053EPSS
Exploits1References6
CVE
CVE
added 2025/08/27 1:2 p.m.19 views

CVE-2025-9528

CVE-2025-9528 affects Linksys E1700 router (version 1.0.0.4.003). The vulnerability targets the function systemCommand in /goform/systemCommand; manipulating the command argument can cause an OS command injection. The attack can be launched remotely, and exploitation has been publicly disclosed. ...

7.2CVSS5.1AI score0.50053EPSS
In wildExploits1References6Affected Software1
RedhatCVE
RedhatCVE
added 2025/08/26 12:23 p.m.6 views

CVE-2025-9387

A vulnerability was found in DCN DCME-720 9.1.5.11. This affects an unknown function of the file /usr/local/www/function/audit/newstatistics/ipblock.php of the component Web Management Backend. Performing manipulation of the argument ip results in os command injection. It is possible to initiate...

9.8CVSS7.6AI score0.09314EPSS
Exploits1References1
Rows per page
Query Builder