CVE-2025-7414

CVE-2025-7414 affects Tenda O3V2 1.0.0.12(3880). The vulnerability is in the httpd component’s file /goform/setPingInfo, specifically the fromNetToolGet function, where manipulation of the domain argument leads to operating system command injection. This can be exploited remotely and publicly dis...

CVE-2025-7407

A vulnerability, which was classified as critical, was found in Netgear D6400 1.0.0.114. This affects an unknown part of the file diag.cgi. The manipulation of the argument hostname leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to th...

CVE-2025-7083

A vulnerability was found in Belkin F9K1122 1.00.33. It has been classified as critical. This affects the function mp of the file /goform/mp of the component webs. The manipulation of the argument command leads to os command injection. It is possible to initiate the attack remotely. The exploit h...

CVE-2025-7083

CVE-2025-7083 affects Belkin F9K1122 with firmware 1.00.33. A vulnerability in the function mp of the file /goform/mp allows OS command injection via manipulation of the command argument, with remote exploitation possible. The CVE entries consistently describe a critical impact (CWE-like risk: ar...

CVE-2025-7081

A vulnerability has been found in Belkin F9K1122 1.00.33 and classified as critical. Affected by this vulnerability is the function formSetWanStatic of the file /goform/formSetWanStatic of the component webs. The manipulation of the argument...

CVE-2025-7081

A vulnerability has been found in Belkin F9K1122 1.00.33 and classified as critical. Affected by this vulnerability is the function formSetWanStatic of the file /goform/formSetWanStatic of the component webs. The manipulation of the argument...

CVE-2025-7082

A vulnerability was found in Belkin F9K1122 1.00.33 and classified as critical. Affected by this issue is the function formBSSetSitesurvey of the file /goform/formBSSetSitesurvey of the component webs. The manipulation of the argument wanipaddr/wannetmask/wangateway/wlssid is directly passed by t...

CVE-2025-34044

A remote command injection vulnerability exists in the confirm.php interface of the WIFISKY 7-layer Flow Control Router via a specially-crafted HTTP GET request to the t parameter. Insufficient input validation allows unauthenticated attackers to execute arbitrary OS commands. Exploitation eviden...

CVE-2025-34043

A remote command injection vulnerability exists in Vacron Network Video Recorder NVR devices v1.4 due to improper input sanitization in the board.cgi script. The vulnerability allows unauthenticated attackers to pass arbitrary commands to the underlying operating system via crafted HTTP requests...

CVE-2025-34044

A remote command injection vulnerability exists in the confirm.php interface of the WIFISKY 7-layer Flow Control Router via a specially-crafted HTTP GET request to the t parameter. Insufficient input validation allows unauthenticated attackers to execute arbitrary OS commands. Exploitation eviden...

CVE-2025-34043

A remote command injection vulnerability exists in Vacron Network Video Recorder NVR devices v1.4 due to improper input sanitization in the board.cgi script. The vulnerability allows unauthenticated attackers to pass arbitrary commands to the underlying operating system via crafted HTTP requests...

CVE-2025-34044

A remote command injection vulnerability exists in the confirm.php interface of the WIFISKY 7-layer Flow Control Router via a specially-crafted HTTP GET request to the t parameter. Insufficient input validation allows unauthenticated attackers to execute arbitrary OS commands. Exploitation eviden...

CVE-2025-34044

The CVE-2025-34044 issue affects the WIFISKY 7-layer Flow Control Router, specifically the confirm.php interface. A vulnerability in input validation on the t HTTP GET parameter allows unauthenticated attackers to execute arbitrary OS commands (remote command injection). Exploitation evidence was...

CVE-2025-34043 Vacron NVR Remote Command Execution

A remote command injection vulnerability exists in Vacron Network Video Recorder NVR devices v1.4 due to improper input sanitization in the board.cgi script. The vulnerability allows unauthenticated attackers to pass arbitrary commands to the underlying operating system via crafted HTTP requests...

CVE-2025-34043

Vacron NVR devices (v1.4) are affected by a remote command injection due to improper input sanitization in the board.cgi script. The issue allows unauthenticated attackers to pass arbitrary commands to the underlying OS via crafted HTTP requests, resulting in remote code execution with the web se...

PT-2025-26992

Name of the Vulnerable Software and Affected Versions: Vacron Network Video Recorder NVR devices version 1.4 Description: A remote command injection issue exists due to improper input sanitization in the board.cgi script. This allows unauthenticated attackers to pass arbitrary commands to the...

PT-2025-26993

Name of the Vulnerable Software and Affected Versions: WIFISKY 7-layer Flow Control Router affected versions not specified Description: A remote command injection issue exists in the confirm.php interface of the WIFISKY 7-layer Flow Control Router. This is due to insufficient input validation,...

VulnCheck KEV: CVE-2025-34044

A remote command injection vulnerability exists in the confirm.php interface of the WIFISKY 7-layer Flow Control Router via a specially-crafted HTTP GET request to the t parameter. Insufficient input validation allows unauthenticated attackers to execute arbitrary OS commands. Exploitation eviden...

CVE-2025-6621

A vulnerability classified as critical has been found in TOTOLINK CA300-PoE 6.2c.884. This affects the function QuickSetting of the file ap.so. The manipulation of the argument hour/minute leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclose...

CVE-2025-6618

A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been classified as critical. Affected is the function SetWLanApcliSettings of the file wps.so. The manipulation of the argument PIN leads to os command injection. It is possible to launch the attack remotely. The exploit has been...