CVE-2025-4445

A vulnerability classified as critical has been found in D-Link DIR-605L 2.13B01. Affected is the function wakeonlan. The manipulation of the argument mac leads to command injection. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure. This...

The vulnerability of the iControl REST component of the access control and remote authentication solution for BIG-IP allows a perpetrator to inject arbitrary commands.

The vulnerability of the iControl REST component of the access control and remote authentication solution for BIG-IP is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a malicious actor to inject arbitrary commands remotely...

CVE-2025-4357

A vulnerability was found in Tenda RX3 16.03.13.11multi. It has been rated as critical. This issue affects some unknown processing of the file /goform/telnet. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be...

CVE-2025-4349

A vulnerability classified as critical has been found in D-Link DIR-600L up to 2.07B01. This affects the function formSysCmd. The manipulation of the argument host leads to command injection. It is possible to initiate the attack remotely. This vulnerability only affects products that are no long...

CVE-2025-4350

A vulnerability classified as critical was found in D-Link DIR-600L up to 2.07B01. This vulnerability affects the function wakeonlan. The manipulation of the argument host leads to command injection. The attack can be initiated remotely. This vulnerability only affects products that are no longer...

CVE-2025-4341

A vulnerability classified as critical was found in D-Link DIR-880L up to 104WWb01. Affected by this vulnerability is the function sub16570 of the file /htdocs/ssdpcgi of the component Request Header Handler. The manipulation of the argument HTTPST/REMOTEADDR/REMOTEPORT/SERVERID leads to command...

CVE-2025-4340

A vulnerability classified as critical has been found in D-Link DIR-890L and DIR-806A1 up to 100CNb11/108B03. Affected is the function sub175C8 of the file /htdocs/soap.cgi. The manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed t...

CVE-2025-4340

CVE-2025-4340 affects D-Link DIR-890L and DIR-806A1; the vulnerability is a remote command injection in the function sub_175C8 of /htdocs/soap.cgi. The root cause is improper handling/filters of crafted characters in that function, allowing an attacker to execute arbitrary commands remotely. Affe...

CVE-2025-4135

A vulnerability was found in Netgear WG302v2 up to 5.2.9 and classified as critical. Affected by this issue is the function uigetinputvalue. The manipulation of the argument host leads to command injection. The attack may be launched remotely. The vendor was contacted early about this disclosure...

CVE-2025-4122

A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. It has been rated as critical. Affected by this issue is the function sub435E04. The manipulation of the argument host leads to command injection. The attack may be launched remotely. The vendor was contacted early about this disclosure bu...

The vulnerability of TOTOLINK A7100RU router’s microprogramming software, which exists due to the lack of measures to neutralize special elements, allows intruders to inject arbitrary commands.

The vulnerability of TOTOLINK A7100RU router microprogramming software exists due to the lack of measures taken to neutralize special elements. Exploiting this vulnerability allows a remote attacker to inject arbitrary commands...

CVE-2025-3816

A vulnerability classified as critical was found in westboy CicadasCMS 2.0. This vulnerability affects unknown code of the file /system/schedule/save of the component Scheduled Task Handler. The manipulation leads to os command injection. The attack can be initiated remotely. The exploit has been...

📄 CommScope Ruckus IoT Controller 1.7.1.0 Backdoor Account

CommScope Ruckus IoT Controller version 1.7.1.0 has an undocumented backdoor account. Exploit Title: CommScope Ruckus IoT Controller 1.7.1.0 - Undocumented Account Date: 2021.05.26 Exploit Author: korelogic Vendor Homepage:...

FLIR AX8 1.46.16 - Remote Command Injection

Exploit Title: FLIR AX8 1.46.16 - Remote Command Injection Date: 8/19/2022 Exploit Author: Samy Younsi Naqwada https://samy.link, SC Vendor Homepage: https://www.flir.com/ Software Link: https://www.flir.com/products/ax8-automation/ PoC: https://www.youtube.com/watch?v=dh0rfAIWok Version: 1.46.16...

PT-2025-20240 · Ооо "Юзергейт" · Usergate Log Analyzer +3

Уязвимость в веб-интерфейсе программного обеспечения межсетевого экрана UserGate Next-Generation Firewall NGFW, единого центра управления UserGate Management Center UGMC и системы сбора логов UserGate Log Analyzer LogAn, связана с недостаточной проверкой входных данных. Эксплуатация уязвимости...

PT-2025-18018 · Totolink · Totolink N150Rt

Name of the Vulnerable Software and Affected Versions: TOTOLINK N150RT version 3.4.0-B20190525 Description: A critical issue affects the processing of the file /boafrm/formWsc. The manipulation of the localPin argument leads to command injection. The attack may be initiated remotely...

CVE-2025-3249

A vulnerability classified as critical was found in TOTOLINK A6000R 1.0.1-B20201211.2000. Affected by this vulnerability is the function apclicancelwps of the file /usr/lib/lua/luci/controller/mtkwifi.lua. The manipulation leads to command injection. The attack can be launched remotely. The explo...

CVE-2022-37061

All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Command Injection. This can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST parameter in the res.php endpoint. A successful exploit could allow th...

Aishida Call Center System 注入漏洞

Aishida Call Center System is a call center system from Aishida China. An injection vulnerability exists in Aishida Call Center System 20250314 and prior versions, which originates from a command injection that could remotely launch an attack...

ROS-20250326-10

A vulnerability in the Nextcloud calendar cloud software application for creating and utilizing a Nextcloud data warehouse is related to the failure to clean up line breaks and special characters in the email value in a JSON request. Exploitation of the vulnerability could allow an attacker actin...