25 matches found
EUVD-2021-25832
Malware in sbrugna...
EUVD-2022-39776
Malicious code in bioql PyPI...
EUVD-2025-4384
Malicious code in bioql PyPI...
CVE-2025-57105
The DI-7400G+ router has a command injection vulnerability, which allows attackers to execute arbitrary commands on the device. The sub478D28 function in in mngplatform.asp, and sub4A12DC function in wayosacserver.asp of the jhttpd program, with the parameter acmngsrvhost...
CVE-2025-32458 ON Semiconductor Quantenna router_command.sh (in the get_syslog_from_qtn argument) Argument Injection
The Quantenna Wi-Fi chipset ships with a local control script, routercommand.sh in the getsyslogfromqtn argument, that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command 'Argument Injection'," and is estimated as a CVSS...
CVE-2025-32457
The CVE-2025-32457 entry concerns the Quantenna Wi‑Fi chipset and details a command injection in a local control script. Affected component: router_command.sh (in the get_file_from_qtn argument) and related script paths, with root cause identified as CWE-88 (Improper Neutralization of Argument De...
Quantenna Communications Quantenna Wi-Fi chipset 安全漏洞
Quantenna Communications Quantenna Wi-Fi chipset is a WiFi chip from Quantenna Communications, USA. A security vulnerability exists in Quantenna Communications Quantenna Wi-Fi chipset version 8.0.0.28 and earlier, which originates from a command injection in the getsyslogfromqtn parameter in the...
Quantenna Communications Quantenna Wi-Fi chipset 安全漏洞
Quantenna Communications Quantenna Wi-Fi chipset is a WiFi chip from Quantenna Communications, USA. A security vulnerability exists in Quantenna Communications Quantenna Wi-Fi chipset version 8.0.0.28 and earlier, which originates from a command injection in the synctime parameter of the...
CVE-2024-48418
In Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06, the request /goform/fromSetDDNS does not properly handle special characters in any of user provided parameters, allowing an attacker with access to the web interface to inject and execute arbitrary shell commands...
CVE-2022-41396
Tenda AC1200 Router Model W15Ev2 V15.11.0.101576 was discovered to contain multiple command injection vulnerabilities in the function setIPsecTunnelList via the IPsecLocalNet and IPsecRemoteNet parameters...
CVE-2022-28578
It is found that there is a command injection vulnerability in the setOpenVpnCfg interface in TOTOlink A7100RU v7.4cu.2313b20191024 router, which allows an attacker to execute arbitrary commands through a carefully constructed payload...
CVE-2021-30232
The api/ZRIGMP/setIGMPPROXY interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the IGMPPROXYWANCONNECT parameter...
CVE-2021-39474
Vulnerability in the product Docsis 3.0 UBC1319BA00 Router supported affected version 1319010201r009. The vulnerability allows an attacker with privileges and network access through the ping.cmd component to execute commands on the device...
CVE-2025-28145
Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was discovered to contain a command injection vulnerability via partition in /boafrm/formDiskFormat...
CVE-2025-28142
Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V31.0.15 was discovered to contain a command injection vulnerability via the foldername in /boafrm/formDiskCreateShare...
PT-2025-24371
Name of the Vulnerable Software and Affected Versions Quantenna Wi-Fi chipset versions through 8.0.0.28 Description The Quantenna Wi-Fi chipset has a local control script, router command.sh, that is vulnerable to command injection, specifically in the get syslog from qtn argument. This issue is...
CVE-2022-43973
An arbitrary code execution vulnerability exisits in Linksys WRT54GL Wireless-G Broadband Router with firmware = 4.30.18.006. The CheckTSSI function within the httpd binary uses unvalidated user input in the construction of a system command. An authenticated attacker with administrator privileges...
CVE-2022-40720
This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Dreambox plugin for the xupnpd service, which listens on...
CVE-2024-48419
Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 suffers from Command Injection issues in /bin/goahead. Specifically, these issues can be triggered through /goform/tracerouteDiagnosis, /goform/pingDiagnosis, and /goform/fromSysToolPingCmd Each of these issues allows an attacker with access t...
CVE-2023-43130
D-LINK DIR-806 1200M11AC wireless router DIR806A1FW100CNb11 is vulnerable to command injection...