45 matches found
EUVD-2026-43548
9Router through version 0.4.41 contain an unauthenticated information disclosure vulnerability that allows remote attackers to access sensitive user data by sending requests to unprotected API endpoints. Attackers can enumerate paginated request logs and retrieve complete AI conversation historie...
PT-2026-57906
Name of the Vulnerable Software and Affected Versions 9Router versions prior to 0.4.42 Description An unauthenticated information disclosure issue exists where remote attackers can retrieve plaintext API keys for all connected AI provider accounts. This occurs due to missing authentication...
EUVD-2026-42073
9Router before 0.4.44 contains an OS command injection vulnerability in the unauthenticated POST /api/tunnel/tailscale-install endpoint this route is not covered by the dashboard middleware matcher, so no authorization check is applied. The sudoPassword field from the request body is written to t...
Edimax BR-6228NC 注入漏洞
The Edimax BR-6228NC is a wireless broadband router produced by Edimax Corporation. Version 1.22 of the Edimax BR-6228NC has a vulnerability known as “injection flaw.” This flaw arises from the function mp in the POST Request Handler component, which processes the command parameter. The improper...
Cross-site Request Forgery (CSRF)
Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF due to the improper origin checks of UI route submissions in server-side route action handlers in Framework Mode. An attacker can execute unauthorized actions by tricking a user into submitting a crafted...
Exposure of Sensitive Information Due to Incompatible Policies
Overview Affected versions of this package are vulnerable to Exposure of Sensitive Information Due to Incompatible Policies due to insufficient access validation to private user projects. An attacker can gain unauthorized access to sensitive project information by directly accessing private proje...
Linksys E5600 安全漏洞
Linksys E5600 is a powerful, compact and reliable WiFi 5 router from Linksys, Inc. A security vulnerability exists in Linksys E5600 version V1.1.0.26, which stems from a command injection in the ddnsStatus function...
text-generation-inference: Unbounded external image fetch in validation leads to resource-exhaustion DoS
Description Text Generation Inference Router DoS via pre-validation image fetch in VLM mode. Affected: Router workspace version 3.3.6 the latest repo, when deployed with a vision/VLM model e.g., Idefics/Mllama/Idefics2/Idefics3/Gemma3/Llama4/Paligemma/LlavaNext/Qwen2VL/Qwen25VL. Pure text LLMs do...
Mercusys MW301R 安全漏洞
Mercusys MW301R is a router from Mercusys, China. A security vulnerability exists in Mercusys MW301R version 1.0.2 Build 190726 Rel.59423n, which stems from an improperly restricted authentication attempt in the Login component...
CVE-2024-29671
Buffer Overflow vulnerability in NEXTU FLATA AX1500 Router v.1.0.2 allows a remote attacker to execute arbitrary code via the POST request handler component...
TOTOLINK A720R、TOTOLINK A3002R和TOTOLINK A3002RU 安全漏洞
TOTOLINK A3002RU and others are products of China Gion Electronics TOTOLINK.TOTOLINK A3002RU is a wireless router product.TOTOLINK A720R is a wireless router.TOTOLINK A3002R is a wireless router.TOTOLINK A3002R is a wireless router. A security vulnerability exists in the TOTOLINK A720R, TOTOLINK...
CVE-2024-57232
NETGEAR RAX5 AX1600 WiFi Router V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcliwpsgenpincode function...
PT-2025-17867
Name of the Vulnerable Software and Affected Versions React Router versions 7.2.0 through 7.5.2 Description The issue allows an attacker to force an application to switch to SPA mode by adding a header to the request. If the application uses SSR and is forced to switch to SPA, this causes an erro...
PT-2024-19054 · Unknown · Mc Lr Router
Name of the Vulnerable Software and Affected Versions: MC LR Router version 2.10.5 Description: An OS command injection vulnerability exists in the web interface configuration upload functionality. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an...
PT-2024-22221 · Unknown · Mc Lr Router
Name of the Vulnerable Software and Affected Versions: MC LR Router version 2.10.5 Description: The issue is related to OS command injection vulnerabilities in the web interface I/O configuration functionality. A specially crafted HTTP request can lead to arbitrary command execution. An attacker...
PT-2024-22222 · Unknown · Mc Lr Router
Name of the Vulnerable Software and Affected Versions: MC LR Router version 2.10.5 Description: The issue concerns OS command injection vulnerabilities in the web interface I/O configuration functionality. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can...
MC Technologies MC LR Router 操作系统命令注入漏洞
MC Technologies MC LR Router is a router from MC Technologies, Germany. An operating system command injection vulnerability exists in MC Technologies MC LR Router version 2.10.5, which stems from an OS command injection in the I/O configuration function of the web interface, which could lead to...
PT-2024-30095 · Wishnet · Wishnet Nepstech Wifi Router Ntpl-Xpon1Gfevn
Name of the Vulnerable Software and Affected Versions: wishnet Nepstech Wifi Router NTPL-XPON1GFEVN version 1.0 Description: An issue in the wishnet Nepstech Wifi Router allows a remote attacker to obtain sensitive information via the cookie's parameter. Recommendations: For wishnet Nepstech Wifi...
Exploit for Incorrect Authorization in Nexxtsolutions Nebula1200-Ac_Firmware
EN This project provides a proof-of-concept exploit for a remo...
PT-2024-19490 · Digisol · Digisol Router
Name of the Vulnerable Software and Affected Versions: Digisol Router DG-GR1321 version v3.2.02 Description: This issue is caused by the improper implementation of password policies. An attacker with physical access could exploit this by creating passwords that do not adhere to the defined securi...