CVE-2026-36828

A command injection vulnerability exists in the /cgi-bin/tools/ajaxcmd endpoint of Panabit PAP-XM320 up to and including v7.7. The CGI component allows authenticated users to execute arbitrary shell commands with root privileges via the action=runcmd parameter...

PT-2026-41950

Name of the Vulnerable Software and Affected Versions Panabit PAP-XM320 versions prior to 7.8 Description A command injection issue exists in the CGI component of the software. Authenticated users can execute arbitrary shell commands with root privileges through the '/cgi-bin/tools/ajax cmd'...