5 matches found
CVE-2026-9400
A flaw has been found in Edimax BR-6675nD 1.12. This issue affects the function formUSBStorage of the file /goform/formUSBStorage of the component POST Request Handler. Executing a manipulation of the argument subdir can lead to command injection. It is possible to launch the attack remotely. The...
CVE-2026-9400
Edimax BR-6675nD (firmware 1.12) is affected by a command-injection in the POST Request Handler’s formUSBStorage function (/goform/formUSBStorage). By manipulating the sub_dir parameter, an attacker can execute arbitrary commands remotely. The CVE description consistently notes a remote attack po...
CVE-2026-9400 Edimax BR-6675nD POST Request formUSBStorage command injection
A flaw has been found in Edimax BR-6675nD 1.12. This issue affects the function formUSBStorage of the file /goform/formUSBStorage of the component POST Request Handler. Executing a manipulation of the argument subdir can lead to command injection. It is possible to launch the attack remotely. The...
PT-2026-42971
Name of the Vulnerable Software and Affected Versions Edimax BR-6675nD version 1.12 Description A flaw in the POST Request Handler component allows for remote command injection. The issue exists within the formUSBStorage function located in the '/goform/formUSBStorage' endpoint. An attacker can...
CVE-2026-6670
The Media Sync plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.9 via the 'subdir' and 'mediaitems' parameters. This is due to insufficient validation of user-supplied file paths, which are not checked for directory traversal sequences or restricted t...