CVE-2026-30703

CVE-2026-30703 affects the WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02). The web management interface’s adm.cgi endpoint improperly sanitizes a command-related parameter in the sysCMD functionality, enabling a potential command injection. Root cause: insufficient input validation/saniti...

CVE-2019-25487

SAPIDO RB-1732 V2.0.43 contains a remote command execution vulnerability allowing unauthenticated attackers to run arbitrary system commands by posting to the formsSysCmd endpoint with the sysCmd parameter. The issue enables code execution with router privileges and has a high impact on confident...

PT-2026-24781

SAPIDO RB-1732 V2.0.43 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious input to the formSysCmd endpoint. Attackers can send POST requests with the sysCmd parameter containing shell commands to...

CVE-2026-1690

CVE-2026-1690 affects Tenda HG10 family devices (HG10/HG7/HG9/HG10re_300001138_en_xpon). The flaw resides in the /boaform/formSysCmd handler, where manipulation of the sysCmd argument enables command injection. Attacks may be initiated remotely over the network; exploitation has been published an...

Tenda HG10 command injection vulnerability

The Tenda HG10 is a fiber-optic router produced by the Chinese company Tenda. The Tenda HG10 USHG7HG9HG10re300001138enxpon has a command injection vulnerability. This vulnerability arises from incorrect handling of parameters in the file /boaform/formSysCmd, specifically the parameter sysCmd, whi...

CVE-2025-14094

A flaw has been found in Edimax BR-6478AC V3 1.0.15. The affected element is the function sub44CCE4 of the file /boafrm/formSysCmd. This manipulation of the argument sysCmd causes os command injection. The attack may be initiated remotely. The exploit has been published and may be used. The vendo...

CVE-2021-4470

TG8 Firewall contains a pre-authentication remote code execution vulnerability in the runphpcmd.php endpoint. The syscmd POST parameter is passed directly to a system command without validation and executed with root privileges. A remote, unauthenticated attacker can supply crafted values to...

CVE-2021-4470

TG8 Firewall contains a pre-authentication remote code execution vulnerability in the runphpcmd.php endpoint. The syscmd POST parameter is passed directly to a system command without validation and executed with root privileges. A remote, unauthenticated attacker can supply crafted values to...

CVE-2021-4470 TG8 Firewall Unauthenticated RCE via runphpcmd.php

TG8 Firewall contains a pre-authentication remote code execution vulnerability in the runphpcmd.php endpoint. The syscmd POST parameter is passed directly to a system command without validation and executed with root privileges. A remote, unauthenticated attacker can supply crafted values to...

CVE-2021-4470

CVE-2021-4470 describes a pre-authentication remote code execution in TG8 Firewall through the runphpcmd.php endpoint. The syscmd POST parameter is passed directly to a system command without validation, and is executed with root privileges, enabling a remote, unauthenticated attacker to run arbi...

TG8 Firewall 安全漏洞

TG8 Firewall is a firewall from TG8 Inc. A security vulnerability exists in TG8 Firewall that originates from the runphpcmd.php endpoint that does not validate the syscmd parameter, which could lead to remote code execution...

PT-2025-47021

Name of the Vulnerable Software and Affected Versions TG8 Firewall affected versions not specified Description The software contains a pre-authentication remote code execution issue in the runphpcmd.php endpoint. The syscmd POST parameter is directly passed to a system command without validation...

CVE-2025-34029

An OS command injection vulnerability exists in the Edimax EW-7438RPn Mini firmware version 1.13 and prior via the syscmd.asp form handler. The /goform/formSysCmd endpoint exposes a system command interface through the sysCmd parameter. A remote authenticated attacker can submit arbitrary shell...

CVE-2023-30404

Aigital Wireless-N Repeater MiniRouter v0.131229 was discovered to contain a remote code execution RCE vulnerability via the sysCmd parameter in the formSysCmd function. This vulnerability is exploited via a crafted HTTP request...

CVE-2015-9551

An issue was discovered on TOTOLINK A850R-V1 through 1.0.1-B20150707.1612 and F1-V2 through 1.1-B20150708.1646 devices. There is Remote Code Execution in the management interface via the formSysCmd sysCmd parameter...

D-Link DIR-605L sysCmd Parameter Command Injection Vulnerability

The D-Link DIR-605L is a wireless router from China's AUO D-Link. The D-Link DIR-605L suffers from a command injection vulnerability that stems from the parameter sysCmd failing to properly filter constructed command special characters, commands, and so on. No details of the vulnerability are...

D-Link DIR-605L 安全漏洞

The D-Link DIR-605L is a wireless router from China's AUO D-Link. The D-Link DIR-605L suffers from a command injection vulnerability that stems from the parameter sysCmd failing to properly filter constructed command special characters, commands, and so on. No details of the vulnerability are...

CVE-2023-30404

Aigital Wireless-N Repeater MiniRouter v0.131229 was discovered to contain a remote code execution RCE vulnerability via the sysCmd parameter in the formSysCmd function. This vulnerability is exploited via a crafted HTTP request...

PT-2023-22675 · Aigital · Aigital Wireless-N Repeater Mini Router

Name of the Vulnerable Software and Affected Versions: Aigital Wireless-N Repeater Mini Router version 0.131229 Description: The issue is a remote code execution vulnerability that can be exploited via a crafted HTTP request. It affects the formSysCmd function through the sysCmd parameter. There ...

PT-2023-18890 · Korenix · Korenix Jetwave 4200 Series +1

Name of the Vulnerable Software and Affected Versions: Korenix Jetwave 4200 Series version 1.3.0 Korenix JetWave 3000 Series version 1.6.0 Description: The issue allows for Command Injection via the "/goform/formSysCmd" API endpoint. An attacker can modify the sysCmd parameter to execute commands...