EUVD-2023-27395

Malicious code in bioql PyPI...

CVE-2025-34029

An OS command injection vulnerability exists in the Edimax EW-7438RPn Mini firmware version 1.13 and prior via the syscmd.asp form handler. The /goform/formSysCmd endpoint exposes a system command interface through the sysCmd parameter. A remote authenticated attacker can submit arbitrary shell...

VulnCheck KEV: CVE-2025-34029

An OS command injection vulnerability exists in the Edimax EW-7438RPn Mini firmware version 1.13 and prior via the syscmd.asp form handler. The /goform/formSysCmd endpoint exposes a system command interface through the sysCmd parameter. A remote authenticated attacker can submit arbitrary shell...

CVE-2023-30404

Aigital Wireless-N Repeater MiniRouter v0.131229 was discovered to contain a remote code execution RCE vulnerability via the sysCmd parameter in the formSysCmd function. This vulnerability is exploited via a crafted HTTP request...

CVE-2015-9551

An issue was discovered on TOTOLINK A850R-V1 through 1.0.1-B20150707.1612 and F1-V2 through 1.1-B20150708.1646 devices. There is Remote Code Execution in the management interface via the formSysCmd sysCmd parameter...

D-Link DIR-605L sysCmd Parameter Command Injection Vulnerability

The D-Link DIR-605L is a wireless router from China's AUO D-Link. The D-Link DIR-605L suffers from a command injection vulnerability that stems from the parameter sysCmd failing to properly filter constructed command special characters, commands, and so on. No details of the vulnerability are...

The vulnerability of the formSysCmd function in the microprogramming software of the D-Link DIR-619L router allows a hacker to execute arbitrary code.

The vulnerability of the formSysCmd function in the microprogramming system of the D-Link DIR-619L router lies in the lack of measures taken to clean data at the control level when processing the sysCmd parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

D-Link DIR-605L 安全漏洞

The D-Link DIR-605L is a wireless router from China's AUO D-Link. The D-Link DIR-605L suffers from a command injection vulnerability that stems from the parameter sysCmd failing to properly filter constructed command special characters, commands, and so on. No details of the vulnerability are...

CVE-2023-30404

Aigital Wireless-N Repeater MiniRouter v0.131229 was discovered to contain a remote code execution RCE vulnerability via the sysCmd parameter in the formSysCmd function. This vulnerability is exploited via a crafted HTTP request...

CVE-2023-30404

CVE-2023-30404 affects Aigital Wireless-N Repeater Mini_Router v0.131229. The issue is a remote code execution (RCE) in the formSysCmd function, exploitable via the sysCmd parameter and a crafted HTTP request. Connected sources confirm the vulnerable component is the formSysCmd/sysCmd pathway, wi...

PT-2023-22675 · Aigital · Aigital Wireless-N Repeater Mini Router

Name of the Vulnerable Software and Affected Versions: Aigital Wireless-N Repeater Mini Router version 0.131229 Description: The issue is a remote code execution vulnerability that can be exploited via a crafted HTTP request. It affects the formSysCmd function through the sysCmd parameter. There ...

CVE-2023-23295

Korenix Jetwave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection via /goform/formSysCmd. An attacker an modify the sysCmd parameter in order to execute commands as root...

PT-2023-18890 · Korenix · Korenix Jetwave 4200 Series +1

Name of the Vulnerable Software and Affected Versions: Korenix Jetwave 4200 Series version 1.3.0 Korenix JetWave 3000 Series version 1.6.0 Description: The issue allows for Command Injection via the "/goform/formSysCmd" API endpoint. An attacker can modify the sysCmd parameter to execute commands...

CVE-2021-4242

A vulnerability was found in Sapido BR270n, BRC76n, GR297 and RB1732 and classified as critical. Affected by this issue is some unknown functionality of the file ip/syscmd.htm. The manipulation leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to t...

The vulnerability of the web administration interface of the microprogramming software for the portable wireless module PLANEX MZK-DP150N allows a perpetrator to execute arbitrary commands.

The vulnerability of the web administration interface of the microprogramming software for the portable wireless module PLANEX MZK-DP150N is related to errors in the use of standard permissions. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using a specially...

CVE-2021-36706

In ProLink PRC2402M V1.0.18 and older, the setsyscmd function in the adm.cgi binary, accessible with a page parameter value of sysCMD contains a trivial command injection where the value of the command parameter is passed directly to system...

Remote code execution

An issue was discovered on TOTOLINK A850R-V1 through 1.0.1-B20150707.1612 and F1-V2 through 1.1-B20150708.1646 devices. There is Remote Code Execution in the management interface via the formSysCmd sysCmd parameter...

CVE-2015-9551

An issue was discovered on TOTOLINK A850R-V1 through 1.0.1-B20150707.1612 and F1-V2 through 1.1-B20150708.1646 devices. There is Remote Code Execution in the management interface via the formSysCmd sysCmd parameter...

CVE-2015-9551

An issue was discovered on TOTOLINK A850R-V1 through 1.0.1-B20150707.1612 and F1-V2 through 1.1-B20150708.1646 devices. There is Remote Code Execution in the management interface via the formSysCmd sysCmd parameter. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed...

CVE-2019-19824

On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI syscmd.htm is not available. This allows for full control over the device's internals. This affects A3002RU through...