CVE-2026-3841

A command injection vulnerability has been identified in the Telnet command-line interface CLI of TP-Link TL-MR6400 v5.3. This issue is caused by insufficient sanitization of data processed during specific CLI operations. An authenticated attacker with elevated privileges may be able to execute...

CVE-2026-3841 Command Injection Vulnerability in Telnet CLI on TP-Link TL-MR6400

A command injection vulnerability has been identified in the Telnet command-line interface CLI of TP-Link TL-MR6400 v5.3. This issue is caused by insufficient sanitization of data processed during specific CLI operations. An authenticated attacker with elevated privileges may be able to execute...

CVE-2020-12041

The Baxter Spectrum WBM v17, v20D29, v20D30, v20D31, and v22D24 telnet Command-Line Interface, grants access to sensitive data stored on the WBM that permits temporary configuration changes to network settings of the WBM, and allows the WBM to be rebooted. Temporary configuration changes to netwo...

CVE-2022-31808

A vulnerability has been identified in SiPass integrated AC5102 ACC-G2 All versions V2.85.44, SiPass integrated ACC-AP All versions V2.85.43. Affected devices improperly sanitize user input on the telnet command line interface. This could allow an authenticated user to escalate privileges by...

CVE-2019-16639

An issue was found on the Ruijie EG-2000 series gateway. There is a newcli.php API interface without access control, which can allow an attacker who only has web interface access to use TELNET commands and/or show admin passwords via the modeurl=exec= substring. This affects EG-2000SE EGRGOS 11.9...

EUVD-2003-0786

Malware in sbrugna...

EUVD-2021-8188

Malicious code in bioql PyPI...

EUVD-2025-25700

Malicious code in bioql PyPI...

EUVD-2022-53196

Malicious code in bioql PyPI...

CVE-2025-8286 Güralp Systems Güralp FMUS series Missing Authentication for Critical Function

Güralp FMUS series seismic monitoring devices expose an unauthenticated Telnet-based command line interface that could allow an attacker to modify hardware configurations, manipulate data, or factory reset the device...

CVE-2025-34093 Polycom HDX Series Telnet Command Injection via lan traceroute

An authenticated command injection vulnerability exists in the Polycom HDX Series command shell interface accessible over Telnet. The lan traceroute command in the devcmds console accepts unsanitized input, allowing attackers to execute arbitrary system commands. By injecting shell metacharacters...

CVE-2025-34093

Polycom HDX Series devices vulnerable to an authenticated command injection via the Telnet-based devcmds console. The lan traceroute command accepts unsanitized input, enabling arbitrary command execution as root. This is evidenced by references to a PoC/Metasploit module (polycom_hdx_traceroute_...

CVE-2025-27493

A vulnerability has been identified in SiPass integrated AC5102 ACC-G2 All versions V6.4.9, SiPass integrated ACC-AP All versions V6.4.9. Affected devices improperly sanitize user input for specific commands on the telnet command line interface. This could allow an authenticated local administrat...

PT-2025-1260 · Tenda · Tenda Ac10 +2

Name of the Vulnerable Software and Affected Versions: Tenda AC8 versions 16.03.10.20 Tenda AC10 versions 16.03.10.20 Tenda AC18 versions 16.03.10.20 Description: A critical issue has been found in the HTTP Request Handler component of the affected devices, specifically in the /goform/telnet file...

CVE-2024-7158 TOTOLINK A3100R HTTP POST Request cstecgi.cgi setTelnetCfg command injection

A vulnerability was found in TOTOLINK A3100R 4.1.2cu.5050B20200504. It has been declared as critical. This vulnerability affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument telnetenabled leads to command...

CVE-2023-49406

Tenda W30E V16.01.0.124843 was discovered to contain a Command Execution vulnerability via the function /goform/telnet...

Extreme Networks Switch Engine Security Vulnerability

Extreme Networks Switch Engine EXOS is a switch engine from Extreme Networks. A security vulnerability exists in Extreme Networks Switch Engine versions prior to 32.5.1.5, which stems from an Access Control Error vulnerability. An attacker could exploit the vulnerability to gain escalation...

CVE-2022-31808

A vulnerability has been identified in SiPass integrated AC5102 ACC-G2 All versions V2.85.44, SiPass integrated ACC-AP All versions V2.85.43. Affected devices improperly sanitize user input on the telnet command line interface. This could allow an authenticated user to escalate privileges by...

CVE-2022-31808

A vulnerability has been identified in SiPass integrated AC5102 ACC-G2 All versions V2.85.44, SiPass integrated ACC-AP All versions V2.85.43. Affected devices improperly sanitize user input on the telnet command line interface. This could allow an authenticated user to escalate privileges by...

Design/Logic Flaw

A vulnerability has been identified in SiPass integrated AC5102 ACC-G2 All versions V2.85.44, SiPass integrated ACC-AP All versions V2.85.43. Affected devices improperly sanitize user input on the telnet command line interface. This could allow an authenticated user to escalate privileges by...