Exploit for Injection in Traceroute_Project Traceroute

node-vulnerable This repository is a synthetic demo target...

CVE-2026-28774 Authenticated OS Command Injection via Traceroute Utility leads to Root RCE

An OS Command Injection vulnerability exists in the web-based Traceroute diagnostic utility of International Datacasting Corporation IDC SFX Series SuperFlex SatelliteReceiver Web Management Interface version 101. An authenticated attacker can inject arbitrary shell metacharacters such as the pip...

OneUptime 操作系统命令注入漏洞

OneUptime is a comprehensive solution developed by OneUptime OpenSource. It is used to monitor and manage your online services. Versions of OneUptime prior to 10.0.7 contained an operating system command injection vulnerability. This vulnerability originated from the...

PT-2026-21749

Name of the Vulnerable Software and Affected Versions Binardat 10G08-0800GSM network switch firmware versions V300SP10260209 and prior Description The Binardat 10G08-0800GSM network switch firmware contains a command injection issue within the traceroute diagnostic function of the web management...

Binardat 10G08-0800GSM 操作系统命令注入漏洞

Binardat 10G08-0800GSM is a high-performance switch from the Chinese company Binardat. The firmware version V300SP10260209 and earlier of the Binardat 10G08-0800GSM network switch has a vulnerability related to operating system command injection. This vulnerability stems from command injection...

Siemens RUGGEDCOM ROX II Client-Side Enforcement of Server-Side Security (CVE-2025-33025)

The 'traceroute' tool in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated remote attacker to execute arbitrary code with root privileges. This plugin only works with Tenable.ot. Please visit...

EUVD-2005-2073

Malware in sbrugna...

CVE-2025-11096

A flaw has been found in D-Link DIR-823X 250416. This issue affects some unknown processing of the file /goform/diagtraceroute. Executing manipulation of the argument targetaddr can lead to command injection. The attack can be executed remotely. The exploit has been published and may be used...

PT-2025-39758

Name of the Vulnerable Software and Affected Versions D-Link DIR-823X version 250416 Description A flaw exists in the processing of the /goform/diag traceroute file within D-Link DIR-823X version 250416. Manipulation of the target addr argument can lead to command injection, allowing for remote...

The vulnerability of the fromTraceroutGet() function (/goform/getTraceroute) in the Tenda O3 wireless access point software allows a intruder to execute arbitrary commands.

The vulnerability of the fromTraceroutGet function /goform/getTraceroute in the Tenda O3 wireless access point software exists because measures are not taken to neutralize special elements when processing the dest parameter. Exploiting this vulnerability allows a remote attacker to execute...

The vulnerability of the fromTraceroutGet() function (/goform/getTraceroute) in the Tenda O3 wireless access point software allows a intruder to execute arbitrary commands.

The vulnerability of the fromNetToolGet function in the file /goform/setPingInfo function of the Tenda O3 wireless access point software is related to the lack of measures to sanitize input data during the processing of the domain parameter. Exploiting this vulnerability allows a remote attacker ...

CVE-2024-47065 Traceroute_APP responses are not rate-limited.

Meshtastic is an open source mesh networking solution. Prior to 2.5.1, traceroute responses from the remote node are not rate limited. Given that there are SNR measurements attributed to each received transmission, this is a guaranteed way to get a remote station to reliably and continuously...

CVE-2024-47065

CVE-2024-47065 affects Meshtastic before version 2.5.1, where traceroute responses from remote nodes were not rate limited. This allows rapid, repeated responses (approximately 100 samples in ~2 minutes) and can enable a 2:1 reflected DoS, with positional confidentiality concerns highlighted as a...

TencentOS Server 3: traceroute (TSSA-2024:0213)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0213 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

CVE-2023-51719

This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Traceroute parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web...

CVE-1999-0525

IP traceroute is allowed from arbitrary hosts...

The vulnerability of the traceroute utility in the microprogramming system of the RUGGEDCOM ROX routing and switching platform for models MX (MX5000, MX5000RE) and RX (RX1400, RX1501, RX1510, RX1511, RX1512, RX1524, RX1536, and RX5000) allows a hacker to execute arbitrary code.

The vulnerability of the traceroute utility in the microprogramming-based routing and switching platform RUGGEDCOM ROX for series MX MX5000, MX5000RE and RX RX1400, RX1501, RX1510, RX1511, RX1512, RX1524, RX1536, and RX5000 lies in the absence of a mechanism to verify input data on the server sid...

RockyLinux 9 : traceroute (RLSA-2024:2483)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:2483 advisory. traceroute: improper command line parsing CVE-2023-46316 Tenable has extracted the preceding description block directly from the RockyLinux security advisory. Not...

RHEL 8 : traceroute (RHSA-2025:0823)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:0823 advisory. The traceroute utility displays the route used by IP packets on their way to a specified network or Internet host. Security Fixes: traceroute: improp...

Advisory ROSA-SA-2025-2592

software: traceroute 2.1.5 WASP: ROSA-CHROME packageevrstring: traceroute-2.1.5-1 CVE-ID: CVE-2023-46316 BDU-ID: 2023-07542 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the buc Traceroute utility is related to improper handling of lines of code. Exploitation of the vulnerability could allow ...