28 matches found
EUVD-2025-6002
Malicious code in bioql PyPI...
EUVD-2025-24632
Malicious code in bioql PyPI...
CVE-2025-43982
Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices enable the SSH service by default. There is a hidden hard-coded root account that cannot be disabled in the GUI...
CVE-2025-43982
Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices enable the SSH service by default. There is a hidden hard-coded root account that cannot be disabled in the GUI...
CVE-2025-43989
The /goform/formJsonAjaxReq POST endpoint of Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices mishandles the settimesetting action with the ntpserver0 parameter, which is used in a system command. By setting a username=admin cookie bypassing normal session checks, an...
Tuoshi NR500-EA 安全漏洞
Tuoshi NR500-EA is a wireless router from Tuoshi China. A security vulnerability exists in Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43, which stems from the default enablement of SSH service and the presence of a hard-coded root account...
Tuoshi NR500-EA 安全漏洞
Tuoshi NR500-EA is a wireless router from Tuoshi China. A security vulnerability exists in the Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43, which stems from the incorrect operation of the parameter ntpserver0 in the settimesetting operation could lead to the execution of arbitrary commands...
CVE-2025-43989
CVE-2025-43989 affects Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLIC firmware 3.4.2731.16.43. The /goform/formJsonAjaxReq POST endpoint mishandles set_timesetting with ntpserver0; setting a username=admin cookie bypasses session checks and allows an unauthenticated attacker to execute arbitrary OS ...
CVE-2025-43982
Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices enable the SSH service by default. There is a hidden hard-coded root account that cannot be disabled in the GUI...
PT-2025-33067 · Unknown · Shenzhen Tuoshi Nr500-Ea +1
Name of the Vulnerable Software and Affected Versions: Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLIC version 3.4.2731.16.43 Description: Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLIC devices enable the SSH service by default. A hidden, hard-coded root account exists that cannot be disabled through th...
VulnCheck KEV: CVE-2024-53944
An issue was discovered on Tuoshi/Dionlink LT15D 4G Wi-Fi devices through M7628NNxlSPv2xUIv1.0.1802.10.08P4 and LT21B devices through M7628xUSAxUIv2v1.0.1481.15.02P0. A unauthenticated remote attacker with network access can exploit a command injection vulnerability. The /goform/formJsonAjaxReq...
CVE-2024-48440
Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router NR500-EA RG500UEAABxCOMSLICv3.2.2543.12.18 was discovered to contain a command injection vulnerability via the component atcommand.asp...
CVE-2024-48442
Incorrect access control in Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router NR500-EA RG500UEAABxCOMSLICv3.2.2543.12.18 allows attackers to access the SSH protocol without authentication...
CVE-2024-53944
An issue was discovered on Tuoshi/Dionlink LT15D 4G Wi-Fi devices through M7628NNxlSPv2xUIv1.0.1802.10.08P4 and LT21B devices through M7628xUSAxUIv2v1.0.1481.15.02P0. A unauthenticated remote attacker with network access can exploit a command injection vulnerability. The /goform/formJsonAjaxReq...
CVE-2024-53944
An issue was discovered on Tuoshi/Dionlink LT15D 4G Wi-Fi devices through M7628NNxlSPv2xUIv1.0.1802.10.08P4 and LT21B devices through M7628xUSAxUIv2v1.0.1481.15.02P0. A unauthenticated remote attacker with network access can exploit a command injection vulnerability. The /goform/formJsonAjaxReq...
CVE-2024-53944
An issue was discovered on Tuoshi/Dionlink LT15D 4G Wi-Fi devices through M7628NNxlSPv2xUIv1.0.1802.10.08P4 and LT21B devices through M7628xUSAxUIv2v1.0.1481.15.02P0. A unauthenticated remote attacker with network access can exploit a command injection vulnerability. The /goform/formJsonAjaxReq...
PT-2025-8982
Name of the Vulnerable Software and Affected Versions Tuoshi/Dionlink LT15D 4G Wi-Fi devices version M7628NNxlSPv2xUI v1.0.1802.10.08 P4 Tuoshi/Dionlink LT21B devices version M7628xUSAxUIv2 v1.0.1481.15.02 P0 Description An issue allows a remote attacker with network access to exploit a command...
Tuoshi LT15D 安全漏洞
Tuoshi LT15D is a wireless router from China's Tuoshi Tuoshi. A security vulnerability exists in the Tuoshi LT15D that originates from the /goform/formJsonAjaxReq endpoint that does not clean up shell metacharacters, allowing an unauthenticated, remote attacker to execute arbitrary OS commands...
CVE-2024-53944
CVE-2024-53944 affects Tuoshi/Dionlink LT15D 4G and LT21B devices (M7628NNxlSPv2xUI_v1.0.1802.10.08_P4 and M7628xUSAxUIv2_v1.0.1481.15.02_P0). The issue is a command injection via /goform/formJsonAjaxReq where JSON parameters aren’t sanitized, allowing unauthenticated network‑remote attackers to ...
CVE-2024-48440
Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router NR500-EA RG500UEAABxCOMSLICv3.2.2543.12.18 was discovered to contain a command injection vulnerability via the component atcommand.asp...