CVE-2025-12942

Improper Input Validation vulnerability in NETGEAR R6260 and NETGEAR R6850 allows unauthenticated attackers connected to LAN with ability to perform MiTM attacks and control over DNS Server to perform command execution.This issue affects R6260: through 1.1.0.86; R6850: through 1.1.0.86...

PT-2025-46370

Name of the Vulnerable Software and Affected Versions NETGEAR R6260 versions through 1.1.0.86 NETGEAR R6850 versions through 1.1.0.86 Description A flaw exists in input validation within NETGEAR R6260 and R6850 devices. This allows unauthenticated attackers on the LAN to conduct Man-in-the-Middle...

EUVD-2018-7571

Malware in sbrugna...

EUVD-2022-28886

Malicious code in bioql PyPI...

CVE-2023-28760

TP-Link AX1800 WiFi 6 Router Archer AX21 devices allow unauthenticated attackers on the LAN to execute arbitrary code as root via the dbdir field to minidlnad. The attacker obtains the ability to modify files.db, and that can be used to reach a stack-based buffer overflow in...

Zyxel USG FLEX 操作系统命令注入漏洞

Zyxel USG FLEX is a firewall from China Hopkins Zyxel. It provides flexible VPN options IPsec, SSL or L2TP to provide flexible and secure remote access for remote work and management. A security vulnerability exists in the Zyxel USG FLEX that stems from a command injection in the Free Time WiFi...

PT-2023-3606 · Zyxel · Zyxel Usg Flex Series +4

Name of the Vulnerable Software and Affected Versions: Zyxel ATP series versions 5.10 through 5.36 Patch 2 Zyxel USG FLEX series versions 5.00 through 5.36 Patch 2 Zyxel USG FLEX 50W series versions 5.10 through 5.36 Patch 2 Zyxel USG20W-VPN series versions 5.10 through 5.36 Patch 2 Zyxel VPN...

D-Link DIR-878 Command Injection Vulnerability (CNVD-2022-38533)

The D-Link DIR-878 is a wireless router from D-Link, a Taiwan-based company. The D-Link DIR-878 is vulnerable to a command injection vulnerability that could be exploited by an unauthenticated LAN attacker to execute arbitrary system commands to control the system or interrupt services...

CVE-2022-23970

ASUS RT-AX56U’s updatejson function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another file with the same file name, which results in service disruption...

CVE-2022-25597

ASUS RT-AC86U’s LPD service has insufficient filtering for special characters in the user request, which allows an unauthenticated LAN attacker to perform command injection attack, execute arbitrary commands and disrupt or terminate service...

CVE-2022-23971

ASUS RT-AX56U’s updatePLC/PORT file has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another PLC/PORT file with the same file name, which results in service...

CVE-2022-25595

ASUS RT-AC86U has improper user request handling, which allows an unauthenticated LAN attacker to cause a denial of service by sending particular request a server-to-client reply attempt...

Path traversal

ASUS RT-AX56U’s updatejson function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another file with the same file name, which results in service disruption...

Path traversal

ASUS RT-AX56U’s updatePLC/PORT file has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another PLC/PORT file with the same file name, which results in service...

Command injection

ASUS RT-AC86U’s LPD service has insufficient filtering for special characters in the user request, which allows an unauthenticated LAN attacker to perform command injection attack, execute arbitrary commands and disrupt or terminate service...

CVE-2022-26670 D-Link DIR-878 - Command Injection

D-Link DIR-878 has inadequate filtering for special characters in the webpage input field. An unauthenticated LAN attacker can perform command injection attack to execute arbitrary system commands to control the system or disrupt service...

CVE-2022-25596 ASUS RT-AC86U - Heap-based buffer overflow

ASUS RT-AC56U’s configuration function has a heap-based buffer overflow vulnerability due to insufficient validation for the decryption parameter length, which allows an unauthenticated LAN attacker to execute arbitrary code, perform arbitrary operations and disrupt service...

CVE-2022-23971 ASUS RT-AX56U - Path Traversal

ASUS RT-AX56U’s updatePLC/PORT file has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another PLC/PORT file with the same file name, which results in service...

ASUS RT-AX56U Path Traversal Vulnerability

ASUS RT-AX56U is a wireless router from ASUS Taiwan, China.A path traversal vulnerability exists in ASUS RT-AX56U, which stems from the insufficient filtering of special characters in URL parameters by the login function of ASUS RT-AX56U, which could be exploited by an unauthenticated LAN attacke...

CVE-2018-15700

The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to a denial of service when an unauthenticated LAN user sends a crafted HTTP header containing an unexpected Referer field...