CVE-2026-12221

A vulnerability was found in Yealink SIP-T46U 108.86.0.118. This impacts the function sprintf of the file /api/upgrade/upgrade of the component Firmware Chunk Upload Handler. Performing a manipulation of the argument uid/startoffset results in stack-based buffer overflow. The attack needs to be...

CVE-2026-12187

A security vulnerability has been detected in GL.iNet GL-MT3000 up to 4.4.5. Affected by this vulnerability is an unknown functionality of the file /usr/bin/oneclickupgrade of the component Online Firmware Upgrade Handler. Such manipulation leads to command injection. The attack can be launched...

CVE-2026-28515

openDCIM version 23.04, through commit 4467e9c4, contains a missing authorization vulnerability in install.php and container-install.php. The installer and upgrade handler expose LDAP configuration functionality without enforcing application role checks. Any authenticated user can access this...

The vulnerability of the upgrade_handler() functions in the microprogramming software for Netgear WG302v2 and Netgear WAG302v2 allows a hacker to execute arbitrary commands.

The vulnerability of the upgradehandler function in Netgear WG302v2 and Netgear WAG302v2 routers lies in the lack of measures to neutralize special elements during the processing of parameters firmwareRestore and firmwareServerip. Exploiting this vulnerability allows a remote attacker to execute...

CVE-2023-38921

Netgear WG302v2 v5.2.9 and WAG302v2 v5.1.19 were discovered to contain multiple command injection vulnerabilities in the upgradehandler function via the firmwareRestore and firmwareServerip parameters...

CVE-2023-38921

Netgear WG302v2 v5.2.9 and WAG302v2 v5.1.19 were discovered to contain multiple command injection vulnerabilities in the upgradehandler function via the firmwareRestore and firmwareServerip parameters...

NETGEAR WG302 Command Injection Vulnerability

NETGEAR WG302 is a wireless access point from NETGEAR. A security vulnerability exists in the NETGEAR WG302v2 version v5.2.9, WAG302v2 version v5.1.19, which stems from the firmwareRestore and firmwareServerip parameters in the upgradehandler function containing multiple command injection...

PT-2023-4237 · NetGear · Netgear Wag302V2

Name of the Vulnerable Software and Affected Versions: Netgear WG302v2 version 5.2.9 Netgear WAG302v2 version 5.1.19 Description: The issue is related to command injection vulnerabilities in the upgrade handler function. These vulnerabilities can be exploited via the firmwareRestore and...

Indy Node 输入验证错误漏洞

Indy Node is the server part of a distributed ledger open-sourced by Hyperledger in the United States. Built specifically for decentralized identities. An input validation error vulnerability exists in versions of Indy Node prior to 1.12.4, which stems from a "pool-upgrade" request handler in...