CVE-2026-11339

A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub41CF20 of the file /boafrm/formUSSDSetup. The manipulation of the argument ussdValue results in command injection. It is possible to launch the attack remotely. The exploit is now public and may ...

CVE-2026-11339

A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub41CF20 of the file /boafrm/formUSSDSetup. The manipulation of the argument ussdValue results in command injection. It is possible to launch the attack remotely. The exploit is now public and may ...

CVE-2026-11339 D-Link DWR-M920 formUSSDSetup sub_41CF20 command injection

A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub41CF20 of the file /boafrm/formUSSDSetup. The manipulation of the argument ussdValue results in command injection. It is possible to launch the attack remotely. The exploit is now public and may ...

CVE-2026-11339 D-Link DWR-M920 formUSSDSetup sub_41CF20 command injection

A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub41CF20 of the file /boafrm/formUSSDSetup. The manipulation of the argument ussdValue results in command injection. It is possible to launch the attack remotely. The exploit is now public and may ...

EUVD-2026-34859

A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub41CF20 of the file /boafrm/formUSSDSetup. The manipulation of the argument ussdValue results in command injection. It is possible to launch the attack remotely. The exploit is now public and may ...

CVE-2026-11339

A vulnerability affects D-Link DWR-M920 firmware up to version 1.1.50 . The flaw is located in the function sub_41CF20 within the file /boafrm/formUSSDSetup ; manipulating the argument ussdValue enables command injection . It can be exploited remotely, and multiple sources note that the exploit i...

CVE-2026-35394

Mobile Next is an MCP server for mobile development and automation. Prior to 0.0.50, the mobileopenurl tool in mobile-mcp passes user-supplied URLs directly to Android's intent system without any scheme validation, allowing execution of arbitrary Android intents, including USSD codes, phone calls...

CVE-2026-35394

Mobile Next is an MCP server for mobile development and automation. Prior to 0.0.50, the mobileopenurl tool in mobile-mcp passes user-supplied URLs directly to Android's intent system without any scheme validation, allowing execution of arbitrary Android intents, including USSD codes, phone calls...

@mobilenext/mobile-mcp: Arbitrary Android Intent Execution via mobile_open_url

Summary The mobileopenurl tool in mobile-mcp passes user-supplied URLs directly to Android's intent system without any scheme validation, allowing execution of arbitrary Android intents, including USSD codes, phone calls, SMS messages, and content provider access. Details The vulnerable code pass...

GHSA-5QHV-X9J4-C3VM @mobilenext/mobile-mcp: Arbitrary Android Intent Execution via mobile_open_url

Summary The mobileopenurl tool in mobile-mcp passes user-supplied URLs directly to Android's intent system without any scheme validation, allowing execution of arbitrary Android intents, including USSD codes, phone calls, SMS messages, and content provider access. Details The vulnerable code pass...

PT-2026-30323

Summary The mobile open url tool in mobile-mcp passes user-supplied URLs directly to Android's intent system without any scheme validation, allowing execution of arbitrary Android intents, including USSD codes, phone calls, SMS messages, and content provider access. Details The vulnerable code...

EUVD-2025-208325

OpenCode Systems OC Messaging / USSD Gateway OC Release 6.32.2 contains a broken access control vulnerability in the web-based control panel allowing authenticated low-privileged attackers to gain to access to arbitrary SMS messages via a crafted company or tenant identifier parameter...

CVE-2025-70614

OpenCode Systems OC Messaging / USSD Gateway OC Release 6.32.2 contains a broken access control vulnerability in the web-based control panel allowing authenticated low-privileged attackers to gain to access to arbitrary SMS messages via a crafted company or tenant identifier parameter...

OpenCode Systems OC Messaging / USSD Gateway OC 安全漏洞

OpenCode Systems OC Messaging/USSD Gateway OC is a telecommunications operator messaging gateway system developed by OpenCode Company in the UK. Version 6.32.2 of OpenCode Systems OC Messaging/USSD Gateway OC contains a security vulnerability. This vulnerability stems from access control flaws in...

CVE-2025-70614

OpenCode Systems OC Messaging / USSD Gateway OC Release 6.32.2 contains a broken access control vulnerability in the web-based control panel allowing authenticated low-privileged attackers to gain to access to arbitrary SMS messages via a crafted company or tenant identifier parameter...

CVE-2025-70614

OpenCode Systems OC Messaging / USSD Gateway OC Release 6.32.2 contains a broken access control vulnerability in the web-based control panel allowing authenticated low-privileged attackers to gain to access to arbitrary SMS messages via a crafted company or tenant identifier parameter...

CVE-2025-70614

The CVE-2025-70614 entry applies to OpenCode Systems OC Messaging / USSD Gateway OC Release 6.32.2. The vulnerability is due to broken access control in the web-based control panel, allowing an authenticated low-privileged user to access arbitrary SMS messages by tampering with a company or tenan...

CVE-2026-2085

A security vulnerability has been detected in D-Link DWR-M921 1.1.50. Affected is the function sub419F20 of the file /boafrm/formUSSDSetup of the component USSD Configuration Endpoint. The manipulation of the argument ussdValue leads to command injection. The attack can be initiated remotely. The...

CVE-2026-2085 D-Link DWR-M921 USSD Configuration Endpoint formUSSDSetup sub_419F20 command injection

A security vulnerability has been detected in D-Link DWR-M921 1.1.50. Affected is the function sub419F20 of the file /boafrm/formUSSDSetup of the component USSD Configuration Endpoint. The manipulation of the argument ussdValue leads to command injection. The attack can be initiated remotely. The...

CVE-2026-2085 D-Link DWR-M921 USSD Configuration Endpoint formUSSDSetup sub_419F20 command injection

A security vulnerability has been detected in D-Link DWR-M921 1.1.50. Affected is the function sub419F20 of the file /boafrm/formUSSDSetup of the component USSD Configuration Endpoint. The manipulation of the argument ussdValue leads to command injection. The attack can be initiated remotely. The...