15 matches found
CVE-2026-9151
An OS command injection vulnerability exists in the VPN module of TP-Link Archer AX12 v1, AX17 v1. AX18 v1, and AX1300 v1.6 routers. This vulnerability allows an adjacent, authenticated attacker to execute arbitrary commands on the device by importing a specially crafted VPN client configuration...
PT-2026-48516
Name of the Vulnerable Software and Affected Versions TP-Link Archer AX12 v1 TP-Link Archer AX17 v1 TP-Link Archer AX18 v1 TP-Link Archer AX1300 v1.6 Description An OS command injection issue exists in the VPN module. This occurs due to improper filtering of special characters, allowing an...
TOTOLINK A8000RU 操作系统命令注入漏洞
The TOTOLINK A8000RU is a wireless router from China's Gion Electronics TOTOLINK. The Totolink A8000RU version 7.1cu.643b20200521 suffers from an OS command injection vulnerability that originates from the operation of the parameter enabled of the function setOpenVpnCfg in the file...
CVE-2026-7288 D-Link DIR-825M formVpnConfigSetup sub_4151FC buffer overflow
A vulnerability has been found in D-Link DIR-825M 1.1.12. This vulnerability affects the function sub4151FC of the file /boafrm/formVpnConfigSetup. The manipulation of the argument submit-url leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed t...
PT-2026-35742
A vulnerability has been found in D-Link DIR-825M 1.1.12. This vulnerability affects the function sub 4151FC of the file /boafrm/formVpnConfigSetup. The manipulation of the argument submit-url leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed ...
PT-2026-31906
Name of the Vulnerable Software and Affected Versions Synology SSL VPN Client versions prior to 1.4.5-0684 Description A security issue exists in Synology SSL VPN Client that allows remote attackers to access or influence a user's PIN code due to insecure storage. This could lead to unauthorized...
CVE-2026-22229
A command injection vulnerability may be exploited after the admin's authentication via the import of a crafted VPN client configuration file on the TP-Link Archer BE230 v1.2 and Deco BE25 v1.0. Successful exploitation could allow an attacker to gain full administrative control of the device,...
CVE-2026-22229
A command injection vulnerability may be exploited after the admin's authentication via the import of a crafted VPN client configuration file on the TP-Link Archer BE230 v1.2 and Deco BE25 v1.0. Successful exploitation could allow an attacker to gain full administrative control of the device,...
CVE-2026-22229
CVE-2026-22229 (TP-Link Archer BE230 v1.2 and Deco BE25 v1.0) is a command-injection vulnerability exploitable after admin authentication via importing a crafted VPN client configuration file. A successful exploit could grant an attacker full administrative control, threatening configuration inte...
CVE-2026-22229 Command Injection Vulnerability on TP-Link Archer BE230 v1.2 and Deco BE25 v1.0
A command injection vulnerability may be exploited after the admin's authentication via the import of a crafted VPN client configuration file on the TP-Link Archer BE230 v1.2 and Deco BE25 v1.0. Successful exploitation could allow an attacker to gain full administrative control of the device,...
CVE-2025-13550
A vulnerability was determined in D-Link DIR-822K and DWR-M920 1.0020250513164613/1.1.50. Impacted is an unknown function of the file /boafrm/formVpnConfigSetup. Executing manipulation of the argument submit-url can lead to buffer overflow. The attack can be executed remotely. The exploit has bee...
CVE-2025-13550 D-Link DIR-822K/DWR-M920 formVpnConfigSetup buffer overflow
A vulnerability was determined in D-Link DIR-822K and DWR-M920 1.0020250513164613/1.1.50. Impacted is an unknown function of the file /boafrm/formVpnConfigSetup. Executing manipulation of the argument submit-url can lead to buffer overflow. The attack can be executed remotely. The exploit has bee...
CVE-2025-13550
CVE-2025-13550 affects D-Link DIR-822K and DWR-M920 (firmware 1.00_20250513164613 and 1.1.50). The vulnerability resides in the function handling the /boafrm/formVpnConfigSetup file, where manipulating the submit-url argument can cause a buffer overflow. Exploitation is remote, and a public explo...
PT-2025-47842
Name of the Vulnerable Software and Affected Versions D-Link DIR-822K versions 1.00 20250513164613 and 1.1.50 D-Link DWR-M920 versions 1.00 20250513164613 and 1.1.50 Description A buffer overflow issue exists in D-Link DIR-822K and DWR-M920 devices. The issue is due to the manipulation of the...
PT-2024-5080 · Siemens · Sinema Remote Connect Client
Name of the Vulnerable Software and Affected Versions: SINEMA Remote Connect Client versions prior to V3.2 HF1 Description: A vulnerability has been identified in the system service of affected applications, which is vulnerable to command injection due to missing server-side input sanitation when...