CVE-2026-8190

The CVE-2026-8190 issue affects Wavlink NU516U1 M16U1_V240425, where the wan function in /cgi-bin/adm.cgi processes arguments ppp_username/ppp_passwd/rwan_ip/rwan_mask/rwan_gateway in a way that enables OS command injection. Remote exploitation is possible, and an exploit has been publicly disclo...

EUVD-2024-38944

Malicious code in bioql PyPI...

EUVD-2024-38942

Malicious code in bioql PyPI...

CVE-2025-37124

A vulnerability in the HPE Aruba Networking SD-WAN Gateways could allow an unauthenticated remote attacker to bypass firewall protections. Successful exploitation could allow an attacker to route potentially harmful traffic through the internal network, leading to unauthorized access or disruptio...

CVE-2025-37126

A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN Gateways Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute arbitrary commands as...

CVE-2025-37126

A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN Gateways Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute arbitrary commands as...

CVE-2025-37123

CVE-2025-37123 affects HPE Aruba Networking EdgeConnect SD-WAN Gateways (CLI and Web API). The issue is described as authenticated privilege escalation via the command-line interface, allowing an attacker to run arbitrary commands with root privileges on the underlying OS. Connected sources corro...

CVE-2025-37123 Authenticated Command Injection leads to Unauthorized Actions in CLI Interface

A vulnerability in the command-line interface of HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to escalate privileges. Successful exploitation of this vulnerability may enable the attacker to execute arbitrary system commands with root privileges on...

HPE Aruba Networking EdgeConnect SD-WAN Gateways 安全漏洞

HPE Aruba Networking EdgeConnect SD-WAN Gateways is an edge gateway appliance from HPE America. A security vulnerability exists in HPE Aruba Networking EdgeConnect SD-WAN Gateways that stems from improper privilege management of the command line interface, which could lead to elevation of privile...

Belkin F9K1122 Command Injection Vulnerability

The Belkin F9K1122 is a WiFi signal extender. The Belkin F9K1122 suffers from a command injection vulnerability that originates from the incorrect operation of the parameters wanipaddr/wannetmask/wangateway/wlssid in the file /goform/formBSSetSitesurvey. An attacker can exploit this vulnerability...

Belkin F9K1122 命令注入漏洞

The Belkin F9K1122 is a WiFi signal extender. The Belkin F9K1122 suffers from a command injection vulnerability that originates from the incorrect operation of the parameters wanipaddr/wannetmask/wangateway/wlssid in the file /goform/formBSSetSitesurvey. An attacker can exploit this vulnerability...

CVE-2024-52021

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wangateway parameter at bswfix.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request...

CVE-2024-52020

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wangateway parameter at wizfix2.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request...

CVE-2024-52019

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wangateway parameter at geniefix2.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request...

CVE-2024-51021

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a command injection vulnerability via the wangateway parameter at geniefix2.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request...

CVE-2024-51009

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wangateway parameter at ether.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request...

NETGEAR R8500 安全漏洞

The NETGEAR R8500 is a wireless router from NETGEAR. A command injection vulnerability exists in the NETGEAR R8500 v1.0.2.160, which stems from the wangateway parameter in the ether.cgi component failing to correctly filter constructed command special characters, commands, and so on. An attacker...

PT-2024-8269 · NetGear · Netgear R8500

Name of the Vulnerable Software and Affected Versions: Netgear R8500 version 1.0.2.160 Description: The issue is related to a command injection vulnerability in the wan gateway parameter at the bsw fix.cgi endpoint. This vulnerability allows attackers to execute arbitrary OS commands via a crafte...

NETGEAR XR300、NETGEAR R7000P和NETGEAR R6400v2 安全漏洞

NETGEAR R6400v2 and others are products of NETGEAR USA.NETGEAR R6400v2 is a router.NETGEAR R7000P is a wireless router.NETGEAR XR300 is a wireless router. A security vulnerability exists in NETGEAR XR300 version v1.0.3.78, R7000P version v1.3.3.154, and R6400v2 version 1.0.4.128, which stems from...

NETGEAR R8500 安全漏洞

The NETGEAR R8500 is a wireless router from NETGEAR. A command injection vulnerability exists in the NETGEAR R8500 v1.0.2.160, which stems from the wangateway parameter in the bswfix.cgi component failing to correctly filter constructed command special characters, commands, and so on. An attacker...