CVE-2026-8190

The CVE-2026-8190 issue affects Wavlink NU516U1 M16U1_V240425, where the wan function in /cgi-bin/adm.cgi processes arguments ppp_username/ppp_passwd/rwan_ip/rwan_mask/rwan_gateway in a way that enables OS command injection. Remote exploitation is possible, and an exploit has been publicly disclo...

EUVD-2024-38942

Malicious code in bioql PyPI...

EUVD-2024-38944

Malicious code in bioql PyPI...

CVE-2025-37124

A vulnerability in the HPE Aruba Networking SD-WAN Gateways could allow an unauthenticated remote attacker to bypass firewall protections. Successful exploitation could allow an attacker to route potentially harmful traffic through the internal network, leading to unauthorized access or disruptio...

CVE-2025-37126

A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN Gateways Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute arbitrary commands as...

CVE-2025-37126

A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN Gateways Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute arbitrary commands as...

CVE-2025-37123 Authenticated Command Injection leads to Unauthorized Actions in CLI Interface

A vulnerability in the command-line interface of HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to escalate privileges. Successful exploitation of this vulnerability may enable the attacker to execute arbitrary system commands with root privileges on...

CVE-2025-37123

CVE-2025-37123 affects HPE Aruba Networking EdgeConnect SD-WAN Gateways (CLI and Web API). The issue is described as authenticated privilege escalation via the command-line interface, allowing an attacker to run arbitrary commands with root privileges on the underlying OS. Connected sources corro...

HPE Aruba Networking EdgeConnect SD-WAN Gateways 安全漏洞

HPE Aruba Networking EdgeConnect SD-WAN Gateways is an edge gateway appliance from HPE America. A security vulnerability exists in HPE Aruba Networking EdgeConnect SD-WAN Gateways that stems from improper privilege management of the command line interface, which could lead to elevation of privile...

Belkin F9K1122 Command Injection Vulnerability

The Belkin F9K1122 is a WiFi signal extender. The Belkin F9K1122 suffers from a command injection vulnerability that originates from the incorrect operation of the parameters wanipaddr/wannetmask/wangateway/wlssid in the file /goform/formBSSetSitesurvey. An attacker can exploit this vulnerability...

Belkin F9K1122 命令注入漏洞

The Belkin F9K1122 is a WiFi signal extender. The Belkin F9K1122 suffers from a command injection vulnerability that originates from the incorrect operation of the parameters wanipaddr/wannetmask/wangateway/wlssid in the file /goform/formBSSetSitesurvey. An attacker can exploit this vulnerability...

The vulnerability in the genie_fix2.cgi microprogramming software for Netgear XR300, R7000P, and R6400 v2 allows a hacker to execute arbitrary commands.

The vulnerability of the geniefix2.cgi microprogramming software for Netgear XR300, R7000P, and R6400 v2 lies in the lack of measures taken to neutralize special elements used in the operating system’s commands when processing the wangateway parameter. Exploiting this vulnerability allows a remot...

CVE-2024-52021

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wangateway parameter at bswfix.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request...

CVE-2024-52019

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wangateway parameter at geniefix2.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request...

CVE-2024-52020

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wangateway parameter at wizfix2.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request...

CVE-2024-51021

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a command injection vulnerability via the wangateway parameter at geniefix2.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request...

CVE-2024-51009

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wangateway parameter at ether.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request...

NETGEAR R8500 安全漏洞

NETGEAR R8500 is a wireless router from NETGEAR. A security vulnerability exists in the NETGEAR R8500 version v1.0.2.160, which stems from the wangateway parameter in the wizfix2.cgi component containing a command injection vulnerability...

NETGEAR R8500 安全漏洞

The NETGEAR R8500 is a wireless router from NETGEAR. A command injection vulnerability exists in the NETGEAR R8500 v1.0.2.160, which stems from the wangateway parameter in the bswfix.cgi component failing to correctly filter constructed command special characters, commands, and so on. An attacker...

NETGEAR R8500 安全漏洞

The NETGEAR R8500 is a wireless router from NETGEAR. A command injection vulnerability exists in the NETGEAR R8500 v1.0.2.160, which stems from the wangateway parameter in the geniefix2.cgi component failing to correctly filter constructed command special characters, commands, and so on. An...