CVE-2026-2548

A flaw has been found in WAYOS FBM-220G 24.10.19. This affects the function sub40F820 of the file rc. Executing a manipulation of the argument upnpwaniface/upnpssdpinterval/upnpmaxage can lead to command injection. The attack can be executed remotely. The vendor was contacted early about this...

EUVD-2026-6105

A flaw has been found in WAYOS FBM-220G 24.10.19. This affects the function sub40F820 of the file rc. Executing a manipulation of the argument upnpwaniface/upnpssdpinterval/upnpmaxage can lead to command injection. The attack can be executed remotely. The vendor was contacted early about this...

CVE-2026-2548

A flaw has been found in WAYOS FBM-220G 24.10.19. This affects the function sub40F820 of the file rc. Executing a manipulation of the argument upnpwaniface/upnpssdpinterval/upnpmaxage can lead to command injection. The attack can be executed remotely. The vendor was contacted early about this...

CVE-2026-2548

WAYOS FBM-220G (version 24.10.19) contains a flaw in the rc file affecting function sub_40F820. Per the CVE records, manipulating arguments (upnp_waniface, upnp_ssdp_interval, upnp_max_age) can lead to a remote command injection. Exploitation is described as remotely executable with a low attack ...

CVE-2026-2548 WAYOS FBM-220G rc sub_40F820 command injection

A flaw has been found in WAYOS FBM-220G 24.10.19. This affects the function sub40F820 of the file rc. Executing a manipulation of the argument upnpwaniface/upnpssdpinterval/upnpmaxage can lead to command injection. The attack can be executed remotely. The vendor was contacted early about this...

CVE-2026-2548 WAYOS FBM-220G rc sub_40F820 command injection

A flaw has been found in WAYOS FBM-220G 24.10.19. This affects the function sub40F820 of the file rc. Executing a manipulation of the argument upnpwaniface/upnpssdpinterval/upnpmaxage can lead to command injection. The attack can be executed remotely. The vendor was contacted early about this...

CVE-2026-2548

A flaw has been found in WAYOS FBM-220G 24.10.19. This affects the function sub40F820 of the file rc. Executing a manipulation of the argument upnpwaniface/upnpssdpinterval/upnpmaxage can lead to command injection. The attack can be executed remotely. The vendor was contacted early about this...

PT-2026-8322

Name of the Vulnerable Software and Affected Versions WAYOS FBM-220G version 24.10.19 Description A flaw exists in WAYOS FBM-220G version 24.10.19 related to command injection. Manipulation of the arguments upnp waniface, upnp ssdp interval, and upnp max age within the sub 40F820 function of the ...

WAYOS FBM-220G 安全漏洞

WAYOS FBM-220G is a network behavior management router developed by the Chinese company Wayos. Version 24.10.19 of WAYOS FBM-220G contains a security vulnerability. This vulnerability stems from improper handling of parameters upnpwaniface/upnpssdpinterval/upnpmaxage in the sub40F820 function in...

EUVD-2023-41668

Malicious code in bioql PyPI...

EUVD-2023-41667

Malicious code in bioql PyPI...

EUVD-2025-31388

Malicious code in bioql PyPI...

CVE-2025-11045

A vulnerability was identified in WAYOS LQ04, LQ05, LQ06, LQ07 and LQ09 22.03.17. This affects an unknown function of the file /usbpaswd.asp. The manipulation of the argument Name leads to command injection. The attack can be initiated remotely. The exploit is publicly available and might be used...

CVE-2025-11045

A vulnerability was identified in WAYOS LQ04, LQ05, LQ06, LQ07 and LQ09 22.03.17. This affects an unknown function of the file /usbpaswd.asp. The manipulation of the argument Name leads to command injection. The attack can be initiated remotely. The exploit is publicly available and might be used...

CVE-2025-11045 WAYOS LQ_04/LQ_05/LQ_06/LQ_07/LQ_09 usb_paswd.asp command injection

A vulnerability was identified in WAYOS LQ04, LQ05, LQ06, LQ07 and LQ09 22.03.17. This affects an unknown function of the file /usbpaswd.asp. The manipulation of the argument Name leads to command injection. The attack can be initiated remotely. The exploit is publicly available and might be used...

CVE-2025-11045

The CVE-2025-11045 entry concerns WAYOS LQ_04/LQ_05/LQ_06/LQ_07/LQ_09 (version 22.03.17) where the Name parameter in an unknown function of the /usb_paswd.asp file enables remote command injection. Affected products are WAYOS routers in the LQ series; the vulnerability’s root cause is improper ha...

CVE-2025-11045 WAYOS LQ_04/LQ_05/LQ_06/LQ_07/LQ_09 usb_paswd.asp command injection

A vulnerability was identified in WAYOS LQ04, LQ05, LQ06, LQ07 and LQ09 22.03.17. This affects an unknown function of the file /usbpaswd.asp. The manipulation of the argument Name leads to command injection. The attack can be initiated remotely. The exploit is publicly available and might be used...

WAYOS多款产品 命令注入漏洞

WAYOS LQ is a series of behavior management routers from China's WAYOS company. A command injection vulnerability exists in several WAYOS products. The vulnerability stems from incorrect manipulation of the parameter Name in the file /usbpaswd.asp, which could lead to remote command injection...

PT-2025-39689

Name of the Vulnerable Software and Affected Versions WAYOS versions 22.03.17 LQ 04, LQ 05, LQ 06, LQ 07, and LQ 09 Description A flaw exists in WAYOS that allows for command injection. This occurs due to the manipulation of the Name argument within an unknown function of the /usb paswd.asp file...

D-Link DI-7400G+ 安全漏洞

The D-Link DI-7400G+ is a router from China-based AUO D-Link. A security vulnerability exists in the D-Link DI-7400G+ that originates from a command injection in the parameter acmngsrvhost in mngplatform.asp and wayosacserver.asp...