73 matches found
CVE-2026-2548
A flaw has been found in WAYOS FBM-220G 24.10.19. This affects the function sub40F820 of the file rc. Executing a manipulation of the argument upnpwaniface/upnpssdpinterval/upnpmaxage can lead to command injection. The attack can be executed remotely. The vendor was contacted early about this...
EUVD-2026-6105
A flaw has been found in WAYOS FBM-220G 24.10.19. This affects the function sub40F820 of the file rc. Executing a manipulation of the argument upnpwaniface/upnpssdpinterval/upnpmaxage can lead to command injection. The attack can be executed remotely. The vendor was contacted early about this...
CVE-2026-2548
A flaw has been found in WAYOS FBM-220G 24.10.19. This affects the function sub40F820 of the file rc. Executing a manipulation of the argument upnpwaniface/upnpssdpinterval/upnpmaxage can lead to command injection. The attack can be executed remotely. The vendor was contacted early about this...
CVE-2026-2548 WAYOS FBM-220G rc sub_40F820 command injection
A flaw has been found in WAYOS FBM-220G 24.10.19. This affects the function sub40F820 of the file rc. Executing a manipulation of the argument upnpwaniface/upnpssdpinterval/upnpmaxage can lead to command injection. The attack can be executed remotely. The vendor was contacted early about this...
CVE-2026-2548 WAYOS FBM-220G rc sub_40F820 command injection
A flaw has been found in WAYOS FBM-220G 24.10.19. This affects the function sub40F820 of the file rc. Executing a manipulation of the argument upnpwaniface/upnpssdpinterval/upnpmaxage can lead to command injection. The attack can be executed remotely. The vendor was contacted early about this...
CVE-2026-2548
WAYOS FBM-220G (version 24.10.19) contains a flaw in the rc file affecting function sub_40F820. Per the CVE records, manipulating arguments (upnp_waniface, upnp_ssdp_interval, upnp_max_age) can lead to a remote command injection. Exploitation is described as remotely executable with a low attack ...
CVE-2026-2548
A flaw has been found in WAYOS FBM-220G 24.10.19. This affects the function sub40F820 of the file rc. Executing a manipulation of the argument upnpwaniface/upnpssdpinterval/upnpmaxage can lead to command injection. The attack can be executed remotely. The vendor was contacted early about this...
PT-2026-8322
Name of the Vulnerable Software and Affected Versions WAYOS FBM-220G version 24.10.19 Description A flaw exists in WAYOS FBM-220G version 24.10.19 related to command injection. Manipulation of the arguments upnp waniface, upnp ssdp interval, and upnp max age within the sub 40F820 function of the ...
WAYOS FBM-220G 安全漏洞
WAYOS FBM-220G is a network behavior management router developed by the Chinese company Wayos. Version 24.10.19 of WAYOS FBM-220G contains a security vulnerability. This vulnerability stems from improper handling of parameters upnpwaniface/upnpssdpinterval/upnpmaxage in the sub40F820 function in...
EUVD-2025-31388
Malicious code in bioql PyPI...
EUVD-2023-41667
Malicious code in bioql PyPI...
EUVD-2023-41668
Malicious code in bioql PyPI...
CVE-2025-11045
A vulnerability was identified in WAYOS LQ04, LQ05, LQ06, LQ07 and LQ09 22.03.17. This affects an unknown function of the file /usbpaswd.asp. The manipulation of the argument Name leads to command injection. The attack can be initiated remotely. The exploit is publicly available and might be used...
CVE-2025-11045
A vulnerability was identified in WAYOS LQ04, LQ05, LQ06, LQ07 and LQ09 22.03.17. This affects an unknown function of the file /usbpaswd.asp. The manipulation of the argument Name leads to command injection. The attack can be initiated remotely. The exploit is publicly available and might be used...
CVE-2025-11045 WAYOS LQ_04/LQ_05/LQ_06/LQ_07/LQ_09 usb_paswd.asp command injection
A vulnerability was identified in WAYOS LQ04, LQ05, LQ06, LQ07 and LQ09 22.03.17. This affects an unknown function of the file /usbpaswd.asp. The manipulation of the argument Name leads to command injection. The attack can be initiated remotely. The exploit is publicly available and might be used...
CVE-2025-11045
The CVE-2025-11045 entry concerns WAYOS LQ_04/LQ_05/LQ_06/LQ_07/LQ_09 (version 22.03.17) where the Name parameter in an unknown function of the /usb_paswd.asp file enables remote command injection. Affected products are WAYOS routers in the LQ series; the vulnerability’s root cause is improper ha...
CVE-2025-11045 WAYOS LQ_04/LQ_05/LQ_06/LQ_07/LQ_09 usb_paswd.asp command injection
A vulnerability was identified in WAYOS LQ04, LQ05, LQ06, LQ07 and LQ09 22.03.17. This affects an unknown function of the file /usbpaswd.asp. The manipulation of the argument Name leads to command injection. The attack can be initiated remotely. The exploit is publicly available and might be used...
PT-2025-39689
Name of the Vulnerable Software and Affected Versions WAYOS versions 22.03.17 LQ 04, LQ 05, LQ 06, LQ 07, and LQ 09 Description A flaw exists in WAYOS that allows for command injection. This occurs due to the manipulation of the Name argument within an unknown function of the /usb paswd.asp file...
WAYOS多款产品 命令注入漏洞
WAYOS LQ is a series of behavior management routers from China's WAYOS company. A command injection vulnerability exists in several WAYOS products. The vulnerability stems from incorrect manipulation of the parameter Name in the file /usbpaswd.asp, which could lead to remote command injection...
CVE-2025-57105
The DI-7400G+ router has a command injection vulnerability, which allows attackers to execute arbitrary commands on the device. The sub478D28 function in in mngplatform.asp, and sub4A12DC function in wayosacserver.asp of the jhttpd program, with the parameter acmngsrvhost...