CVE-2024-58314

Atcom 100M IP Phones firmware version 2.7.x.x contains an authenticated command injection vulnerability in the web configuration CGI script that allows attackers to execute arbitrary system commands. Attackers can inject shell commands through the 'cmd' parameter in webcgimain.cgi, enabling remot...

CVE-2020-28899

The Web CGI Script on ZyXEL LTE4506-M606 V1.00ABDO.2C0 devices does not require authentication, which allows remote unauthenticated attackers via crafted JSON action data to /cgi-bin/gui.cgi to use all features provided by the router. Examples: change the router password, retrieve the Wi-Fi...

Endian Firewall Proxy Password Change Command Injection Exploit

This Metasploit module exploits an OS command injection vulnerability in a web-accessible CGI script used to change passwords for locally-defined proxy user accounts. Valid credentials for such an account are required. Command execution will be in the context of the "nobody" account, but this...

PT-2014-5616 · D Link · D-Link Dir-505 +1

Name of the Vulnerable Software and Affected Versions: D-Link DSP-W215 versions 1.01b06 and earlier D-Link DIR-505 versions prior to 1.08b10 D-Link DIR-505L versions 1.01 and earlier Description: The issue allows remote attackers to execute arbitrary code via a long Content-Length header in a...