CVE-2026-31168

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the recHour parameter to /cgi-bin/cstecgi.cgi...

Metasploit Wrap-Up 04/03/2026

Additional Adapters and More Modules This week, we added a whole new bunch of HTTP/HTTPS-based CMD payloads for X64 and X86 versions of Windows. The additional breadth of selectable payloads and delivery techniques allows users new options to tailor the attack workflow for their environment. This...

CVE-2025-43876 iSTAR Ultra, Ultra SE, Ultra G2, Ultra G2 SE, iSTAR Edge G2 - Authenticated web application command injection - get8021xSettings

Under certain circumstances a successful exploitation could result in access to the device...

CVE-2025-43875

CVE-2025-43875 is associated with Johnson Controls iSTAR product family (iSTAR Ultra, Ultra SE, Ultra G2, Ultra G2 SE, and iSTAR Edge G2). Connected records describe an authenticated web application command injection labeled as getOptionsInfo, indicating a web-application vector that could lead t...

CVE-2025-43873

Johnson Controls iSTAR Ultra/Ultra SE/Ultra LT (versions prior to 6.9.7.CU01) and Ultra G2/Edge G2 (prior to 6.9.3) are affected by an OS Command Injection vulnerability in the web application that could allow an attacker to modify firmware and gain full device control. Root cause: authenticated ...

CVE-2025-43873 iSTAR Ultra, Ultra SE, Ultra G2, Ultra G2 SE, iSTAR Edge G2 - Authenticated web application command injection - setFaultDebounce

Successful exploitation of these vulnerabilities could allow an attacker to modify firmware and gain full access to the device...

BIT-JENKINS-2025-67635

Jenkins 2.540 and earlier, LTS 2.528.2 and earlier does not properly close HTTP-based CLI connections when the connection stream becomes corrupted, allowing unauthenticated attackers to cause a denial of service...

jenkins -- multiple vulnerabilities

Jenkins Security Advisory: Description High SECURITY-3630 / CVE-2025-67635 Denial of service vulnerability in HTTP-based CLI Medium SECURITY-1809 / CVE-2025-67636 Missing permission check on password fields Medium SECURITY-783 / CVE-2025-67637 storage, CVE-2025-67638 masking Build authorization...

CVE-2024-53945

The CVE-2024-53945 entry concerns the KuWFi 4G AC900 LTE router (version 1.0.13). The vulnerability is a command injection in the HTTP API endpoints /goform/formMultiApnSetting and /goform/atCmd. An authenticated attacker can inject shell metacharacters into parameters such as pincode and cmds to...

TP-LINK TL-WR841N 操作系统命令注入漏洞

The TP-LINK TL-WR841N is a wireless router from China P&L TP-LINK. The TP-LINK TL-WR841N suffers from an operating system command injection vulnerability that originates from failure to properly validate a user-supplied string before executing a system call with it...

CVE-2022-29560

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions 2.15.1, RUGGEDCOM ROX MX5000RE All versions 2.15.1, RUGGEDCOM ROX RX1400 All versions 2.15.1, RUGGEDCOM ROX RX1500 All versions 2.15.1, RUGGEDCOM ROX RX1501 All versions 2.15.1, RUGGEDCOM ROX RX1510 All versions 2.15.1,...

VulnCheck KEV: CVE-2019-19824

On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI syscmd.htm is not available. This allows for full control over the device's internals. This affects A3002RU through...

PT-2020-6514 · D Link · D-Link Dap-2020

Name of the Vulnerable Software and Affected Versions: D-Link DAP-2020 version 1.01rc001 Description: The issue is related to the implementation of the WEB CmdFileList function in the D-Link DAP-2020 Wi-Fi access point's firmware, which fails to neutralize special elements used in operating syste...

CVE-2020-4222

IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175091...

Computrols CBAS Web Command Injection Vulnerability

CBAS Web is a Web-based building management system BMS from Computrols. Computrols CBAS Web suffers from a command injection vulnerability. An attacker could exploit this vulnerability to execute commands directly on the operating system...

AVM Fritz!Box Arbitrary Command Execution Vulnerability

AVM Fritz!Box is a router product from the German company AVM. The AVM Fritz!Box cgi-bin/webcm URI fails to adequately filter shell metacharacters in the 'var:lang' parameter, presenting an arbitrary command execution vulnerability that could be exploited by a remote attacker to submit a special...