CVE-2025-15258

A weakness has been identified in Edimax BR-6208AC 1.02/1.03. Affected by this issue is the function formALGSetup of the file /goform/formALGSetup of the component Web-based Configuration Interface. This manipulation of the argument wlan-url causes open redirect. The attack is possible to be...

CVE-2025-15258 Edimax BR-6208AC Web-based Configuration formALGSetup redirect

A weakness has been identified in Edimax BR-6208AC 1.02/1.03. Affected by this issue is the function formALGSetup of the file /goform/formALGSetup of the component Web-based Configuration Interface. This manipulation of the argument wlan-url causes open redirect. The attack is possible to be...

CVE-2025-15257

A security flaw has been discovered in Edimax BR-6208AC 1.02/1.03. Affected by this vulnerability is the function formRoute of the file /gogorm/formRoute of the component Web-based Configuration Interface. The manipulation of the argument strIp/strMask/strGateway results in command injection. The...

CVE-2025-15257

A security flaw has been discovered in Edimax BR-6208AC 1.02/1.03. Affected by this vulnerability is the function formRoute of the file /gogorm/formRoute of the component Web-based Configuration Interface. The manipulation of the argument strIp/strMask/strGateway results in command injection. The...

CVE-2025-15257

Edimax BR-6208AC (versions 1.02–1.03) Web-based Configuration Interface has a command-injection flaw in the formRoute function located at /gogorm/formRoute. Manipulating the strIp, strMask, or strGateway parameters enables remote code execution. The exploit is publicly available. Edimax states th...

CVE-2025-15256 Edimax BR-6208AC Web-based Configuration formStaDrvSetup command injection

A vulnerability was identified in Edimax BR-6208AC 1.02/1.03. Affected is the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component Web-based Configuration Interface. The manipulation of the argument rootAPmac leads to command injection. Remote exploitation of the attack i...

Edimax BR-6208AC 命令注入漏洞

The Edimax BR-6208AC is a wireless router from Taiwan, China-based Xunzhou Edimax Corporation. A command injection vulnerability exists in Edimax BR-6208AC version 1.02 and 1.03, which originates from incorrect manipulation of the file /gogorm/formRoute parameter strIp/strMask/strGateway in the...

Edimax BR-6208AC 安全漏洞

The Edimax BR-6208AC is a wireless router from Taiwan, China-based Xunzhou Edimax Corporation. A security vulnerability exists in the Edimax BR-6208AC version 1.02 and 1.03, which originates from an incorrect operation of the rootAPmac parameter of the file /goform/formStaDrvSetup in the componen...

PT-2025-54198

Name of the Vulnerable Software and Affected Versions Edimax BR-6208AC versions 1.02 through 1.03 Description A security flaw exists in the Web-based Configuration Interface component of Edimax BR-6208AC. The formRoute function within the /gogorm/formRoute file is susceptible to command injection...

CVE-2025-67013

The web management interface in ETL Systems Ltd DEXTRA Series ' Digital L-Band Distribution System v1.8 does not implement Cross-Site Request Forgery CSRF protection mechanisms no tokens, no Origin/Referer validation on critical configuration endpoints...

CVE-2025-67013

The web management interface in ETL Systems Ltd DEXTRA Series ' Digital L-Band Distribution System v1.8 does not implement Cross-Site Request Forgery CSRF protection mechanisms no tokens, no Origin/Referer validation on critical configuration endpoints...

EUVD-2025-205447

The web management interface in ETL Systems Ltd DEXTRA Series ' Digital L-Band Distribution System v1.8 does not implement Cross-Site Request Forgery CSRF protection mechanisms no tokens, no Origin/Referer validation on critical configuration endpoints...

CVE-2025-67013

The CVE-2025-67013 entry concerns ETL Systems Ltd DEXTRA Series Digital L-Band Distribution System v1.8. The web management interface does not implement CSRF protections (no tokens, no Origin/Referer validation) on critical configuration endpoints, per Red Hat and NVD entries. Affected component:...

EUVD-2025-205382

A vulnerability was found in TOZED ZLT M30s up to 1.47. Impacted is an unknown function of the file /reqproc/procpost of the component Web Management Interface. Performing manipulation of the argument goformId results in information disclosure. It is possible to initiate the attack remotely. The...

TOZED ZLT M30S 访问控制错误漏洞

TOZED ZLT M30S is a mobile WiFi router from China's Tongze Kangwei TOZED. An access control error vulnerability exists in TOZED ZLT M30S version 1.47 and earlier, which stems from incorrect manipulation of the parameter goformId in the Web Management Interface component file /reqproc/procpost,...

CVE-2019-25242

The CVE covers FaceSentry Access Control System version 6.4.8, where a cross-site request forgery (CSRF) vulnerability enables an attacker to perform administrative actions without user consent by persuading an authenticated user to load a crafted page. The vulnerability targets the web interface...

CVE-2019-25242 FaceSentry Access Control System 6.4.8 Cross-Site Request Forgery via Web Interface

FaceSentry Access Control System 6.4.8 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change administrator passwords, add new admin users, or open access control doors by...

CVE-2019-25242 FaceSentry Access Control System 6.4.8 Cross-Site Request Forgery via Web Interface

FaceSentry Access Control System 6.4.8 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change administrator passwords, add new admin users, or open access control doors by...

CVE-2018-25149 Microhard Systems IPn4G 1.1.0 Cross-Site Request Forgery via Web Interface

Microhard Systems IPn4G 1.1.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change admin passwords, add new users, and modify system settings by tricking authenticated...

Media Player MP-01 vulnerable to Missing Authentication for Critical Function

Overview NEC branded Media Player MP-01 manufactured by Sharp Display Solutions, Ltd. contains the following vulnerability. Missing Authentication for Critical Function CWE-306 - CVE-2025-12049 Souvik Kandar of MicroSec microsec.io discovered and reported the vulnerability to the developer and...