A command injection vulnerability has been identified in bwdpi. A remote, authenticated attacker could leverage this vulnerability to potentially execute arbitrary commands, leading to the device exec
A SQL injection vulnerability has been identified in bwdpi. A remote, authenticated attacker could leverage this vulnerability to potentially execute arbitrary SQL queries, leading to unauthorized dat
An OS command injection vulnerability in the web management interface of certain ASUS router models allows remote authenticated administrators to execute arbitrary system commands via a crafted parame
An unintended entry point vulnerability has been identified in certain router models, which may allow for arbitrary command execution.
Refer to the ' 01/02/2025 ASUS Router AiCloud vulnerability' sect
Multiple wireless router models from Sapido have an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server. The af
A vulnerability was detected in D-Link DIR-816 1.10CNB05_R1B011D88210. This affects the function portForward. Performing a manipulation of the argument ip_address results in command injection. The att
A vulnerability in the command line interface of affected devices could allow an authenticated remote attacker to conduct a command injection attack. Successful exploitation could allow an attacker to
An authenticated command injection vulnerability exists in the Archer BE450 v1 and BE7200 v1 router that allows an administrator to execute arbitrary system commands through the web management interfa
An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. Certain /cgi-bin/luci/admin endpoints are vulnerable to command injection. Attackers can
A command injection vulnerability may be exploited after the admin's authentication in the cloud communication interface on the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attack
A vulnerability was identified in D-Link DIR-600 up to 2.15WWb02. This vulnerability affects unknown code of the file ssdp.cgi. Such manipulation of the argument HTTP_ST/REMOTE_ADDR/REMOTE_PORT/SERVER
A remote code execution vulnerability exists in multiple Netcore and Netis routers models with firmware released prior to August 2014 due to the presence of an undocumented backdoor listener on UDP po
Blink routers BL-WR9000 V2.4.9, BL-AC1900 V1.0.2, BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 V1.0.5, BL-LTE300 V1.2.3, BL-F1200_AT1 V1.0.0, BL-X26_AC8 V1.2.8, BLAC450M_AE4 V4.0.0 and BL-X26_DA3 V1.2.7 were disc
An OS command injection vulnerability exists in various legacy D-Link routers—including DIR-300 rev B and DIR-600 (firmware ≤ 2.13 and ≤ 2.14b01, respectively)—due to improper input handling in the un
An unauthenticated command injection vulnerability exists in the Start_EPI function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The vulnerability occurs bec
Command injection vulnerability in Asus RT-N15U 3.0.0.4.376_3754 allows a remote attacker to execute arbitrary code via the netstat function page.
An OS command injection vulnerability exists in multiple D-Link routers (confirmed on DIR-300 rev A v1.05 and DIR-615 rev D v4.13) via the authenticated tools_vct.xgi CGI endpoint. The web interface f
A vulnerability was detected in D-Link DIR-860LB1 and DIR-868LB1 203b01/203b03. Affected is an unknown function of the component DHCP Daemon. The manipulation of the argument Hostname results in comma
A command injection vulnerability exists in the 'passwd' parameter of the PPPoE setup process on the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02). The input is passed directly to system-l
There is a command injection vulnerability that may allow an attacker to inject malicious input on the device's operating system.
Page 1+ Next →