Total
3141 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-1419 | 1 Dlink | 2 Dcs-700l, Dcs-700l Firmware | 2026-04-29 | 5.8 MEDIUM | 4.7 MEDIUM |
| A weakness has been identified in D-Link DCS700l 1.03.09. Affected is an unknown function of the file /setDayNightMode of the component Web Form Handler. Executing a manipulation of the argument LightSensorControl can lead to command injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. | |||||
| CVE-2025-9149 | 1 Wavlink | 2 Wl-nu516u1, Wl-nu516u1 Firmware | 2026-04-29 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was determined in Wavlink WL-NU516U1 M16U1_V240425. This impacts the function sub_4032E4 of the file /cgi-bin/wireless.cgi. This manipulation of the argument Guest_ssid causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2026-1412 | 1 Sangfor | 1 Operation And Maintenance Security Management System | 2026-04-29 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability has been found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. The impacted element is an unknown function of the file /fort/audit/get_clip_img of the component HTTP POST Request Handler. Such manipulation of the argument frame/dirno leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2026-4210 | 1 Dlink | 40 Dnr-202l, Dnr-202l Firmware, Dnr-326 and 37 more | 2026-04-29 | 6.5 MEDIUM | 6.3 MEDIUM |
| A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected by this vulnerability is the function cgi_tm_set_share of the file /cgi-bin/time_machine.cgi. The manipulation of the argument Name results in command injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. | |||||
| CVE-2026-3661 | 1 Wavlink | 2 Wl-nu516u1, Wl-nu516u1 Firmware | 2026-04-29 | 5.8 MEDIUM | 4.7 MEDIUM |
| A flaw has been found in Wavlink WL-NU516U1 240425. This affects the function ota_new_upgrade of the file /cgi-bin/adm.cgi. This manipulation of the argument model causes command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure. | |||||
| CVE-2025-13442 | 1 Utt | 2 750w, 750w Firmware | 2026-04-29 | 7.5 HIGH | 7.3 HIGH |
| A security vulnerability has been detected in UTT 进取 750W up to 3.2.2-191225. Affected by this vulnerability is the function system of the file /goform/formPdbUpConfig. Such manipulation of the argument policyNames leads to command injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-11096 | 1 Dlink | 2 Dir-823x, Dir-823x Firmware | 2026-04-29 | 6.5 MEDIUM | 6.3 MEDIUM |
| A flaw has been found in D-Link DIR-823X 250416. This issue affects some unknown processing of the file /goform/diag_traceroute. Executing manipulation of the argument target_addr can lead to command injection. The attack can be executed remotely. The exploit has been published and may be used. | |||||
| CVE-2026-4228 | 1 Lb-link | 2 Bl-wr9000, Bl-wr9000 Firmware | 2026-04-29 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was detected in LB-LINK BL-WR9000 2.4.9. This affects the function sub_458754 of the file /goform/set_wifi. The manipulation results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-7952 | 1 Totolink | 2 T6, T6 Firmware | 2026-04-29 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical was found in TOTOLINK T6 4.1.5cu.748. This vulnerability affects the function ckeckKeepAlive of the file wireless.so of the component MQTT Packet Handler. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-8830 | 1 Linksys | 12 Re6250, Re6250 Firmware, Re6300 and 9 more | 2026-04-29 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this issue is the function sub_3517C of the file /goform/setWan. The manipulation of the argument Hostname leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-15081 | 2026-04-29 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability has been found in JD Cloud BE6500 4.4.1.r4308. This issue affects the function sub_4780 of the file /jdcapi. Such manipulation of the argument ddns_name leads to command injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-14225 | 1 Dlink | 2 Dcs-930l, Dcs-930l Firmware | 2026-04-29 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was determined in D-Link DCS-930L 1.15.04. This affects an unknown part of the file /setSystemAdmin of the component alphapd. Executing manipulation of the argument AdminID can lead to command injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2026-7203 | 2026-04-28 | 10.0 HIGH | 9.8 CRITICAL | ||
| A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument enable results in os command injection. The attack can be launched remotely. The exploit has been made public and could be used. | |||||
| CVE-2026-7154 | 2026-04-28 | 10.0 HIGH | 9.8 CRITICAL | ||
| A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setAdvancedInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument tty_server can lead to os command injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. | |||||
| CVE-2026-7156 | 2026-04-28 | 10.0 HIGH | 9.8 CRITICAL | ||
| A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function CsteSystem of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument HTTP results in os command injection. The attack may be launched remotely. The exploit is now public and may be used. | |||||
| CVE-2026-7202 | 2026-04-28 | 10.0 HIGH | 9.8 CRITICAL | ||
| A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setWiFiWpsStart of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument wscDisabled leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2026-7204 | 2026-04-28 | 10.0 HIGH | 9.8 CRITICAL | ||
| A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setPptpServerCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument enable causes os command injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2026-7155 | 2026-04-28 | 10.0 HIGH | 9.8 CRITICAL | ||
| A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. This impacts the function setLoginPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument admpass leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2026-7241 | 2026-04-28 | 10.0 HIGH | 9.8 CRITICAL | ||
| A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument wifiOff results in os command injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used. | |||||
| CVE-2026-7243 | 2026-04-28 | 10.0 HIGH | 9.8 CRITICAL | ||
| A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument maxRtrAdvInterval leads to os command injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. | |||||