OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows remote unauthenticated attackers to execute arbitrary operating system commands by manipulating the firewallType parameter sent to /cgi-bin/cstecgi.cgi. Publicly available exploit code exists, and the SSVC framework rates the technical impact as total with automatable exploitation, though it is not currently listed in CISA KEV. EPSS sits at 0.89% (76th percentile), suggesting moderate but not yet widespread opportunistic exploitation.
OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows remote unauthenticated attackers to execute arbitrary operating system commands via the 'enable' parameter of the setRemoteCfg function in /cgi-bin/cstecgi.cgi. Publicly available exploit code exists, raising the practical risk despite the device not being listed in CISA KEV; EPSS sits at 0.89% (76th percentile), reflecting moderate predicted exploitation likelihood.
OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows remote unauthenticated attackers to execute arbitrary operating system commands by manipulating the 'enable' parameter passed to the setGameSpeedCfg function in /cgi-bin/cstecgi.cgi. Publicly available exploit code exists, raising the practical threat despite a modest EPSS score of 0.89% (76th percentile). No active exploitation has been confirmed via CISA KEV at time of analysis.
OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows remote unauthenticated attackers to execute arbitrary shell commands by manipulating the 'provider' argument passed to the setDdnsCfg function in /cgi-bin/cstecgi.cgi. Publicly available exploit code exists (CVSS 4.0 base 8.9, EPSS 0.89%), and no CISA KEV listing has been issued, but the combination of zero-privilege network exploitation and a working PoC against consumer/SOHO networking gear makes this a high-priority issue for any exposed device.
OS command injection in the TOTOLINK A8000RU router (firmware 7.1cu.643_b20200521) allows remote unauthenticated attackers to execute arbitrary operating system commands by manipulating the 'mode' parameter sent to the setScheduleCfg function in /cgi-bin/cstecgi.cgi. Publicly available exploit code exists (published via VulDB and a GitHub PoC), though there is no public exploit identified as actively exploited in the wild and EPSS probability is modest at 0.89%. The flaw resides in the device's Web Management Interface and can be triggered over the network without user interaction, making any internet-exposed device immediately at risk.
OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows remote unauthenticated attackers to execute arbitrary operating system commands via the resetFlags parameter handled by the setUpgradeFW function in /cgi-bin/cstecgi.cgi. Publicly available exploit code exists, and the SSVC framework classifies exploitation as automatable with total technical impact, though EPSS remains modest at 0.89% (76th percentile).
OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows remote unauthenticated attackers to execute arbitrary operating system commands through the setLanguageCfg function in /cgi-bin/cstecgi.cgi. The flaw is triggered by manipulating the lang argument in the Web Management Interface, with publicly available exploit code existing and SSVC classifying the issue as automatable with total technical impact. EPSS sits at 0.89% (76th percentile), indicating moderate but non-trivial exploitation probability.
Remote OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows unauthenticated attackers to execute arbitrary operating system commands by manipulating the 'command' argument in the setTracerouteCfg function of /cgi-bin/cstecgi.cgi. Publicly available exploit code exists, and the CVSS 4.0 vector confirms network-reachable, low-complexity exploitation without authentication or user interaction, though EPSS remains modest at 0.89% (76th percentile) and the issue is not listed in CISA KEV.
OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows remote unauthenticated attackers to execute arbitrary operating system commands via the ip parameter handled by the setDiagnosisCfg function in /cgi-bin/cstecgi.cgi. Publicly available exploit code exists, and the CVSS 4.0 score of 8.9 reflects high impact across confidentiality, integrity, and availability. EPSS is moderate at 0.89% (76th percentile), and the vulnerability is not currently listed in CISA KEV.
Buffer overflow in the Tenda F456 router (firmware 1.0.0.5) allows remote attackers with low privileges to corrupt memory via the page parameter handled by the frmL7ImForm function exposed at /goform/L7Im. Publicly available exploit code exists, though EPSS rates near-term exploitation probability at only 0.05% (14th percentile) and the issue is not listed in CISA KEV.
Buffer overflow in Edimax EW-7438RPn WiFi range extender firmware up to version 1.31 enables authenticated remote attackers to execute arbitrary code via crafted POST requests to the wireless table management interface. The vulnerability affects the formWirelessTbl function when processing the submit-url parameter, with publicly available exploit code on GitHub demonstrating the attack method.
Buffer overflow in Edimax EW-7438RPn WiFi range extender firmware versions up to 1.31 enables authenticated remote attackers to execute arbitrary code by sending malformed parameters to the device configuration interface. The vulnerability affects the formWizSurvey function in /goform/formWizSurvey when processing ssid, manualssid, ip, mask, or gateway parameters, with publicly available exploit code existing on GitHub.
Stack/heap buffer overflow in the Edimax BR-6675nD 1.12 wireless router allows authenticated remote attackers to corrupt memory by sending a crafted POST request with an oversized selSSID parameter to /goform/formWlSiteSurvey, potentially achieving code execution on the device. Publicly available exploit code exists (disclosed by VulDB), and the vendor was contacted early but did not respond, leaving the device without an official fix. EPSS probability is low (0.04%, 13th percentile) and the issue is not listed in CISA KEV.
Buffer overflow in the Edimax BR-6675nD 1.12 wireless router's web management interface allows remote attackers with low-level credentials to corrupt memory via a crafted pppUserName parameter sent to the /goform/formWanTcpipSetup endpoint. Publicly available exploit code exists (disclosed via VulDB and a Notion writeup), and SSVC rates the technical impact as total, though EPSS remains very low at 0.04%. The vendor did not respond to coordinated disclosure, leaving affected devices without a confirmed fix.
Stack buffer overflow in the Edimax BR-6675nD 1.12 wireless router allows remote authenticated attackers to corrupt memory and achieve total compromise via a crafted pppUserName parameter sent to /goform/formsetPPPoE. Publicly available exploit code exists and the vendor did not respond to the disclosure, leaving deployed devices exposed without an official fix. EPSS exploitation probability is low (0.04%) despite the public POC, but SSVC rates technical impact as total.
Buffer overflow in the H3C Magic B0 router (firmware up to 100R002) allows authenticated remote attackers to corrupt memory via the param argument handled by the Edit_BasicSSID_5G function in /goform/aspForm, leading to high impact on confidentiality, integrity, and availability. Publicly available exploit code exists per VulDB, though EPSS remains very low (0.04%, 13th percentile) and the issue is not listed in CISA KEV, indicating no public exploit identified as actively used at time of analysis. The vendor was contacted but did not respond, increasing risk of an unpatched window for exposed devices.
Stack buffer overflow in the Edimax BR-6675nD 1.12 router's PPTP setup handler allows remote authenticated attackers to corrupt memory and potentially execute arbitrary code via an oversized pptpUserName POST parameter to /goform/formPPTPSetup. Publicly available exploit code exists (SSVC: PoC), though EPSS estimates exploitation probability at only 0.04% (13th percentile), reflecting the niche, end-of-life nature of the device. The vendor was notified prior to disclosure but did not respond, leaving affected units without an official fix.
Buffer overflow in the Edimax BR-6675nD 1.12 wireless router allows remote attackers to corrupt memory by sending a malicious pppUserName parameter to the /goform/formPPPoESetup endpoint. Publicly available exploit code exists, raising the risk of opportunistic targeting despite a low EPSS score of 0.04%, and the vendor has not responded to coordinated disclosure attempts.
Stack/heap buffer overflow in Edimax BR-6675nD 1.12 routers allows authenticated remote attackers to corrupt memory via an oversized L2TPUserName parameter sent to the /goform/formL2TPSetup endpoint, with publicly available exploit code exists. The vendor was notified early but has not responded, and no patch has been released, leaving deployed devices exposed. EPSS probability is low (0.04%, 13th percentile) but the combination of public POC, network reachability, and total technical impact (per SSVC) makes this a credible threat against unpatched edge devices.
Buffer overflow in Edimax EW-7438RPn Wi-Fi range extender firmware 1.28a enables authenticated remote attackers to execute arbitrary code via malformed POST requests to the wireless encryption configuration endpoint. The vulnerability requires low-privilege authentication and has publicly available exploit code. No vendor response or patch has been provided despite early disclosure attempts.
Stack-based buffer overflow in Edimax EW-7438RPn WiFi range extender firmware up to version 1.31 enables authenticated remote attackers to execute arbitrary code by sending malicious input to the /goform/mp endpoint in the web server component. Public exploit code exists on GitHub, though the vulnerability is not listed in CISA KEV. The vendor failed to respond to responsible disclosure attempts, leaving devices unpatched.
Stack-based buffer overflow in Edimax EW-7438RPn WiFi range extender firmware up to version 1.31 allows authenticated remote attackers to crash or execute code on the device by sending malicious input to the WPS configuration interface. The vulnerability occurs when processing the pinCode or wlan-url parameters in /goform/formWpsStart, with publicly available exploit code on GitHub demonstrating the attack.
Command injection in Prefect 3.6.18's GitHub integration allows authenticated users to execute arbitrary git commands through the unsanitized reference field. The GitHubRepository block concatenates user input directly into git clone commands, enabling attackers to inject malicious options that can lead to SSRF, credential theft, or remote code execution. While no active exploitation is confirmed, the straightforward attack vector and high impact make this a priority for organizations using Prefect's GitHub integration features.
Improper authorization in the OTA Update Installation Handler of Besen BS20 EV Charging Station versions up to 20260426 allows remote attackers to install spoofed firmware updates on affected charging stations. The flaw is network-reachable with no authentication required, but exploitation carries high attack complexity (CVSS 4.0 8.2), and publicly available exploit code exists via the original researcher disclosure on GitHub. EPSS rates exploitation probability at only 0.04% (12th percentile), and CISA SSVC flags exploitation status as 'none' despite the public proof-of-concept.
Remote code execution in HuggingFace Transformers prior to 5.3.0 allows attackers to achieve arbitrary code execution on a victim's machine by publishing a malicious model whose config.json sets the `_attn_implementation_internal` field to an attacker-controlled Hub repository. When the victim calls the standard `AutoModelForCausalLM.from_pretrained()` API, the library silently downloads and executes Python kernels from that repository with the victim's privileges, bypassing the `trust_remote_code` safety gate. No public exploit is identified at time of analysis (EPSS 0.03%, SSVC exploitation: none), but the technical impact is total and the attack uses the documented, default usage pattern.
Unauthenticated denial of service in GNU SASL before version 2.2.3 occurs through a NULL pointer dereference in the DIGEST-MD5 authentication mechanism. Remote attackers can crash both client and server applications by sending a malformed authentication token that lacks an equals sign character, causing the getsubopt.c parser to dereference a NULL pointer.
Wine ships a .desktop file that registers itself as a MIME handler for EXE files and several other Windows executable file types. In some configurations, handling of an EXE file causes that file to be blindly executed with the permissions of the invoker. This allows escaping Flatpak and Snap sandboxes, because MIME handlers are not intended for use by code interpreters and loaders. NOTE: some parties feel that this is not a bug to be addressed in Wine, because there is no known solution that avoids a severe loss of usability (Wine could be a binfmt-misc handler, but binfmt-misc does not exist on all platforms supported by Wine).