OS command injection in Totolink A8000RU router firmware 7.1cu.643_b20200521 allows remote unauthenticated attackers to execute arbitrary operating system commands by manipulating the 'enable' argument passed to the setL2tpServerCfg function in /cgi-bin/cstecgi.cgi. Publicly available exploit code exists (published on GitHub), though EPSS probability remains modest at 0.94% (76th percentile), and the issue is not currently listed in CISA KEV.
OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows remote unauthenticated attackers to execute arbitrary operating system commands via the 'enable' parameter of the setParentalRules function in /cgi-bin/cstecgi.cgi. Publicly available exploit code exists, and while the EPSS score of 0.89% (76th percentile) suggests moderate predicted exploitation likelihood, the network-accessible attack surface on an edge device elevates real-world risk significantly.
OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows remote unauthenticated attackers to execute arbitrary operating system commands by manipulating the 'mac' parameter sent to the setAccessDeviceCfg function in /cgi-bin/cstecgi.cgi. Publicly available exploit code exists, and SSVC rates the technical impact as total with automatable exploitation, though EPSS remains modest at 0.89% (76th percentile). No CISA KEV listing has been published at time of analysis.
OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows remote unauthenticated attackers to execute arbitrary operating system commands by manipulating the admpass parameter sent to the setPasswordCfg function in /cgi-bin/cstecgi.cgi. Publicly available exploit code exists and the flaw is reachable over the network without user interaction, though no public exploit identified at time of analysis indicates active in-the-wild abuse via CISA KEV.
OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows unauthenticated remote attackers to execute arbitrary operating system commands via the Comment parameter handled by the setIpQosRules function in /cgi-bin/cstecgi.cgi. Publicly available exploit code exists and the SSVC framework rates the technical impact as total with automatable exploitation, though no public exploit identified at time of analysis as actively exploited in the CISA KEV catalog. EPSS sits at 0.89% (76th percentile), suggesting moderate but non-trivial exploitation interest.
Remote OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows unauthenticated attackers to execute arbitrary operating system commands through the setWanCfg function in /cgi-bin/cstecgi.cgi by manipulating the 'enabled' parameter. Publicly available exploit code exists, and with CVSS 4.0 score of 8.9 (network-reachable, low complexity, no privileges required), exposed devices face high risk despite an EPSS score of 0.89% (76th percentile) indicating moderate near-term exploitation probability.
OS command injection in Totolink A8000RU router firmware 7.1cu.643_b20200521 allows remote unauthenticated attackers to execute arbitrary operating system commands by manipulating the FileName argument in the UploadFirmwareFile function of /cgi-bin/cstecgi.cgi. Publicly available exploit code exists per VulDB reporting, and SSVC rates this as automatable with total technical impact, though EPSS remains modest at 0.89% (76th percentile) indicating no broad mass-exploitation campaign yet observed.
Remote OS command injection in TOTOLINK A8000RU router firmware 7.1cu.643_b20200521 allows unauthenticated attackers to execute arbitrary commands via the setOpenVpnCfg function in /cgi-bin/cstecgi.cgi by manipulating the 'enabled' argument. Publicly available exploit code exists, raising the risk of opportunistic attacks against exposed devices, though EPSS scoring (0.89%, 76th percentile) suggests moderate but not yet widespread exploitation. The flaw stems from improper neutralization of OS command elements (CWE-78) in the router's Web Management Interface.
OS command injection in TOTOLINK A8000RU router firmware 7.1cu.643_b20200521 allows remote unauthenticated attackers to execute arbitrary operating system commands by manipulating the FileName parameter in the UploadOpenVpnCert function of /cgi-bin/cstecgi.cgi. Publicly available exploit code exists per VulDB disclosure, and SSVC scoring indicates the flaw is automatable with total technical impact, though EPSS remains modest at 0.89% (76th percentile). The vulnerability is no public exploit identified in CISA KEV, but POC availability combined with network-reachable management interface elevates real-world risk.
OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows remote unauthenticated attackers to execute arbitrary commands via the servername parameter of the setOpenVpnCertGenerationCfg function in /cgi-bin/cstecgi.cgi. Publicly available exploit code exists (GitHub PoC), and although the EPSS score is modest (0.89%, 76th percentile), the CVSS 4.0 score of 8.9 reflects network-reachable, no-privilege, no-interaction exploitation with high confidentiality, integrity, and availability impact. No CISA KEV listing has been recorded at the time of analysis.
OS command injection in Totolink A8000RU router firmware 7.1cu.643_b20200521 allows remote unauthenticated attackers to execute arbitrary operating system commands by manipulating the 'enable' parameter sent to the setQosCfg function of /cgi-bin/cstecgi.cgi in the Web Management Interface. Publicly available exploit code exists per VulDB submission, and the SSVC framework rates technical impact as total with automatable exploitation, though EPSS probability remains modest at 0.89%.
OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows unauthenticated remote attackers to execute arbitrary operating system commands by manipulating the wscDisabled parameter sent to the setWiFiWpsCfg function in /cgi-bin/cstecgi.cgi. Publicly available exploit code exists per VulDB disclosure, though EPSS probability remains modest at 0.89% (76th percentile) and the vulnerability is not listed in CISA KEV.
OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows remote unauthenticated attackers to execute arbitrary operating system commands by manipulating the 'enable' argument passed to the setMacFilterRules function in /cgi-bin/cstecgi.cgi. Publicly available exploit code exists per VulDB, and SSVC categorizes the technical impact as total with automatable exploitation, though EPSS remains modest at 0.89% (76th percentile).
OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows remote unauthenticated attackers to execute arbitrary operating system commands by manipulating the bgProtection parameter in the setWiFiAdvancedCfg function of /cgi-bin/cstecgi.cgi. Publicly available exploit code exists per VulDB, and SSVC classifies the issue as automatable with total technical impact, though EPSS exploitation probability remains modest at 0.89% (76th percentile).
OS command injection in the TOTOLINK A8000RU router (firmware 7.1cu.643_b20200521) allows remote unauthenticated attackers to execute arbitrary operating system commands by manipulating the 'enable' parameter passed to the setStaticDhcpRules function in /cgi-bin/cstecgi.cgi. Publicly available exploit code exists and SSVC rates this as automatable with total technical impact, though EPSS remains modest at 0.89% (76th percentile). Exploitation requires no authentication or user interaction, making any internet-exposed management interface a high-priority target.
Collectric CMU 1.0 contains a boolean-based blind SQL injection vulnerability in the lang parameter that allows unauthenticated attackers to manipulate database queries during authentication. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
mooSocial Store Plugin 2.6 contains a blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries through the product parameter in URL rewrite. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Twitter-Clone 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the name parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
MedDream PACS Server Premium 6.7.1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the email. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Twitter-Clone 1 contains a SQL injection vulnerability in follow.php that allows attackers to manipulate database queries by injecting SQL code through the userid parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Softneta MedDream PACS Server Premium 6.7.1.1 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the path parameter. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
PCViewer vt1000 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by submitting relative path sequences in GET requests. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Nord VPN 6.14.31 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting an excessively long string in the password field. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Flash Slideshow Maker Professional 5.20 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by exploiting structured exception. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Socusoft 3GP Photo Slideshow 8.05 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by exploiting structured exception. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
SocuSoft iPod Photo Slideshow 8.05 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by overwriting the structured exception. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
SocuSoft DVD Photo Slideshow Professional 8.07 contains a stack-based buffer overflow vulnerability in the registration name field that allows local attackers to execute arbitrary code by exploiting. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
CuteFTP 5.0 XP contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by injecting malicious payload into the Site Manager label field. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
AgataSoft Auto PingMaster 1.5 contains a stack-based buffer overflow vulnerability in the Trace Route host name field that allows local attackers to execute arbitrary code by triggering structured. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Splinterware System Scheduler Pro 5.12 contains an insecure file permissions vulnerability that allows low-privilege users to escalate privileges by modifying service executable files. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Stack-based buffer overflow in Tenda F1202 router firmware 1.2.0.20(408) allows authenticated remote attackers to corrupt memory via the opttype parameter in the fromPptpUserAdd function at /goform/PptpUserAdd, enabling potential arbitrary code execution with total impact on confidentiality, integrity, and availability. Publicly available exploit code exists (VulDB-referenced PoC on GitHub), though EPSS rates exploitation probability low at 0.05% and the issue is not on CISA KEV.
Stack-based buffer overflow in the Tenda F1202 router (firmware 1.2.0.20(408)) allows remote attackers to corrupt memory by sending a crafted 'dips' parameter to the formGstDhcpSetSer handler at /goform/GstDhcpSetSer. Publicly available exploit code exists (published via VulDB/GitHub), though EPSS rates real-world exploitation probability very low at 0.05%, and the issue is not listed in CISA KEV.
Stack-based buffer overflow in the Tenda F1202 router (firmware 1.2.0.20(408)) allows remote attackers to corrupt memory by sending a crafted 'delno' parameter to the /goform/WrlExtraSet endpoint handled by the formWrlExtraSet function. Publicly available exploit code exists, though EPSS predicts only a 0.05% exploitation probability (14th percentile), and SSVC classifies the technical impact as total despite the attack not being automatable.
Stack-based buffer overflow in the Tenda F1202 router firmware 1.2.0.20(408) allows authenticated remote attackers to corrupt memory via the delno parameter of the /goform/PPTPUserSetting endpoint handled by fromPPTPUserSetting. Publicly available exploit code exists per VulDB disclosure, though EPSS rates the exploitation probability at only 0.05% (14th percentile) and no public exploit identified at time of analysis appears in CISA KEV. Successful exploitation can compromise confidentiality, integrity, and availability of the device.
Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 wireless range extender allows remote attackers with low-privilege credentials to corrupt memory via a crafted submit-url parameter sent to the formSDHCP handler at /goform/formSDHCP. Publicly available exploit code exists (disclosed via VulDB and a GitHub PoC), but EPSS is only 0.04% and the vendor has not responded to coordinated disclosure, leaving the device unpatched.
Stack-based buffer overflow in the Edimax EW-7438RPn Wi-Fi range extender (firmware 1.31) allows remote authenticated attackers to corrupt memory by submitting an oversized 'submit-url' argument to the formStats handler at /goform/formStats. Publicly available exploit code exists (VulDB-published PoC on GitHub), though EPSS estimates exploitation probability at only 0.04%. The vendor was notified but has not responded, leaving deployed devices without an official fix.
Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 Wi-Fi range extender allows remote attackers with low privileges to corrupt memory via the submit-url parameter handled by the formrefresh function at /goform/formrefresh. Publicly available exploit code exists per VulDB, though EPSS scoring (0.04%) suggests limited mass exploitation activity, and the vendor has not responded to the disclosure, leaving devices without an official fix.
Stack-based buffer overflow in the Edimax EW-7438RPn Wi-Fi range extender (firmware 1.31) allows authenticated remote attackers to corrupt memory via the submit-url parameter of the formLogout handler at /goform/formLogout. Publicly available exploit code exists per VulDB disclosure, and the vendor failed to respond to coordinated disclosure, leaving the device unpatched. EPSS probability is currently very low (0.04%, 13th percentile), but the device class - consumer SOHO networking gear - is a recurring target for botnet recruitment.
Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 range extender allows remote authenticated attackers to corrupt memory by submitting an oversized submit-url parameter to the formLicence handler at /goform/formLicence. Publicly available exploit code exists and the vendor did not respond to coordinated disclosure, leaving deployed devices without a fix. EPSS exploitation probability remains low (0.04%, 13th percentile) despite the public POC, indicating limited but credible risk for exposed devices.
Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 wireless range extender enables remote low-privileged attackers to compromise the device by supplying an oversized submit-url argument to the /goform/formWpsProxyEnable web management endpoint. Exploitation achieves full confidentiality, integrity, and availability impact on the device per CVSS VC:H/VI:H/VA:H, and a public proof-of-concept is available on GitHub. No vendor patch exists - Edimax did not respond to coordinated disclosure - though EPSS remains low at 0.04% (13th percentile) and the vulnerability is not listed in CISA KEV, suggesting limited observed exploitation despite the available POC.
Stack-based buffer overflow in the Edimax EW-7438RPn Wi-Fi range extender (firmware 1.31) allows remote authenticated attackers to corrupt memory by sending an oversized submit-url parameter to the formRadius handler at /goform/formRadius. Publicly available exploit code exists, and the vendor did not respond to coordinated disclosure attempts, leaving the device without a confirmed fix. EPSS probability is currently low (0.04%), but the combination of a public PoC, total technical impact, and unpatched status warrants urgent attention for any deployed units.
Stack-based buffer overflow in Edimax EW-7438RPn 1.31 range extenders allows authenticated remote attackers to corrupt memory by sending a crafted submit-url parameter to the formAccept handler at /goform/formAccept. Publicly available exploit code exists (VulDB-disclosed, with a PoC published on GitHub), but EPSS rates real-world exploitation probability at only 0.04% (13th percentile) and the vendor has not responded to disclosure, leaving the device permanently exposed.
Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 wireless range extender allows remote attackers with low privileges to corrupt memory by sending crafted max_Conn or timeOut parameters to /goform/formConnectionSetting. Publicly available exploit code exists, and the vendor did not respond to coordinated disclosure, leaving deployed devices unpatched. EPSS probability is low (0.04%), but the combination of public POC, network reachability, and full CIA impact warrants prompt action on exposed devices.
Remote buffer overflow in the Edimax BR-6478AC router (firmware 1.23) allows authenticated attackers to corrupt memory by submitting a crafted L2TPUserName parameter to the /goform/formL2TPSetup endpoint. Publicly available exploit code exists (VulDB-published POC on Notion), and SSVC rates technical impact as total despite a low 0.04% EPSS score. The vendor was contacted but has not responded, leaving the device without an official fix.
Stack/buffer overflow in the Edimax BR-6478AC 1.23 wireless router's web management interface allows authenticated remote attackers to corrupt memory by submitting an oversized selSSID parameter to /goform/formiNICSiteSurvey, with publicly available exploit code exists and no vendor response to coordinated disclosure. The flaw affects the formiNICSiteSurvey POST request handler and yields high impact on confidentiality, integrity, and availability of the device. EPSS is low (0.04%, 13th percentile), indicating limited mass-scanning activity despite the published exploit.
Stack-based buffer overflow in Edimax EW-7438RPn 1.31 wireless range extenders allows remote authenticated attackers to corrupt memory by manipulating the selSSID or submit-url parameters in the formWlSiteSurvey handler (/goform/formWlSiteSurvey) of the embedded web server. Publicly available exploit code exists and the vendor did not respond to disclosure attempts, leaving the device without a confirmed patch. EPSS rates exploitation probability low at 0.04%, but the combination of public PoC and unresponsive vendor makes exposed devices a concrete risk.
Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 wireless range extender allows remote attackers with low privileges to corrupt memory and likely achieve code execution by manipulating multiple parameters (Anntena, Mcs, regDomain, nic0Addr/nic1Addr/wlanAddr/wanAddr, wlanSSID, wlanChan, initgain, txcck, txofdm, submit-url) sent to the formHwSet handler at /goform/formHwSet. Publicly available exploit code exists on GitHub, but EPSS rates real-world exploitation probability at only 0.04% (13th percentile) and the issue is not in CISA KEV. The vendor was contacted by the researcher but never responded, leaving the device unpatched.
Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 range extender's formWlanMP handler (/goform/formWlanMP) allows remote authenticated attackers to corrupt memory and potentially achieve arbitrary code execution on the device. Publicly available exploit code exists, but EPSS remains low at 0.04% and there is no CISA KEV listing, indicating no confirmed widespread active exploitation. The vendor was contacted but did not respond, leaving the issue unpatched.
Joomla Responsive Portfolio 1.6.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL commands through multiple filter parameters. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Joomla Component eXtroForms 2.1.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL commands through the filter_type_id, filter_pid_id, and. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.