Aggregator

CVE-2026-9437 | DTStack Taier 1.4.0 REST API Runtime.exec sqlText os command injection

VulDB Recent Entries
3 weeks 3 days ago
A vulnerability has been found in DTStack Taier 1.4.0 and classified as critical. This affects the function Runtime.exec of the component REST API. The manipulation of the argument sqlText leads to os command injection. This vulnerability is uniquely identified as CVE-2026-9437. The attack is possible to be carried out remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2026-9436 | Totolink A8000RU 7.1cu.643_b20200521 Web Management Interface /cgi-bin/cstecgi.cgi setL2tpServerCfg enable os command injection

VulDB Recent Entries
3 weeks 3 days ago
A vulnerability, which was classified as critical, was found in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setL2tpServerCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument enable can lead to os command injection. This vulnerability is handled as CVE-2026-9436. The attack can be executed remotely. Additionally, an exploit exists.
vuldb.com

CVE-2026-9435 | Totolink A8000RU 7.1cu.643_b20200521 Web Management Interface /cgi-bin/cstecgi.cgi setQosCfg enable os command injection

VulDB Recent Entries
3 weeks 3 days ago
A vulnerability, which was classified as critical, has been found in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setQosCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument enable results in os command injection. This vulnerability is known as CVE-2026-9435. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
vuldb.com

CVE-2026-9434 | Totolink A8000RU 7.1cu.643_b20200521 Web Management Interface /cgi-bin/cstecgi.cgi setWiFiWpsCfg wscDisabled os command injection (EUVD-2026-31640)

VulDB Recent Entries
3 weeks 3 days ago
A vulnerability classified as critical was found in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setWiFiWpsCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument wscDisabled leads to os command injection. This vulnerability is traded as CVE-2026-9434. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2026-9433 | Totolink A8000RU 7.1cu.643_b20200521 Web Management Interface /cgi-bin/cstecgi.cgi setMacFilterRules enable os command injection (EUVD-2026-31641)

VulDB Recent Entries
3 weeks 3 days ago
A vulnerability classified as critical has been found in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setMacFilterRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. This manipulation of the argument enable causes os command injection. This vulnerability appears as CVE-2026-9433. The attack may be initiated remotely. In addition, an exploit is available.
vuldb.com

CVE-2026-9432 | Totolink A8000RU 7.1cu.643_b20200521 Web Management Interface /cgi-bin/cstecgi.cgi setWiFiAdvancedCfg bgProtection os command injection (EUVD-2026-31637)

VulDB Recent Entries
3 weeks 3 days ago
A vulnerability described as critical has been identified in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setWiFiAdvancedCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument bgProtection results in os command injection. This vulnerability is reported as CVE-2026-9432. The attack can be launched remotely. Moreover, an exploit is present.
vuldb.com

CVE-2026-9431 | Tenda F1202 1.2.0.20(408) /goform/PptpUserAdd fromPptpUserAdd opttype stack-based overflow (EUVD-2026-31639)

VulDB Recent Entries
3 weeks 3 days ago
A vulnerability marked as critical has been reported in Tenda F1202 1.2.0.20(408). This affects the function fromPptpUserAdd of the file /goform/PptpUserAdd. The manipulation of the argument opttype leads to stack-based buffer overflow. This vulnerability is documented as CVE-2026-9431. The attack can be initiated remotely. Additionally, an exploit exists.
vuldb.com

CVE-2026-9430 | Tenda F1202 1.2.0.20(408) /goform/GstDhcpSetSerof formGstDhcpSetSer dips stack-based overflow (EUVD-2026-31633)

VulDB Recent Entries
3 weeks 3 days ago
A vulnerability labeled as critical has been found in Tenda F1202 1.2.0.20(408). Affected by this issue is the function formGstDhcpSetSer of the file /goform/GstDhcpSetSerof. Executing a manipulation of the argument dips can lead to stack-based buffer overflow. This vulnerability is registered as CVE-2026-9430. It is possible to launch the attack remotely. Furthermore, an exploit is available.
vuldb.com

CVE-2026-9429 | Tenda F1202 1.2.0.20(408) /goform/WrlExtraSet formWrlExtraSet delno stack-based overflow (EUVD-2026-31634)

VulDB Recent Entries
3 weeks 3 days ago
A vulnerability identified as critical has been detected in Tenda F1202 1.2.0.20(408). Affected by this vulnerability is the function formWrlExtraSet of the file /goform/WrlExtraSet. Performing a manipulation of the argument delno results in stack-based buffer overflow. This vulnerability is cataloged as CVE-2026-9429. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2026-9428 | Tenda F1202 1.2.0.20(408) /goform/PPTPUserSetting fromPPTPUserSetting delno stack-based overflow (EUVD-2026-31635)

VulDB Recent Entries
3 weeks 3 days ago
A vulnerability categorized as critical has been discovered in Tenda F1202 1.2.0.20(408). Affected is the function fromPPTPUserSetting of the file /goform/PPTPUserSetting. Such manipulation of the argument delno leads to stack-based buffer overflow. This vulnerability is listed as CVE-2026-9428. The attack may be performed from remote. In addition, an exploit is available.
vuldb.com

Managed ad