Summermu

25 exploits Active since May 2025
CVE-2025-44868 WRITEUP CRITICAL WORKING POC
Wavlink WL-WN530H4 20220801 - OS Command Injection via pingIp Parameter
Wavlink WL-WN530H4 20220801 was found to contain a command injection vulnerability in the ping_test function of the adm.cgi via the pingIp parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS 9.8
CVE-2025-44839 WRITEUP MEDIUM WORKING POC
TOTOLINK CA600-PoE V5.3c.6665_B20180820 - OS Command Injection via CloudSrvUserdataVersionCheck magicid Parameter
TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the magicid parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS 6.5
CVE-2025-44840 WRITEUP MEDIUM WORKING POC
TOTOLINK CA600-PoE V5.3c.6665_B20180820 - OS Command Injection via CloudSrvUserdataVersionCheck svn Parameter
TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the svn parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS 6.5
CVE-2025-44841 WRITEUP MEDIUM WORKING POC
TOTOLINK CA600-PoE V5.3c.6665_B20180820 - OS Command Injection via CloudSrvUserdataVersionCheck Version Parameter
TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the version parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS 6.5
CVE-2025-44842 WRITEUP MEDIUM WORKING POC
TOTOLINK CA600-PoE V5.3c.6665_B20180820 - OS Command Injection via msg_process Port Parameter
TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the msg_process function via the Port parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS 6.5
CVE-2025-44843 WRITEUP MEDIUM WORKING POC
TOTOLINK CA600-PoE V5.3c.6665_B20180820 - OS Command Injection via CloudSrvUserdataVersionCheck URL Parameter
TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS 6.5
CVE-2025-44844 WRITEUP MEDIUM WORKING POC
TOTOLINK CA600-PoE V5.3c.6665_B20180820 - OS Command Injection via setUpgradeFW FileName Parameter
TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the setUpgradeFW function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS 6.5
CVE-2025-44845 WRITEUP MEDIUM WORKING POC
TOTOLINK CA600-PoE V5.3c.6665_B20180820 - OS Command Injection via NTPSyncWithHost hostTime Parameter
TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS 6.5
CVE-2025-44846 WRITEUP MEDIUM WORKING POC
TOTOLINK CA600-PoE V5.3c.6665_B20180820 - OS Command Injection via recvUpgradeNewFw fwUrl Parameter
TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the recvUpgradeNewFw function via the fwUrl parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS 6.3
CVE-2025-44847 WRITEUP MEDIUM WORKING POC
TOTOLINK CA600-PoE V5.3c.6665_B20180820 - OS Command Injection via setWebWlanIdx webWlanIdx Parameter
TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS 6.3
CVE-2025-44848 WRITEUP MEDIUM WORKING POC
TOTOLINK CA600-PoE V5.3c.6665_B20180820 - OS Command Injection via msg_process Url Parameter
TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the msg_process function via the Url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS 6.5
CVE-2025-44854 WRITEUP MEDIUM WORKING POC
TOTOLINK CP900 V6.3c.1144_B20190715 - OS Command Injection via setUpgradeUboot FileName Parameter
TOTOLINK CP900 V6.3c.1144_B20190715 was found to contain a command injection vulnerability in the setUpgradeUboot function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS 6.3
CVE-2025-44860 WRITEUP MEDIUM WORKING POC
TOTOLINK CA300-POE V6.2c.884_B20180522 - OS Command Injection via msg_process Port Parameter
TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the msg_process function via the Port parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS 6.5
CVE-2025-44861 WRITEUP MEDIUM WORKING POC
TOTOLINK CA300-POE V6.2c.884_B20180522 - OS Command Injection via CloudSrvUserdataVersionCheck URL Parameter
TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS 6.3
CVE-2025-44862 WRITEUP MEDIUM WORKING POC
TOTOLINK CA300-POE V6.2c.884_B20180522 - OS Command Injection via recvUpgradeNewFw fwUrl Parameter
TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the recvUpgradeNewFw function via the fwUrl parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS 6.3
CVE-2025-44863 WRITEUP MEDIUM WORKING POC
TOTOLINK CA300-POE V6.2c.884_B20180522 - OS Command Injection via msg_process Url Parameter
TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the msg_process function via the Url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS 6.5
CVE-2025-44864 WRITEUP MEDIUM WORKING POC
Tenda W20E V15.11.0.6 - OS Command Injection via formSetDebugCfg Module Parameter
Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the module parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS 6.3
CVE-2025-44865 WRITEUP MEDIUM WORKING POC
Tenda W20E V15.11.0.6 - OS Command Injection via formSetDebugCfg enable Parameter
Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the enable parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS 6.3
CVE-2025-44866 WRITEUP MEDIUM WORKING POC
Tenda W20E V15.11.0.6 - OS Command Injection via formSetDebugCfg level Parameter
Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the level parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS 6.3
CVE-2025-44867 WRITEUP MEDIUM WORKING POC
Tenda W20E V15.11.0.6 - OS Command Injection via formSetNetCheckTools hostName Parameter
Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetNetCheckTools function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS 6.3
CVE-2025-44872 WRITEUP CRITICAL WORKING POC
Tenda AC9 V15.03.06.42_multi - OS Command Injection via formsetUsbUnload deviceName Parameter
Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formsetUsbUnload function via the deviceName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS 9.8
CVE-2025-44877 WRITEUP CRITICAL WORKING POC
Tenda AC9 V15.03.06.42_multi - OS Command Injection via formSetSambaConf usbname Parameter
Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formSetSambaConf function via the usbname parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS 9.8
CVE-2025-50755 WRITEUP MEDIUM WORKING POC
Wavlink WN535K3 - Command Injection
Wavlink WN535K3 20191010 was found to contain a command injection vulnerability in the set_sys_cmd function via the command parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS 6.5
CVE-2025-50756 WRITEUP CRITICAL WORKING POC
Wavlink WN535K3 - Command Injection
Wavlink WN535K3 20191010 was found to contain a command injection vulnerability in the set_sys_adm function via the newpass parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS 9.8
CVE-2025-50757 WRITEUP MEDIUM WORKING POC
Wavlink WN535K3 - Command Injection
Wavlink WN535K3 20191010 was found to contain a command injection vulnerability in the set_sys_adm function via the username parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS 6.5