WangJincheng

CVE-2022-32092 WRITEUP CRITICAL WORKING POC

D-Link DIR-645 Firmware < 1.03 - OS Command Injection via QUERY_STRING Parameter

D-Link DIR-645 v1.03 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter at __ajax_explorer.sgi.

CVSS 9.8

View Code

CVE-2022-37149 WRITEUP CRITICAL WRITEUP

WAVLINK WL-WN575A3 RPT75A3.V4300.201217 - OS Command Injection via Username Parameter

WAVLINK WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a command injection vulnerability when operating the file adm.cgi. This vulnerability allows attackers to execute arbitrary commands via the username parameter.

CVSS 9.8

View Code