Veeder-Root TLS4B Automatic Tank Gauge System

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.4 ATTENTION : Exploitable remotely/low attack complexity Vendor : Veeder-Root Equipment : TLS4B Automatic Tank Gauge System Vulnerabilities : Improper Neutralization of Special Elements used in a Command ('Command Injection'), Integer Overflow or Wraparound 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow attackers to execute system-level commands, gain full shell access, achieve remote command execution, move laterally...

webctrl.cgi/Blue Angel Software Suite Exploit Attempts. Maybe CVE-2025-34033 Variant?, (Wed, Oct 22nd)

Starting yesterday, some of our honeypots received POST requests to "/cgi-bin/webctrl.cgi", attempting to exploit an OS command injection vulnerability:

TP-Link Patches Four Omada Gateway Flaws, Two Allow Remote Code Execution

TP-Link has released security updates to address four security flaws impacting Omada gateway devices, including two critical bugs that could result in arbitrary code execution. The vulnerabilities in question are listed below - CVE-2025-6541 (CVSS score: 8.6) - An operating system command injection vulnerability that could be exploited by an attacker who can log in to the web management

TP-Link warns of critical command injection flaw in Omada gateways

TP-Link has made firmware updates available for a broad range of Omada gateway models to address four vulnerabilities, among which a critical pre-auth OS command injection.

CVE-2025-8078: ZYXEL Remote Code Execution via CLI Command Injection

submitted by /u/Advanced_Rough8330 [link] [comments]

CVE-2025-8078: ZYXEL Remote Code Execution via CLI Command Injection

https://rainpwn.blog/blog/cve-2025-8078/ submitted by /u/Advanced_Rough8330 [link] [comments]

How to Prevent Command Injection and SQL Injection Attacks over MCP

Hacking the Nokia Beacon 1 Router: UART, Command Injection, and Password Generation with Qiling

The Nokia Beacon 1 proved to be an interesting journey covering the full spectrum of techniques from hardware debug interfaces to firmware extraction and finally both static and dynamic analysis. I was rewarded with interesting findings including a (now-patched) command injection.