Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (5 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2021-35402 1 Prolink 1 Prc2402m 2026-02-23 10 Critical
PROLiNK PRC2402M 20190909 before 2021-06-13 allows live_api.cgi?page=satellite_list OS command injection via shell metacharacters in the ip parameter (for satellite_status).
CVE-2021-36708 1 Prolink 2 Prc2402m, Prc2402m Firmware 2024-11-21 7.5 High
In ProLink PRC2402M V1.0.18 and older, the set_sys_init function in the login.cgi binary allows an attacker to reset the password to the administrative interface of the router.
CVE-2021-36707 1 Prolink 2 Prc2402m, Prc2402m Firmware 2024-11-21 9.8 Critical
In ProLink PRC2402M V1.0.18 and older, the set_ledonoff function in the adm.cgi binary, accessible with a page parameter value of ledonoff contains a trivial command injection where the value of the led_cmd parameter is passed directly to do_system.
CVE-2021-36706 1 Prolink 2 Prc2402m, Prc2402m Firmware 2024-11-21 9.8 Critical
In ProLink PRC2402M V1.0.18 and older, the set_sys_cmd function in the adm.cgi binary, accessible with a page parameter value of sysCMD contains a trivial command injection where the value of the command parameter is passed directly to system.
CVE-2021-36705 1 Prolink 2 Prc2402m, Prc2402m Firmware 2024-11-21 9.8 Critical
In ProLink PRC2402M V1.0.18 and older, the set_TR069 function in the adm.cgi binary, accessible with a page parameter value of TR069 contains a trivial command injection where the value of the TR069_local_port parameter is passed directly to system.