CVE-2025-44882 – Wavlink Firewall CGI Command Injection

May 20, 2025

CVE ID : CVE-2025-44882

Published : May 20, 2025, 9:15 p.m. | 2 hours, 18 minutes ago

Description : A command injection vulnerability in the component /cgi-bin/firewall.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execute arbitrary commands via a crafted input.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-44891 – “FW-WGS-804HPT Stack Overflow via Host IP Parameter”

Next Article CVE-2025-44896 – Fujitsu WGS-804HPT Stack Overflow Vulnerability

Highlights

CVE-2025-7028 – Apache Software SMI Handler Pointer Dereference Vulnerability

July 11, 2025

CVE ID : CVE-2025-7028

Published : July 11, 2025, 4:15 p.m. | 4 hours, 50 minutes ago

Description : A vulnerability in the Software SMI handler (SwSmiInputValue 0x20) allows a local attacker to supply a crafted pointer (FuncBlock) through RBX and RCX register values. This pointer is passed unchecked into multiple flash management functions (ReadFlash, WriteFlash, EraseFlash, and GetFlashInfo) that dereference both the structure and its nested members, such as BufAddr. This enables arbitrary read/write access to System Management RAM (SMRAM), allowing an attacker to corrupt firmware memory, exfiltrate SMRAM content via flash, or install persistent implants.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CodeSOD: A Unique Way to Primary Key

BrowserStack launches Figma plugin for detecting accessibility issues in design phase

Parasoft brings agentic AI to service virtualization in latest release

Node.js vs. Python for Backend: 7 Reasons C-Level Leaders Choose Node.js Talent

The best CRM software with email marketing in 2025: Expert tested and reviewed

This multi-port car charger can power 4 gadgets at once – and it’s surprisingly cheap

I’m a wearables editor and here are the 7 Pixel Watch 4 rumors I’m most curious about

8 ways I quickly leveled up my Linux skills – and you can too

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

Zero Trust & Cybersecurity Mesh: Your Org’s Survival Guide

Execute Ping Commands and Get Back Structured Data in PHP

A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

“I don’t think I changed his mind” — NVIDIA CEO comments on H20 AI GPU sales resuming in China following a meeting with President Trump

Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

CVE-2025-44882 – Wavlink Firewall CGI Command Injection

CVE-2025-44658 – Netgear RAX30 PHP-FPM Misconfigured Extension Bypass Vulnerability

CVE-2025-7393 – Drupal Mail Login Authentication Bypass

CVE-2025-4261 – GAIR-NLP Factool Code Injection Vulnerability

CVE-2025-52717 – LifterLMS SQL Injection

CVE-2025-3452 – SecuPress Free WordPress Security Plugin Unauthorized Plugin Installation Vulnerability

CVE-2025-48915 – Drupal COOKiES Consent Management Cross-Site Scripting (XSS)

CVE-2025-7028 – Apache Software SMI Handler Pointer Dereference Vulnerability

CVE-2025-27531 – Apache InLong Deserialization of Untrusted Data Remote File Read Vulnerability

New AI Tool Predicts Blood Sugar Without Tracking Your Personal Health Data

This is the handheld gaming PC accessory you need this Prime Day — it’s made my gameplay so much more convenient

CVE-2025-44882 – Wavlink Firewall CGI Command Injection

Related Posts