A vulnerability was found in hcr707305003 shiroiAdmin 1.1/1.3 and classified as critical. Affected is the function FileController::upload of the file app/common/controller/FileController.php. Executing a manipulation of the argument File can lead to unrestricted upload.
The identification of this vulnerability is CVE-2026-15488. The attack may be launched remotely. Furthermore, there is an exploit available.
It is suggested to upgrade the affected component.
The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability has been found in TRENDnet TEW-821DAP 1.11B03 and classified as critical. This impacts the function sub_41FBD0 of the file /goform/system_ntp of the component Firmware Update Handler. Performing a manipulation of the argument Hostname results in os command injection. This vulnerability only affects products that are no longer supported by the maintainer.
This vulnerability was named CVE-2026-15487. The attack may be initiated remotely. There is no available exploit.
The vendor explains: "We are unable to confirm the existence of the vulnerabilities for (...) TEW-821DAP (v1.0R) as these items have been EOL. "
A vulnerability, which was classified as critical, was found in TRENDnet TEW-821DAP 1.11B03. This affects the function sub_42026C of the file /goform/tools_ddns of the component Firmware Update Handler. Such manipulation of the argument hostname/username/password leads to os command injection. This vulnerability only affects products that are no longer supported by the maintainer.
This vulnerability is uniquely identified as CVE-2026-15486. The attack can be launched remotely. No exploit exists.
The vendor explains: "We are unable to confirm the existence of the vulnerabilities for (...) TEW-821DAP (v1.0R) as these items have been EOL. "
A vulnerability, which was classified as critical, has been found in TRENDnet TEW-821DAP 1.11B03. The impacted element is the function sub_43F2C4 of the file /goform/tools_nslookup of the component DNS Lookup Handler. This manipulation of the argument nslookup_target/dns_server causes os command injection. This vulnerability only affects products that are no longer supported by the maintainer.
This vulnerability is handled as CVE-2026-15485. The attack can be initiated remotely. There is not any exploit available.
The vendor explains: "We are unable to confirm the existence of the vulnerabilities for (...) TEW-821DAP (v1.0R) as these items have been EOL. "
A vulnerability classified as critical was found in TRENDnet TEW-821DAP 1.12B01. The affected element is the function sub_41EC14 of the file /goform/tools_nslookup of the component ssi. The manipulation results in buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer.
This vulnerability is known as CVE-2026-15484. It is possible to launch the attack remotely. No exploit is available.
The vendor explains: "We are unable to confirm the existence of the vulnerabilities for (...) TEW-821DAP (v1.0R) as these items have been EOL. "
A vulnerability classified as critical has been found in TRENDnet TEW-821DAP 1.12B01. Impacted is the function sub_41EC14 of the file /goform/tools_nslookup of the component ssi. The manipulation of the argument nslookup_target leads to buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer.
This vulnerability is traded as CVE-2026-15483. It is possible to initiate the attack remotely. There is no exploit available.
The vendor explains: "We are unable to confirm the existence of the vulnerabilities for (...) TEW-821DAP (v1.0R) as these items have been EOL. "
A vulnerability described as critical has been identified in Aster Telecom Azcall 10/11. This issue affects some unknown processing of the file /azcall/adm/gestao_loja/sis.php?t=consultar of the component HTTP Handler. Executing a manipulation of the argument nome/perfil/status can lead to sql injection.
This vulnerability appears as CVE-2026-15482. The attack may be performed from remote. In addition, an exploit is available.
The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability marked as critical has been reported in Trendnet TEW-635BRM up to 1.00.03. This vulnerability affects the function ipoa_test of the file /sbin/rc of the component IPoA WAN Connection Setup. Performing a manipulation of the argument ipoa_ipaddr results in command injection. This vulnerability only affects products that are no longer supported by the maintainer.
This vulnerability is reported as CVE-2026-15481. The attack is possible to be carried out remotely. Moreover, an exploit is present.
The vendor explains: "We are unable to confirm if the vulnerability exists. This item has been EOL since 2011. We will make an official announcement of possible vulnerabilities, and recommend users to switch devices."