CVE-2025-60682
A command injection vulnerability exists in the ToToLink A720R Router firmware V4.1.5cu.614_B20230630 within the cloudupdate_check binary, s
CVSS
6.5
Medio
EPSS
1.5%
p71
KEV
—
Exploit Today
21
0-100
Publicado: 13 nov 2025 · Última mod.: 5 jul 2026 · CWE-77
1.3%EPSS · 30 días1.6%
2026-06-302026-07-16
A command injection vulnerability exists in the ToToLink A720R Router firmware V4.1.5cu.614_B20230630 within the cloudupdate_check binary, specifically in the sub_402414 function that handles cloud update parameters. User-supplied 'magicid' and 'url' values are directly concatenated into shell commands and executed via system() without any sanitization or escaping. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary commands on the device.
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2026-422718.8 ALT99.6%
KEV—80BerriAI LiteLLM Command Injection Vulnerability2dCVE-2023-349609.8 CRÍ99.9%
——30A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.8dCVE-2023-376799.8 CRÍ99.9%
——30A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server.8dCVE-2026-80379.6 CRÍ98.6%
——30OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints4dCVE-2022-457018.8 ALT98.5%
——30Arris TG2482A firmware through 9.1.103GEM9 allow Remote Code Execution (RCE) via the ping utility feature.8dCVE-2023-337828.8 ALT98.3%
——30D-Link DIR-842V2 v1.0.3 was discovered to contain a command injection vulnerability via the iperf3 diagnostics function.8d