CVE-2026-24689
🔴 HIGHAn OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input in...
Description
Request Expert ReviewAn OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the devices field of the firmware update apply action.
CVSS Scores
References
Additional Information
- Source
- ics-cert@hq.dhs.gov
- State
- Undergoing analysis
Related CVEs
CVE-2026-3979
MEDIUMA flaw has been found in quickjs-ng quickjs up to 0.12.1. This affects the function js_iterator_concat_return of the file quickjs.c. This manipulation...
CVE-2026-3978
HIGHA vulnerability was detected in D-Link DIR-513 1.10. The impacted element is an unknown function of the file /goform/formEasySetupWizard3. The manipul...
CVE-2026-3977
MEDIUMA security vulnerability has been detected in projectsend up to r1945. The affected element is an unknown function of the component AJAX Endpoints. Th...
CVE-2026-3976
HIGHA weakness has been identified in Tenda W3 1.0.0.3(2204). Impacted is the function formWifiMacFilterSet of the file /goform/WifiMacFilterSet of the co...
CVE-2026-3975
HIGHA security flaw has been discovered in Tenda W3 1.0.0.3(2204). This issue affects the function formWifiMacFilterGet of the file /goform/WifiMacFilterG...
CVE-2026-3974
HIGHA vulnerability was identified in Tenda W3 1.0.0.3(2204). This vulnerability affects the function formexeCommand of the file /goform/exeCommand of the...
Share CVE-2026-24689
Share on Social Media
Copy Link
Embed Code
Request Expert Analysis
Request a professional security analysis for CVE-2026-24689 from our verified experts.
Credits System
Use your credits to get expert analysis from verified security professionals. Purchase more credits anytime!