CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10195 – Tecno 4G Portable WiFi TR118 SMS Check goform_get_cmd_process sql injection
https://notcve.org/view.php?id=CVE-2024-10195
20 Oct 2024 — A vulnerability was found in Tecno 4G Portable WiFi TR118 V008-20220830. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /goform/goform_get_cmd_process of the component SMS Check. The manipulation of the argument order_by leads to sql injection. The attack can be launched remotely. • https://asciinema.org/a/2mwkmDqRZfeAYTu5hHre1r4QB • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 1CVE-2023-6304 – Tecno 4G Portable WiFi TR118 Ping Tool goform_get_cmd_process os command injection
https://notcve.org/view.php?id=CVE-2023-6304
27 Nov 2023 — A vulnerability was found in Tecno 4G Portable WiFi TR118 TR118-M30E-RR-D-EnFrArSwHaPo-OP-V008-20220830. It has been declared as critical. This vulnerability affects unknown code of the file /goform/goform_get_cmd_process of the component Ping Tool. The manipulation of the argument url leads to os command injection. The attack can be initiated remotely. • https://drive.google.com/file/d/1DUSlAxTbNLBdv1aLUAn-tDMu6Z1rHYH8/view • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •