CVE: CVE-2021-35401 Tested Versions: Prolink PRC2402M 20190909 Product URL(s): https://prolink2u.com/ Description of the vulnerability This vulnerability is present as there are no checks on user input taken by login.cgi, which is passed to popen, allowing an attacker to execute arbitrary code in the context of the root user on affected installations of the Prolink PRC2402M router. No authentication is required to exploit this vulnerability. The router makes POST requests through HTML forms to interact with the cgi scripts....

CVE: CVE-2021-35403 Tested Versions: Prolink PRC2402M 20190909 Product URL(s): https://prolink2u.com/ Description of the vulnerability This vulnerability is present as there are no checks on user input taken by touchlist_sync.cgi, which is passed to popen, allowing an attacker to execute arbitrary code in the context of the root user on affected installations of the Prolink PRC2402M router. No authentication is required to exploit this vulnerability. The router makes GET requests to interact with the cgi scripts....

CVE: CVE-2021-35404 Tested Versions: Prolink PRC2402M 20190909 Product URL(s): https://prolink2u.com/ Description of the vulnerability This vulnerability is present as there are no checks on user input taken by applogin.cgi, which is passed to system, allowing an attacker to execute arbitrary code in the context of the root user on affected installations of the Prolink PRC2402M router. Authentication is required to exploit this vulnerability. The router makes GET requests through HTML forms to interact with the cgi scripts....

CVE: CVE-2021-35406 Tested Versions: Prolink PRC2402M 20190909 Product URL(s): https://prolink2u.com/ Description of the vulnerability This vulnerability is present as there are no checks on user input taken by applogin.cgi, which is passed to system, allowing an attacker to execute arbitrary code in the context of the root user on affected installations of the Prolink PRC2402M router. Authentication is required to exploit this vulnerability. The router makes POST requests through HTML forms to interact with the cgi scripts....

CVE: CVE-2021-35406 Tested Versions: Prolink PRC2402M 20190909 Product URL(s): https://prolink2u.com/ Description of the vulnerability This vulnerability is present as there are no checks on user input taken by qos.cgi, which is passed to system, allowing an attacker to execute arbitrary code in the context of the root user on affected installations of the Prolink PRC2402M router. No authentication is required to exploit this vulnerability. The router makes POST requests through HTML forms to interact with the cgi scripts....

CVE: CVE-2021-35407 Tested Versions: Prolink PRC2402M 20190909 Product URL(s): https://prolink2u.com/ Description of the vulnerability This vulnerability is present as there are no checks on user input taken by mesh.cgi, which is passed to popen, allowing an attacker to execute arbitrary code in the context of the root user on affected installations of the Prolink PRC2402M router. No authentication is required to exploit this vulnerability. The router makes GET requests to interact with the cgi scripts....

CVE: CVE-2021-35409 Tested Versions: Prolink PRC2402M 20190909 Product URL(s): https://prolink2u.com/ Description of the vulnerability This vulnerability is present as there are no checks on user input taken by nightled.cgi, which is passed to system, allowing an attacker to execute arbitrary code in the context of the root user on affected installations of the Prolink PRC2402M router. No authentication is required to exploit this vulnerability. The router makes GET requests to interact with the cgi scripts....