This page aggregates publicly disclosed CVE and security risk information related to prolink2u, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-56498 | An OS command injection vulnerability exists in PLDT WiFi Router's Prolink PGN6401V Firmware 8.1.2 web management interface. The ping6.asp page submits user input to the /boaform/formPing6 endpoint via the pingAddr parameter, which is not properly sanitized. An authenticated attacker can exploit this flaw by injecting arbitrary system commands, which are executed by the underlying operating system with root privileges. The router uses the Boa web server (version 0.93.15) to handle the request. S | [email protected] | 5.3 | 1.72% | 2025-09-03 | 2026-06-17 |
| CVE-2022-46637 | Prolink router PRS1841 was discovered to contain hardcoded credentials for its Telnet and FTP services. | [email protected] | 9.8 | 1.52% | 2023-02-21 | 2026-06-17 |