Total
2128 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-25768 | 1 Mrcms | 1 Mrcms | 2025-04-04 | N/A | 5.4 MEDIUM |
| MRCMS v3.1.2 was discovered to contain a server-side template injection (SSTI) vulnerability in the component \servlet\DispatcherServlet.java. This vulnerability allows attackers to execute arbitrary code via a crafted payload. | |||||
| CVE-2022-21191 | 1 Global-modules-path Project | 1 Global-modules-path | 2025-04-04 | N/A | 7.4 HIGH |
| Versions of the package global-modules-path before 3.0.0 are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the getPath function. | |||||
| CVE-2024-34218 | 1 Totolink | 2 Cp450, Cp450 Firmware | 2025-04-04 | N/A | 3.8 LOW |
| TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. | |||||
| CVE-2024-53333 | 1 Totolink | 2 Ex200, Ex200 Firmware | 2025-04-04 | N/A | 6.3 MEDIUM |
| TOTOLINK EX200 v4.0.3c.7646_B20201211 was found to contain a command insertion vulnerability in the setUssd function. This vulnerability allows an attacker to execute arbitrary commands via the "ussd" parameter. | |||||
| CVE-2024-32349 | 1 Totolink | 2 X5000r, X5000r Firmware | 2025-04-04 | N/A | 6.0 MEDIUM |
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "mtu" parameters in the "cstecgi.cgi" binary. | |||||
| CVE-2024-32353 | 1 Totolink | 2 X5000r, X5000r Firmware | 2025-04-04 | N/A | 9.8 CRITICAL |
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability via the 'port' parameter in the setSSServer function at /cgi-bin/cstecgi.cgi. | |||||
| CVE-2024-32354 | 1 Totolink | 2 X5000r, X5000r Firmware | 2025-04-04 | N/A | 6.0 MEDIUM |
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability via the 'timeout' parameter in the setSSServer function at /cgi-bin/cstecgi.cgi. | |||||
| CVE-2024-32355 | 1 Totolink | 2 X5000r, X5000r Firmware | 2025-04-04 | N/A | 8.0 HIGH |
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability via the 'password' parameter in the setSSServer function. | |||||
| CVE-2020-22662 | 1 Ruckuswireless | 28 R310, R310 Firmware, R500 and 25 more | 2025-04-03 | N/A | 7.5 HIGH |
| In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to change and set unauthorized "illegal region code" by remote code Execution command injection which leads to run illegal frequency with maxi output power. Vulnerability allows attacker to create an arbitrary amount of ssid wlans interface per radio which creates overhead over noise (the default max limit is 8 ssid only per radio in solo AP). Vulnerability allows attacker to unlock hidden regions by privilege command injection in WEB GUI. | |||||
| CVE-2025-29635 | 1 Dlink | 2 Dir-823x, Dir-823x Firmware | 2025-04-03 | N/A | 8.8 HIGH |
| A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting via the corresponding function, triggering remote command execution. | |||||
| CVE-2024-41316 | 1 Totolink | 2 A6000r, A6000r Firmware | 2025-04-03 | N/A | 9.8 CRITICAL |
| TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function. | |||||
| CVE-2024-41318 | 1 Totolink | 2 A6000r, A6000r Firmware | 2025-04-03 | N/A | 9.8 CRITICAL |
| TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function. | |||||
| CVE-2024-41320 | 1 Totolink | 2 A6000r, A6000r Firmware | 2025-04-03 | N/A | 8.8 HIGH |
| TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the get_apcli_conn_info function. | |||||
| CVE-2024-57211 | 1 Totolink | 2 A6000r, A6000r Firmware | 2025-04-03 | N/A | 8.0 HIGH |
| TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the modifyOne parameter in the enable_wsh function. | |||||
| CVE-2024-57212 | 1 Totolink | 2 A6000r, A6000r Firmware | 2025-04-03 | N/A | 5.1 MEDIUM |
| TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the opmode parameter in the action_reboot function. | |||||
| CVE-2024-57213 | 1 Totolink | 2 A6000r, A6000r Firmware | 2025-04-03 | N/A | 6.3 MEDIUM |
| TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the newpasswd parameter in the action_passwd function. | |||||
| CVE-2024-57214 | 1 Totolink | 2 A6000r, A6000r Firmware | 2025-04-03 | N/A | 6.3 MEDIUM |
| TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function. | |||||
| CVE-2024-35397 | 1 Totolink | 2 Cp900l, Cp900l Firmware | 2025-04-03 | N/A | 8.8 HIGH |
| TOTOLINK CP900L v4.1.5cu.798_B20221228 weas discovered to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2024-35401 | 1 Totolink | 2 Cp900l, Cp900l Firmware | 2025-04-03 | N/A | 5.9 MEDIUM |
| TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function. | |||||
| CVE-2025-1829 | 1 Totolink | 2 X18, X18 Firmware | 2025-04-03 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in TOTOLINK X18 9.1.0cu.2024_B20220329. It has been declared as critical. This vulnerability affects the function setMtknatCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument mtkhnatEnable leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||