Total
2858 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-32664 | 1 Mediatek | 7 En7516, En7528, En7529 and 4 more | 2025-04-10 | N/A | 8.8 HIGH |
| In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. Patch ID: A20220004; Issue ID: OSBNB00140929. | |||||
| CVE-2024-51304 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | N/A | 8.8 HIGH |
| In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the ldap_search_dn function. | |||||
| CVE-2024-51257 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | N/A | 8.8 HIGH |
| DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doCertificate function. | |||||
| CVE-2024-51296 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | N/A | 8.8 HIGH |
| In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the pingtrace function. | |||||
| CVE-2024-51299 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | N/A | 8.8 HIGH |
| In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the dumpSyslog function. | |||||
| CVE-2024-51300 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | N/A | 8.8 HIGH |
| In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_rrd function. | |||||
| CVE-2024-51301 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | N/A | 8.8 HIGH |
| In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the packet_monitor function. | |||||
| CVE-2024-51258 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | N/A | 8.8 HIGH |
| DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doSSLTunnel function. | |||||
| CVE-2024-51254 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | N/A | 8.8 HIGH |
| DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the sign_cacertificate function. | |||||
| CVE-2024-51259 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | N/A | 9.8 CRITICAL |
| DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the setup_cacertificate function. | |||||
| CVE-2024-51255 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | N/A | 9.8 CRITICAL |
| DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the ruequest_certificate function. | |||||
| CVE-2024-51260 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | N/A | 9.8 CRITICAL |
| DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the acme_process function. | |||||
| CVE-2024-48153 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | N/A | 9.8 CRITICAL |
| DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_subconfig function. | |||||
| CVE-2024-30891 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-04-10 | N/A | 8.8 HIGH |
| A command injection vulnerability exists in /goform/exeCommand in Tenda AC18 v15.03.05.05, which allows attackers to construct cmdinput parameters for arbitrary command execution. | |||||
| CVE-2022-39073 | 1 Zte | 2 Mf286r, Mf286r Firmware | 2025-04-10 | N/A | 9.8 CRITICAL |
| There is a command injection vulnerability in ZTE MF286R, Due to insufficient validation of the input parameters, an attacker could use the vulnerability to execute arbitrary commands. | |||||
| CVE-2022-25923 | 1 Exec-local-bin Project | 1 Exec-local-bin | 2025-04-10 | N/A | 7.4 HIGH |
| Versions of the package exec-local-bin before 1.2.0 are vulnerable to Command Injection via the theProcess() functionality due to improper user-input sanitization. | |||||
| CVE-2025-25632 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-04-09 | N/A | 9.8 CRITICAL |
| Tenda AC15 v15.03.05.19 is vulnerable to Command Injection via the handler function in /goform/telnet. | |||||
| CVE-2025-22912 | 1 Edimax | 2 Re11s, Re11s Firmware | 2025-04-09 | N/A | 9.8 CRITICAL |
| RE11S v1.11 was discovered to contain a command injection vulnerability via the component /goform/formAccept. | |||||
| CVE-2025-22949 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2025-04-09 | N/A | 9.8 CRITICAL |
| Tenda ac9 v1.0 firmware v15.03.05.19 is vulnerable to command injection in /goform/SetSambaCfg, which may lead to remote arbitrary code execution. | |||||
| CVE-2024-32282 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2025-04-09 | N/A | 6.3 MEDIUM |
| Tenda FH1202 v1.2.0.14(408) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter. | |||||