Vulnerabilities (CVE)

Filtered by CWE-77
Total 3414 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-57337 2026-06-17 N/A 6.5 MEDIUM
An arbitrary file upload vulnerability in the opcode 500 functionality of M2Soft CROWNIX Report & ERS v5.x to v5.5.14.1070, v7.x to v7.4.3.960, and v8.x to v8.2.0.345 allows attackers to execute arbitrary code via supplying a crafted file.
CVE-2024-57235 1 Netgear 2 Rax50, Rax50 Firmware 2026-06-17 N/A 9.8 CRITICAL
NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the iface parameter in the vif_enable function.
CVE-2024-57234 1 Netgear 2 Rax50, Rax50 Firmware 2026-06-17 N/A 9.8 CRITICAL
NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function.
CVE-2024-57233 1 Netgear 2 Rax50, Rax50 Firmware 2026-06-17 N/A 9.8 CRITICAL
NETGEAR RAX5 (AX1600 WiFi Router) v1.0.2.26 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function.
CVE-2024-57232 1 Netgear 2 Rax50, Rax50 Firmware 2026-06-17 N/A 9.8 CRITICAL
NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function.
CVE-2024-57231 1 Netgear 2 Rax50, Rax50 Firmware 2026-06-17 N/A 9.8 CRITICAL
NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function.
CVE-2024-57230 1 Netgear 2 Rax50, Rax50 Firmware 2026-06-17 N/A 9.8 CRITICAL
NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function.
CVE-2024-57229 1 Netgear 2 Rax50, Rax50 Firmware 2026-06-17 N/A 9.8 CRITICAL
NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function.
CVE-2024-57228 1 Linksys 2 E7350, E7350 Firmware 2026-06-17 N/A 8.0 HIGH
Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function.
CVE-2024-57227 1 Linksys 2 E7350, E7350 Firmware 2026-06-17 N/A 8.0 HIGH
Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function.
CVE-2024-57226 1 Linksys 2 E7350, E7350 Firmware 2026-06-17 N/A 8.0 HIGH
Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the iface parameter in the vif_enable function.
CVE-2024-57225 1 Linksys 2 E7350, E7350 Firmware 2026-06-17 N/A 9.8 CRITICAL
Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function.
CVE-2024-57224 1 Linksys 2 E7350, E7350 Firmware 2026-06-17 N/A 9.8 CRITICAL
Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function.
CVE-2024-57223 1 Linksys 2 E7350, E7350 Firmware 2026-06-17 N/A 9.8 CRITICAL
Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function.
CVE-2024-57222 1 Linksys 2 E7350, E7350 Firmware 2026-06-17 N/A 6.3 MEDIUM
Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function.
CVE-2024-57214 1 Totolink 2 A6000r, A6000r Firmware 2026-06-17 N/A 6.3 MEDIUM
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function.
CVE-2024-57213 1 Totolink 2 A6000r, A6000r Firmware 2026-06-17 N/A 6.3 MEDIUM
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the newpasswd parameter in the action_passwd function.
CVE-2024-57212 1 Totolink 2 A6000r, A6000r Firmware 2026-06-17 N/A 5.1 MEDIUM
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the opmode parameter in the action_reboot function.
CVE-2024-57211 1 Totolink 2 A6000r, A6000r Firmware 2026-06-17 N/A 8.0 HIGH
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the modifyOne parameter in the enable_wsh function.
CVE-2024-57036 1 Totolink 2 A810r, A810r Firmware 2026-06-17 N/A 8.1 HIGH
TOTOLINK A810R V4.1.2cu.5032_B20200407 was found to contain a command insertion vulnerability in downloadFile.cgi main function. This vulnerability allows an attacker to execute arbitrary commands by sending HTTP request.