Vulnerabilities (CVE)

Filtered by CWE-78
Total 4275 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-21130 1 Netgear 4 Wac505, Wac505 Firmware, Wac510 and 1 more 2024-11-21 5.8 MEDIUM 8.8 HIGH
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17.
CVE-2018-21127 1 Netgear 4 Wac505, Wac505 Firmware, Wac510 and 1 more 2024-11-21 5.8 MEDIUM 8.8 HIGH
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17.
CVE-2018-21126 1 Netgear 4 Wac505, Wac505 Firmware, Wac510 and 1 more 2024-11-21 5.8 MEDIUM 8.8 HIGH
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17.
CVE-2018-21110 1 Netgear 2 R7800, R7800 Firmware 2024-11-21 5.2 MEDIUM 6.8 MEDIUM
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.
CVE-2018-21109 1 Netgear 2 R7800, R7800 Firmware 2024-11-21 5.2 MEDIUM 6.8 MEDIUM
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.
CVE-2018-21108 1 Netgear 2 R7800, R7800 Firmware 2024-11-21 5.2 MEDIUM 6.8 MEDIUM
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.
CVE-2018-21107 1 Netgear 2 R7800, R7800 Firmware 2024-11-21 5.2 MEDIUM 6.8 MEDIUM
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.
CVE-2018-21106 1 Netgear 2 R7800, R7800 Firmware 2024-11-21 5.2 MEDIUM 6.8 MEDIUM
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.
CVE-2018-21105 1 Netgear 2 R7800, R7800 Firmware 2024-11-21 5.2 MEDIUM 6.8 MEDIUM
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.
CVE-2018-21104 1 Netgear 2 R7800, R7800 Firmware 2024-11-21 5.2 MEDIUM 6.8 MEDIUM
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.
CVE-2018-21103 1 Netgear 2 R7800, R7800 Firmware 2024-11-21 5.2 MEDIUM 6.8 MEDIUM
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.
CVE-2018-21101 1 Netgear 2 R7800, R7800 Firmware 2024-11-21 5.2 MEDIUM 8.0 HIGH
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.
CVE-2018-21100 1 Netgear 2 R7800, R7800 Firmware 2024-11-21 5.2 MEDIUM 8.0 HIGH
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.
CVE-2018-21099 1 Netgear 2 R7800, R7800 Firmware 2024-11-21 5.2 MEDIUM 8.0 HIGH
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.
CVE-2018-21098 1 Netgear 2 R7800, R7800 Firmware 2024-11-21 5.2 MEDIUM 6.8 MEDIUM
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.
CVE-2018-20969 1 Gnu 1 Patch 2024-11-21 9.3 HIGH 7.8 HIGH
do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.
CVE-2018-20841 1 Hootoo 2 Tripmate Titan Ht-tm05, Tripmate Titan Ht-tm05 Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
HooToo TripMate Titan HT-TM05 and HT-05 routers with firmware 2.000.022 and 2.000.082 allow remote command execution via shell metacharacters in the mac parameter of a protocol.csp?function=set&fname=security&opt=mac_table request.
CVE-2018-20727 1 Nedi 1 Nedi 2024-11-21 6.5 MEDIUM 8.8 HIGH
Multiple command injection vulnerabilities in NeDi before 1.7Cp3 allow authenticated users to execute code on the server side via the flt parameter to Nodes-Traffic.php, the dv parameter to Devices-Graph.php, or the tit parameter to drawmap.php.
CVE-2018-20434 1 Librenms 1 Librenms 2024-11-21 10.0 HIGH 9.8 CRITICAL
LibreNMS 1.46 allows remote attackers to execute arbitrary OS commands by using the $_POST['community'] parameter to html/pages/addhost.inc.php during creation of a new device, and then making a /ajax_output.php?id=capture&format=text&type=snmpwalk&hostname=localhost request that triggers html/includes/output/capture.inc.php command mishandling.
CVE-2018-20334 1 Asus 47 Asuswrt, Gt-ac2900, Gt-ac5300 and 44 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using this issue, an attacker can control the router and get shell.