Total
4275 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-21130 | 1 Netgear | 4 Wac505, Wac505 Firmware, Wac510 and 1 more | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17. | |||||
CVE-2018-21127 | 1 Netgear | 4 Wac505, Wac505 Firmware, Wac510 and 1 more | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17. | |||||
CVE-2018-21126 | 1 Netgear | 4 Wac505, Wac505 Firmware, Wac510 and 1 more | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17. | |||||
CVE-2018-21110 | 1 Netgear | 2 R7800, R7800 Firmware | 2024-11-21 | 5.2 MEDIUM | 6.8 MEDIUM |
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. | |||||
CVE-2018-21109 | 1 Netgear | 2 R7800, R7800 Firmware | 2024-11-21 | 5.2 MEDIUM | 6.8 MEDIUM |
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. | |||||
CVE-2018-21108 | 1 Netgear | 2 R7800, R7800 Firmware | 2024-11-21 | 5.2 MEDIUM | 6.8 MEDIUM |
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. | |||||
CVE-2018-21107 | 1 Netgear | 2 R7800, R7800 Firmware | 2024-11-21 | 5.2 MEDIUM | 6.8 MEDIUM |
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. | |||||
CVE-2018-21106 | 1 Netgear | 2 R7800, R7800 Firmware | 2024-11-21 | 5.2 MEDIUM | 6.8 MEDIUM |
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. | |||||
CVE-2018-21105 | 1 Netgear | 2 R7800, R7800 Firmware | 2024-11-21 | 5.2 MEDIUM | 6.8 MEDIUM |
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. | |||||
CVE-2018-21104 | 1 Netgear | 2 R7800, R7800 Firmware | 2024-11-21 | 5.2 MEDIUM | 6.8 MEDIUM |
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. | |||||
CVE-2018-21103 | 1 Netgear | 2 R7800, R7800 Firmware | 2024-11-21 | 5.2 MEDIUM | 6.8 MEDIUM |
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. | |||||
CVE-2018-21101 | 1 Netgear | 2 R7800, R7800 Firmware | 2024-11-21 | 5.2 MEDIUM | 8.0 HIGH |
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. | |||||
CVE-2018-21100 | 1 Netgear | 2 R7800, R7800 Firmware | 2024-11-21 | 5.2 MEDIUM | 8.0 HIGH |
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. | |||||
CVE-2018-21099 | 1 Netgear | 2 R7800, R7800 Firmware | 2024-11-21 | 5.2 MEDIUM | 8.0 HIGH |
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. | |||||
CVE-2018-21098 | 1 Netgear | 2 R7800, R7800 Firmware | 2024-11-21 | 5.2 MEDIUM | 6.8 MEDIUM |
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. | |||||
CVE-2018-20969 | 1 Gnu | 1 Patch | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter. | |||||
CVE-2018-20841 | 1 Hootoo | 2 Tripmate Titan Ht-tm05, Tripmate Titan Ht-tm05 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
HooToo TripMate Titan HT-TM05 and HT-05 routers with firmware 2.000.022 and 2.000.082 allow remote command execution via shell metacharacters in the mac parameter of a protocol.csp?function=set&fname=security&opt=mac_table request. | |||||
CVE-2018-20727 | 1 Nedi | 1 Nedi | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
Multiple command injection vulnerabilities in NeDi before 1.7Cp3 allow authenticated users to execute code on the server side via the flt parameter to Nodes-Traffic.php, the dv parameter to Devices-Graph.php, or the tit parameter to drawmap.php. | |||||
CVE-2018-20434 | 1 Librenms | 1 Librenms | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
LibreNMS 1.46 allows remote attackers to execute arbitrary OS commands by using the $_POST['community'] parameter to html/pages/addhost.inc.php during creation of a new device, and then making a /ajax_output.php?id=capture&format=text&type=snmpwalk&hostname=localhost request that triggers html/includes/output/capture.inc.php command mishandling. | |||||
CVE-2018-20334 | 1 Asus | 47 Asuswrt, Gt-ac2900, Gt-ac5300 and 44 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using this issue, an attacker can control the router and get shell. |