Total
4684 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-35194 | 1 Peplink | 2 Surf Soho, Surf Soho Firmware | 2025-11-04 | N/A | 7.2 HIGH |
| An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability is specifically for the `system` call in the file `/web/MANGA/cgi-bin/api.cgi` for firmware version 6.3.5 at offset `0x4bde44`. | |||||
| CVE-2023-35193 | 1 Peplink | 2 Surf Soho, Surf Soho Firmware | 2025-11-04 | N/A | 7.2 HIGH |
| An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability is specifically for the `system` call in the file `/web/MANGA/cgi-bin/api.cgi` for firmware version 6.3.5 at offset 0x4bddb8. | |||||
| CVE-2023-34356 | 1 Peplink | 2 Surf Soho, Surf Soho Firmware | 2025-11-04 | N/A | 7.2 HIGH |
| An OS command injection vulnerability exists in the data.cgi xfer_dns functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2023-28528 | 1 Ibm | 2 Aix, Vios | 2025-11-04 | N/A | 8.4 HIGH |
| IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 251207. | |||||
| CVE-2023-28381 | 1 Peplink | 2 Surf Soho, Surf Soho Firmware | 2025-11-04 | N/A | 7.2 HIGH |
| An OS command injection vulnerability exists in the admin.cgi MVPN_trial_init functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2023-25583 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2025-11-04 | N/A | 7.2 HIGH |
| Two OS command injection vulnerabilities exist in the zebra vlan_name functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the code branch that manages a new vlan configuration. | |||||
| CVE-2023-25582 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2025-11-04 | N/A | 7.2 HIGH |
| Two OS command injection vulnerabilities exist in the zebra vlan_name functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the code branch that manages an already existing vlan configuration. | |||||
| CVE-2023-24582 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2025-11-04 | N/A | 8.8 HIGH |
| Two OS command injection vulnerabilities exist in the urvpn_client cmd_name_action functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This OS command injection is triggered through a TCP packet. | |||||
| CVE-2023-24520 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2025-11-04 | N/A | 8.8 HIGH |
| Two OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1 functionality of Milesight UR32L v32.3.0.5. A specially-crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the trace tool utility. | |||||
| CVE-2023-24519 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2025-11-04 | N/A | 8.8 HIGH |
| Two OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1 functionality of Milesight UR32L v32.3.0.5. A specially-crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the ping tool utility. | |||||
| CVE-2022-42493 | 1 Siretta | 2 Quartz-gold, Quartz-gold Firmware | 2025-11-04 | N/A | 9.8 CRITICAL |
| Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is reachable through the m2m's DOWNLOAD_INFO command. | |||||
| CVE-2022-42492 | 1 Siretta | 2 Quartz-gold, Quartz-gold Firmware | 2025-11-04 | N/A | 9.8 CRITICAL |
| Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is reachable through the m2m's DOWNLOAD_AD command. | |||||
| CVE-2022-42491 | 1 Siretta | 2 Quartz-gold, Quartz-gold Firmware | 2025-11-04 | N/A | 9.8 CRITICAL |
| Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is reachable through the m2m's M2M_CONFIG_SET command | |||||
| CVE-2022-42490 | 1 Siretta | 2 Quartz-gold, Quartz-gold Firmware | 2025-11-04 | N/A | 9.8 CRITICAL |
| Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is reachable through the m2m's DOWNLOAD_CFG_FILE command | |||||
| CVE-2024-31705 | 2025-11-04 | N/A | 9.8 CRITICAL | ||
| An issue in Infotel Conseil GLPI v.10.X.X and after allows a remote attacker to execute arbitrary code via the insufficient validation of user-supplied input. | |||||
| CVE-2023-47618 | 1 Tp-link | 2 Er7206, Er7206 Firmware | 2025-11-04 | N/A | 7.2 HIGH |
| A post authentication command execution vulnerability exists in the web filtering functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2023-47617 | 1 Tp-link | 2 Er7206, Er7206 Firmware | 2025-11-04 | N/A | 7.2 HIGH |
| A post authentication command injection vulnerability exists when configuring the web group member of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2023-47209 | 1 Tp-link | 2 Er7206, Er7206 Firmware | 2025-11-04 | N/A | 7.2 HIGH |
| A post authentication command injection vulnerability exists in the ipsec policy functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2023-46683 | 1 Tp-link | 2 Er7206, Er7206 Firmware | 2025-11-04 | N/A | 7.2 HIGH |
| A post authentication command injection vulnerability exists when configuring the wireguard VPN functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection . An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2023-43482 | 1 Tp-link | 2 Er7206, Er7206 Firmware | 2025-11-04 | N/A | 7.2 HIGH |
| A command execution vulnerability exists in the guest resource functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||