Total
4255 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-0164 | 1 Orangescrum | 1 Orangescrum | 2025-04-03 | N/A | 8.8 HIGH |
| OrangeScrum version 2.0.11 allows an authenticated external attacker to execute arbitrary commands on the server. This is possible because the application injects an attacker-controlled parameter into a system function. | |||||
| CVE-2020-25223 | 1 Sophos | 1 Unified Threat Management | 2025-04-03 | 10.0 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11 | |||||
| CVE-2019-19356 | 1 Netis-systems | 2 Wf2419, Wf2419 Firmware | 2025-04-03 | 8.5 HIGH | 7.5 HIGH |
| Netis WF2419 is vulnerable to authenticated Remote Code Execution (RCE) as root through the router Web management page. The vulnerability has been found in firmware version V1.2.31805 and V2.2.36123. After one is connected to this page, it is possible to execute system commands as root through the tracert diagnostic tool because of lack of user input sanitizing. | |||||
| CVE-2019-17621 | 1 Dlink | 28 Dir-818lx, Dir-818lx Firmware, Dir-822 and 25 more | 2025-04-03 | 10.0 HIGH | 9.8 CRITICAL |
| The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network. | |||||
| CVE-2019-16920 | 1 Dlink | 20 Dap-1533, Dap-1533 Firmware, Dhp-1565 and 17 more | 2025-04-03 | 10.0 HIGH | 9.8 CRITICAL |
| Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these are also affected: DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825. | |||||
| CVE-2019-11539 | 2 Ivanti, Pulsesecure | 3 Connect Secure, Policy Secure, Pulse Policy Secure | 2025-04-03 | 6.5 MEDIUM | 7.2 HIGH |
| In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin web interface allows an authenticated attacker to inject and execute commands. | |||||
| CVE-2021-45382 | 1 Dlink | 12 Dir-810l, Dir-810l Firmware, Dir-820l and 9 more | 2025-04-03 | 10.0 HIGH | 9.8 CRITICAL |
| A Remote Command Execution (RCE) vulnerability exists in all series H/W revisions D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L routers via the DDNS function in ncc2 binary file. Note: DIR-810L, DIR-820L, DIR-830L, DIR-826L, DIR-836L, all hardware revisions, have reached their End of Life ("EOL") /End of Service Life ("EOS") Life-Cycle and as such this issue will not be patched. | |||||
| CVE-2020-7247 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2025-04-03 | 10.0 HIGH | 9.8 CRITICAL |
| smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation. | |||||
| CVE-2022-46476 | 1 Dlink | 2 Dir-859 A1, Dir-859 A1 Firmware | 2025-04-03 | N/A | 9.8 CRITICAL |
| D-Link DIR-859 A1 1.05 was discovered to contain a command injection vulnerability via the service= variable in the soapcgi_main function. | |||||
| CVE-2022-48125 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2025-04-03 | N/A | 9.8 CRITICAL |
| TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the password parameter in the setting/setOpenVpnCertGenerationCfg function. | |||||
| CVE-2022-48124 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2025-04-03 | N/A | 9.8 CRITICAL |
| TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the FileName parameter in the setting/setOpenVpnCertGenerationCfg function. | |||||
| CVE-2022-48123 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2025-04-03 | N/A | 9.8 CRITICAL |
| TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the servername parameter in the setting/delStaticDhcpRules function. | |||||
| CVE-2022-48122 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2025-04-03 | N/A | 9.8 CRITICAL |
| TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the dayvalid parameter in the setting/delStaticDhcpRules function. | |||||
| CVE-2022-48121 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2025-04-03 | N/A | 9.8 CRITICAL |
| TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the rsabits parameter in the setting/delStaticDhcpRules function. | |||||
| CVE-2024-41314 | 1 Totolink | 2 A6000r, A6000r Firmware | 2025-04-03 | N/A | 6.8 MEDIUM |
| TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function. | |||||
| CVE-2024-41315 | 1 Totolink | 2 A6000r, A6000r Firmware | 2025-04-03 | N/A | 6.8 MEDIUM |
| TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function. | |||||
| CVE-2024-41317 | 1 Totolink | 2 A6000r, A6000r Firmware | 2025-04-03 | N/A | 8.0 HIGH |
| TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function. | |||||
| CVE-2024-37626 | 1 Totolink | 2 A6000r, A6000r Firmware | 2025-04-03 | N/A | 8.8 HIGH |
| A command injection issue in TOTOLINK A6000R V1.0.1-B20201211.2000 firmware allows a remote attacker to execute arbitrary code via the iface parameter in the vif_enable function. | |||||
| CVE-2025-1829 | 1 Totolink | 2 X18, X18 Firmware | 2025-04-03 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in TOTOLINK X18 9.1.0cu.2024_B20220329. It has been declared as critical. This vulnerability affects the function setMtknatCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument mtkhnatEnable leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-2094 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2025-04-03 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. It has been rated as critical. Affected by this issue is the function setWiFiExtenderConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument apcliKey/key leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||