Total
4462 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-27102 | 1 Accellion | 1 Fta | 2025-03-14 | 7.2 HIGH | 7.8 HIGH |
| Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call. The fixed version is FTA_9_12_416 and later. | |||||
| CVE-2021-25298 | 1 Nagios | 1 Nagios Xi | 2025-03-14 | 9.0 HIGH | 8.8 HIGH |
| Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server. | |||||
| CVE-2020-25506 | 1 Dlink | 2 Dns-320, Dns-320 Firmware | 2025-03-14 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the system_mgr.cgi component, which can lead to remote arbitrary code execution. | |||||
| CVE-2024-57012 | 1 Totolink | 2 X5000r, X5000r Firmware | 2025-03-14 | N/A | 8.8 HIGH |
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "week" parameter in setScheduleCfg. | |||||
| CVE-2017-18368 | 2 Billion, Zyxel | 6 5200w-t, 5200w-t Firmware, P660hn-t1a V1 and 3 more | 2025-03-14 | 10.0 HIGH | 9.8 CRITICAL |
| The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. The vulnerability is in the ViewLog.asp page and can be exploited through the remote_host parameter. | |||||
| CVE-2024-36360 | 2025-03-14 | N/A | 9.8 CRITICAL | ||
| OS command injection vulnerability exists in awkblog v0.0.1 (commit hash:7b761b192d0e0dc3eef0f30630e00ece01c8d552) and earlier. If a remote unauthenticated attacker sends a specially crafted HTTP request, an arbitrary OS command may be executed with the privileges of the affected product on the machine running the product. | |||||
| CVE-2023-34281 | 1 Dlink | 2 Dir-2150, Dir-2150 Firmware | 2025-03-13 | N/A | 8.0 HIGH |
| D-Link DIR-2150 GetFirmwareStatus Target Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SOAP API interface, which listens on TCP port 80 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20561. | |||||
| CVE-2023-34280 | 1 Dlink | 2 Dir-2150, Dir-2150 Firmware | 2025-03-13 | N/A | 8.0 HIGH |
| D-Link DIR-2150 SetSysEmailSettings EmailTo Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SOAP API interface, which listens on TCP port 80 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20559. | |||||
| CVE-2023-34279 | 1 Dlink | 2 Dir-2150, Dir-2150 Firmware | 2025-03-13 | N/A | 8.8 HIGH |
| D-Link DIR-2150 GetDeviceSettings Target Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SOAP API interface, which listens on TCP port 80 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20558. | |||||
| CVE-2023-34278 | 1 Dlink | 2 Dir-2150, Dir-2150 Firmware | 2025-03-13 | N/A | 8.0 HIGH |
| D-Link DIR-2150 SetSysEmailSettings EmailFrom Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SOAP API interface, which listens on TCP port 80 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20556. | |||||
| CVE-2023-34277 | 1 Dlink | 2 Dir-2150, Dir-2150 Firmware | 2025-03-13 | N/A | 8.0 HIGH |
| D-Link DIR-2150 SetSysEmailSettings AccountName Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SOAP API interface, which listens on TCP port 80 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20555. | |||||
| CVE-2023-34276 | 1 Dlink | 2 Dir-2150, Dir-2150 Firmware | 2025-03-13 | N/A | 8.0 HIGH |
| D-Link DIR-2150 SetTriggerPPPoEValidate Username Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SOAP API interface, which listens on TCP port 80 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20554. | |||||
| CVE-2023-34275 | 1 Dlink | 2 Dir-2150, Dir-2150 Firmware | 2025-03-13 | N/A | 8.0 HIGH |
| D-Link DIR-2150 SetNTPServerSettings Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SOAP API interface, which listens on TCP port 80 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20553. | |||||
| CVE-2022-36231 | 1 Newspaperclub | 1 Pdf Info | 2025-03-13 | N/A | 9.8 CRITICAL |
| pdf_info 0.5.3 is vulnerable to Command Execution because the Ruby code uses backticks instead of Open3. | |||||
| CVE-2022-20708 | 1 Cisco | 8 Rv340, Rv340 Firmware, Rv340w and 5 more | 2025-03-13 | 10.0 HIGH | 10.0 CRITICAL |
| Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2024-52723 | 1 Totolink | 2 X6000r, X6000r Firmware | 2025-03-13 | N/A | 9.8 CRITICAL |
| In TOTOLINK X6000R V9.4.0cu.1041_B20240224 in the shttpd file, the Uci_Set Str function is used without strict parameter filtering. An attacker can achieve arbitrary command execution by constructing the payload. | |||||
| CVE-2022-30525 | 1 Zyxel | 32 Atp100, Atp100 Firmware, Atp100w and 29 more | 2025-03-13 | 10.0 HIGH | 9.8 CRITICAL |
| A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware versions 4.60 through 5.21 Patch 1, which could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device. | |||||
| CVE-2023-28771 | 1 Zyxel | 38 Atp100, Atp100 Firmware, Atp100w and 35 more | 2025-03-13 | N/A | 9.8 CRITICAL |
| Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an unauthenticated attacker to execute some OS commands remotely by sending crafted packets to an affected device. | |||||
| CVE-2022-26258 | 1 Dlink | 2 Dir-820l, Dir-820l Firmware | 2025-03-13 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link DIR-820L 1.05B03 was discovered to contain remote command execution (RCE) vulnerability via HTTP POST to get set ccp. | |||||
| CVE-2024-57018 | 1 Totolink | 2 X5000r, X5000r Firmware | 2025-03-13 | N/A | 8.8 HIGH |
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "desc" parameter in setVpnAccountCfg. | |||||