Total
1690 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-26319 | 1 Mi | 2 Xiaomi Router Ax3200, Xiaomi Router Ax3200 Firmware | 2023-10-16 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Xiaomi Xiaomi Router allows Command Injection. | |||||
| CVE-2023-45208 | 1 Dlink | 2 Dap-1860, Dap-1860 Firmware | 2023-10-16 | N/A | 8.8 HIGH |
| A command injection in the parsing_xml_stasurvey function inside libcgifunc.so of the D-Link DAP-X1860 repeater 1.00 through 1.01b05-01 allows attackers (within range of the repeater) to run shell commands as root during the setup process of the repeater, via a crafted SSID. Also, network names containing single quotes (in the range of the repeater) can result in a denial of service. | |||||
| CVE-2023-45466 | 1 Netis-systems | 2 N3m, N3mv2 Firmware | 2023-10-16 | N/A | 9.8 CRITICAL |
| Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the pin_host parameter in the WPS Settings. | |||||
| CVE-2023-32632 | 1 Yifanwireless | 2 Yf325, Yf325 Firmware | 2023-10-12 | N/A | 9.8 CRITICAL |
| A command execution vulnerability exists in the validate.so diag_ping_start functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability. | |||||
| CVE-2023-45351 | 1 Atos | 2 Unify Openscape 4000 Assistant, Unify Openscape 4000 Manager | 2023-10-12 | N/A | 8.8 HIGH |
| Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.1, 4000 Assistant V10 R0, 4000 Manager V10 R1 before V10 R1.42.1, and 4000 Manager V10 R0 allow Authenticated Command Injection via AShbr. This is also known as OSFOURK-24039. | |||||
| CVE-2023-45355 | 1 Atos | 2 Unify Openscape 4000 Assistant, Unify Openscape 4000 Manager | 2023-10-12 | N/A | 8.8 HIGH |
| Atos Unify OpenScape 4000 Platform V10 R1 before Hotfix V10 R1.42.2 and 4000 and Manager Platform V10 R1 before Hotfix V10 R1.42.2 allow command injection by an authenticated attacker into the platform operating system, leading to administrative access via the webservice. This is also known as OSFOURK-24120. | |||||
| CVE-2023-45356 | 1 Atos | 2 Unify Openscape 4000 Assistant, Unify Openscape 4000 Manager | 2023-10-12 | N/A | 8.8 HIGH |
| Atos Unify OpenScape 4000 Platform V10 R1 before Hotfix V10 R1.42.2 4000 and Manager Platform V10 R1 before Hotfix V10 R1.42.2 allow command injection by an authenticated attacker into the platform operating system, leading to administrative access, via dtb pages of the platform portal. This is also known as OSFOURK-23719. | |||||
| CVE-2023-44959 | 1 Dlink | 2 Dsl-3782, Dsl-3782 Firmware | 2023-10-11 | N/A | 8.8 HIGH |
| An issue found in D-Link DSL-3782 v.1.03 and before allows remote authenticated users to execute arbitrary code as root via the Router IP Address fields of the network settings page. | |||||
| CVE-2023-44827 | 1 Easycorp | 3 Zentao, Zentao Biz, Zentao Max | 2023-10-11 | N/A | 8.8 HIGH |
| An issue in ZenTao Community Edition v.18.6 and before, ZenTao Biz v.8.6 and before, ZenTao Max v.4.7 and before allows an attacker to execute arbitrary code via a crafted script to the Office Conversion Settings function. | |||||
| CVE-2023-39008 | 1 Opnsense | 1 Opnsense | 2023-10-10 | N/A | 9.8 CRITICAL |
| A command injection vulnerability in the component /api/cron/settings/setJob/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system commands. | |||||
| CVE-2023-39001 | 1 Opnsense | 1 Opnsense | 2023-10-10 | N/A | 9.8 CRITICAL |
| A command injection vulnerability in the component diag_backup.php of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary commands via a crafted backup configuration file. | |||||
| CVE-2023-4401 | 1 Dell | 1 Smartfabric Storage Software | 2023-10-06 | N/A | 8.8 HIGH |
| Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the CLI use of the ‘more’ command. A local or remote authenticated attacker could potentially exploit this vulnerability, leading to the ability to gain root-level access. | |||||
| CVE-2021-1298 | 1 Cisco | 12 Catalyst Sd-wan Manager, Sd-wan Firmware, Sd-wan Vbond Orchestrator and 9 more | 2023-10-06 | 9.0 HIGH | 8.8 HIGH |
| Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-1299 | 1 Cisco | 12 Catalyst Sd-wan Manager, Sd-wan Firmware, Sd-wan Vbond Orchestrator and 9 more | 2023-10-06 | 9.0 HIGH | 8.8 HIGH |
| Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-1260 | 1 Cisco | 12 Catalyst Sd-wan Manager, Sd-wan Firmware, Sd-wan Vbond Orchestrator and 9 more | 2023-10-06 | 7.2 HIGH | 7.8 HIGH |
| Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-1263 | 1 Cisco | 12 Catalyst Sd-wan Manager, Sd-wan Firmware, Sd-wan Vbond Orchestrator and 9 more | 2023-10-06 | 7.2 HIGH | 7.8 HIGH |
| Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-1261 | 1 Cisco | 12 Catalyst Sd-wan Manager, Sd-wan Firmware, Sd-wan Vbond Orchestrator and 9 more | 2023-10-06 | 7.2 HIGH | 7.8 HIGH |
| Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2023-43891 | 1 Netis-systems | 2 N3m, N3m Firmware | 2023-10-04 | N/A | 9.8 CRITICAL |
| Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the Changing Username and Password function. This vulnerability is exploited via a crafted payload. | |||||
| CVE-2023-41029 | 1 Juplink | 2 Rx4-1500, Rx4-1500 Firmware | 2023-09-26 | 7.7 HIGH | 8.8 HIGH |
| Command injection vulnerability in the homemng.htm endpoint in Juplink RX4-1500 Wifi router firmware versions V1.0.2, V1.0.3, V1.0.4, and V1.0.5 allows authenticated remote attackers to execute commands as root via specially crafted HTTP requests to the vulnerable endpoint. | |||||
| CVE-2023-41031 | 1 Juplink | 2 Rx4-1500, Rx4-1500 Firmware | 2023-09-26 | 7.7 HIGH | 8.8 HIGH |
| Command injection in homemng.htm in Juplink RX4-1500 versions V1.0.2, V1.0.3, V1.0.4, and V1.0.5 allows remote authenticated attackers to execute commands via specially crafted requests to the vulnerable endpoint. | |||||