Total
1690 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-22729 | 1 Netis-systems | 2 Mw5360, Mw5360 Firmware | 2024-02-01 | N/A | 9.8 CRITICAL |
| NETIS SYSTEMS MW5360 V1.0.1.3031 was discovered to contain a command injection vulnerability via the password parameter on the login page. | |||||
| CVE-2023-51833 | 1 Trendnet | 2 Tew-411brpplus, Tew-411brpplus Firmware | 2024-01-31 | N/A | 8.1 HIGH |
| A command injection issue in TRENDnet TEW-411BRPplus v.2.07_eu that allows a local attacker to execute arbitrary code via the data1 parameter in the debug.cgi page. | |||||
| CVE-2024-23625 | 1 Dlink | 2 Dap-1650, Dap-1650 Firmware | 2024-01-31 | 8.3 HIGH | 9.8 CRITICAL |
| A command injection vulnerability exists in D-Link DAP-1650 devices when handling UPnP SUBSCRIBE messages. An unauthenticated attacker can exploit this vulnerability to gain command execution on the device as root. | |||||
| CVE-2024-23624 | 1 Dlink | 2 Dap-1650, Dap-1650 Firmware | 2024-01-31 | 8.3 HIGH | 9.8 CRITICAL |
| A command injection vulnerability exists in the gena.cgi module of D-Link DAP-1650 devices. An unauthenticated attacker can exploit this vulnerability to gain command execution on the device as root. | |||||
| CVE-2023-7227 | 1 Systemk-corp | 6 Nvr 504, Nvr 504 Firmware, Nvr 508 and 3 more | 2024-01-31 | N/A | 9.8 CRITICAL |
| SystemK NVR 504/508/516 versions 2.3.5SK.30084998 and prior are vulnerable to a command injection vulnerability in the dynamic domain name system (DDNS) settings that could allow an attacker to execute arbitrary commands with root privileges. | |||||
| CVE-2024-22529 | 1 Totolink | 2 X2000r, X2000r Firmware | 2024-01-31 | N/A | 9.8 CRITICAL |
| TOTOLINK X2000R_V2 V2.0.0-B20230727.10434 has a command injection vulnerability in the sub_449040 (handle function of formUploadFile) of /bin/boa. | |||||
| CVE-2023-37679 | 1 Nextgen | 1 Mirth Connect | 2024-01-31 | N/A | 9.8 CRITICAL |
| A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server. | |||||
| CVE-2023-52038 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-01-30 | N/A | 9.8 CRITICAL |
| An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415C80 function. | |||||
| CVE-2023-52039 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-01-30 | N/A | 9.8 CRITICAL |
| An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415AA4 function. | |||||
| CVE-2023-52040 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-01-30 | N/A | 9.8 CRITICAL |
| An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_41284C function. | |||||
| CVE-2024-22651 | 1 Dlink | 2 Dir-815, Dir-815 Firmware | 2024-01-30 | N/A | 9.8 CRITICAL |
| There is a command injection vulnerability in the ssdpcgi_main function of cgibin binary in D-Link DIR-815 router firmware v1.04. | |||||
| CVE-2023-50274 | 1 Hp | 1 Oneview | 2024-01-29 | N/A | 7.8 HIGH |
| HPE OneView may allow command injection with local privilege escalation. | |||||
| CVE-2023-24135 | 1 Jensenofscandinavia | 2 Eagle 1200ac, Eagle 1200ac Firmware | 2024-01-29 | N/A | 7.8 HIGH |
| Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a command injection vulnerability in the function formWriteFacMac. This vulnerability allows attackers to execute arbitrary commands via manipulation of the mac parameter. | |||||
| CVE-2024-22663 | 1 Totolink | 2 A3700r, A3700r Firmware | 2024-01-29 | N/A | 9.8 CRITICAL |
| TOTOLINK_A3700R_V9.1.2u.6165_20211012has a command Injection vulnerability via setOpModeCfg | |||||
| CVE-2023-20237 | 1 Cisco | 4 Intersight Assist, Intersight Connected Virtual Appliance, Intersight Private Virtual Appliance and 1 more | 2024-01-25 | N/A | 4.3 MEDIUM |
| A vulnerability in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access internal HTTP services that are otherwise inaccessible. This vulnerability is due to insufficient restrictions on internally accessible http proxies. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker access to internal subnets beyond the sphere of their intended access level. | |||||
| CVE-2023-20220 | 1 Cisco | 1 Firepower Management Center | 2024-01-25 | N/A | 8.8 HIGH |
| Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. To exploit these vulnerabilities, the attacker must have valid device credentials, but does not need Administrator privileges. These vulnerabilities are due to insufficient validation of user-supplied input for certain configuration options. An attacker could exploit these vulnerabilities by using crafted input within the device configuration GUI. A successful exploit could allow the attacker to execute arbitrary commands on the device, including on the underlying operating system, which could also affect the availability of the device. | |||||
| CVE-2023-20219 | 1 Cisco | 1 Firepower Management Center | 2024-01-25 | N/A | 8.8 HIGH |
| Multiple vulnerabilities in the web management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The attacker would need valid device credentials but does not require administrator privileges to exploit this vulnerability. These vulnerabilities are due to insufficient validation of user-supplied input for certain configuration options. An attacker could exploit these vulnerabilities by using crafted input within the device configuration GUI. A successful exploit could allow the attacker to execute arbitrary commands on the device including the underlying operating system which could also affect the availability of the device. | |||||
| CVE-2023-20209 | 1 Cisco | 1 Telepresence Video Communication Server | 2024-01-25 | N/A | 7.2 HIGH |
| A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read-write privileges on the application to perform a command injection attack that could result in remote code execution on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to establish a remote shell with root privileges. | |||||
| CVE-2023-20170 | 1 Cisco | 1 Identity Services Engine | 2024-01-25 | N/A | 6.7 MEDIUM |
| A vulnerability in a specific Cisco ISE CLI command could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, an attacker must have valid Administrator-level privileges on the affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root. | |||||
| CVE-2023-20118 | 1 Cisco | 12 Rv016, Rv016 Firmware, Rv042 and 9 more | 2024-01-25 | N/A | 7.2 HIGH |
| A vulnerability in the web-based management interface of Cisco Small Business Routers RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to improper validation of user input within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to gain root-level privileges and access unauthorized data. To exploit this vulnerability, an attacker would need to have valid administrative credentials on the affected device. Cisco has not and will not release software updates that address this vulnerability. | |||||