Total
3597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-5157 | 1 Wago | 2 Pfc200, Pfc200 Firmware | 2020-03-18 | 6.5 MEDIUM | 7.2 HIGH |
| An exploitable command injection vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 Firmware versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). An attacker can inject OS commands into the TimeoutUnconfirmed parameter value contained in the Firmware Update command. | |||||
| CVE-2019-5156 | 1 Wago | 2 Pfc200, Pfc200 Firmware | 2020-03-18 | 6.5 MEDIUM | 7.2 HIGH |
| An exploitable command injection vulnerability exists in the cloud connectivity functionality of WAGO PFC200 versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). An attacker can inject operating system commands into the TimeoutPrepared parameter value contained in the firmware update command. | |||||
| CVE-2019-5171 | 1 Wago | 2 Pfc200, Pfc200 Firmware | 2020-03-17 | 7.2 HIGH | 7.8 HIGH |
| An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send specially crafted packet at 0x1ea48 to the extracted hostname value from the xml file that is used as an argument to /etc/config-tools/config_interfaces interface=X1 state=enabled ip-address=<contents of ip node> using sprintf(). | |||||
| CVE-2019-5170 | 1 Wago | 2 Pfc200, Pfc200 Firmware | 2020-03-17 | 7.2 HIGH | 7.8 HIGH |
| An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to trigger the parsing of this cache file.At 0x1e87c the extracted hostname value from the xml file is used as an argument to /etc/config-tools/change_hostname hostname=<contents of hostname node> using sprintf(). This command is later executed via a call to system(). | |||||
| CVE-2019-5169 | 1 Wago | 2 Pfc200, Pfc200 Firmware | 2020-03-17 | 7.2 HIGH | 7.8 HIGH |
| An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to trigger the parsing of this cache file. At 0x1e900 the extracted gateway value from the xml file is used as an argument to /etc/config-tools/config_default_gateway number=0 state=enabled value=<contents of gateway node> using sprintf(). This command is later executed via a call to system(). | |||||
| CVE-2019-5175 | 1 Wago | 2 Pfc200, Pfc200 Firmware | 2020-03-17 | 7.2 HIGH | 7.8 HIGH |
| An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to trigger the parsing of this cache file.At 0x1ea28 the extracted type value from the xml file is used as an argument to /etc/config-tools/config_interfaces interface=X1 state=enabled config-type=<contents of type node> using sprintf(). This command is later executed via a call to system(). | |||||
| CVE-2019-5174 | 1 Wago | 2 Pfc200, Pfc200 Firmware | 2020-03-17 | 7.2 HIGH | 7.8 HIGH |
| An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to trigger the parsing of this cache file.At 0x1e9fc the extracted subnetmask value from the xml file is used as an argument to /etc/config-tools/config_interfaces interface=X1 state=enabled subnet-mask=<contents of subnetmask node> using sprintf(). This command is later executed via a call to system(). | |||||
| CVE-2019-5155 | 1 Wago | 2 Pfc200, Pfc200 Firmware | 2020-03-17 | 9.0 HIGH | 7.2 HIGH |
| An exploitable command injection vulnerability exists in the cloud connectivity feature of WAGO PFC200. An attacker can inject operating system commands into any of the parameter values contained in the firmware update command. This affects WAGO PFC200 Firmware version 03.02.02(14), version 03.01.07(13), and version 03.00.39(12) | |||||
| CVE-2019-5173 | 1 Wago | 2 Pfc200, Pfc200 Firmware | 2020-03-17 | 7.2 HIGH | 7.8 HIGH |
| An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to trigger the parsing of this cache file. At 0x1e9fc the extracted state value from the xml file is used as an argument to /etc/config-tools/config_interfaces interface=X1 state=<contents of state node> using sprintf(). This command is later executed via a call to system(). | |||||
| CVE-2019-5172 | 1 Wago | 2 Pfc200, Pfc200 Firmware | 2020-03-17 | 7.2 HIGH | 7.8 HIGH |
| An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file. At 0x1e840 the extracted ntp value from the xml file is used as an argument to /etc/config-tools/config_sntp time-server-%d=<contents of ntp node> using sprintf(). This command is later executed via a call to system(). This is done in a loop and there is no limit to how many ntp entries will be parsed from the xml file. | |||||
| CVE-2020-9436 | 1 Phoenixcontact | 12 Tc Cloud Client 1002-4g, Tc Cloud Client 1002-4g Firmware, Tc Cloud Client 1002-txtx and 9 more | 2020-03-16 | 9.0 HIGH | 8.8 HIGH |
| PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17 devices allow authenticated users to inject system commands through a modified POST request to a specific URL. | |||||
| CVE-2019-5168 | 1 Wago | 2 Pfc200, Pfc200 Firmware | 2020-03-16 | 7.2 HIGH | 7.8 HIGH |
| An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 version 03.02.02(14). An attacker can send a specially crafted XML cache file At 0x1e8a8 the extracted domainname value from the xml file is used as an argument to /etc/config-tools/edit_dns_server domain-name=<contents of domainname node> using sprintf().This command is later executed via a call to system(). | |||||
| CVE-2020-1980 | 1 Paloaltonetworks | 1 Pan-os | 2020-03-13 | 7.2 HIGH | 7.8 HIGH |
| A shell command injection vulnerability in the PAN-OS CLI allows a local authenticated user to escape the restricted shell and escalate privileges. This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13. This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions. This issue is fixed in PAN-OS 8.1.13, and all later versions. | |||||
| CVE-2018-14701 | 1 Drobo | 2 5n2, 5n2 Firmware | 2020-03-13 | 7.5 HIGH | 9.8 CRITICAL |
| System command injection in the /DroboAccess/delete_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to execute system commands via the "username" URL parameter. | |||||
| CVE-2018-3757 | 1 Pdf-image Project | 1 Pdf-image | 2020-03-13 | 10.0 HIGH | 9.8 CRITICAL |
| Command injection exists in pdf-image v2.0.0 due to an unescaped string parameter. | |||||
| CVE-2020-10250 | 1 Meinbwa | 2 Direx-pro, Direx-pro Firmware | 2020-03-10 | 10.0 HIGH | 9.8 CRITICAL |
| BWA DiREX-Pro 1.2181 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the PKG parameter to uninstall.php3. | |||||
| CVE-2020-10173 | 1 Comtrend | 2 Vr-3033, Vr-3033 Firmware | 2020-03-10 | 9.0 HIGH | 8.8 HIGH |
| Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m devices have Multiple Authenticated Command Injection vulnerabilities via the ping and traceroute diagnostic pages, as demonstrated by shell metacharacters in the pingIpAddress parameter to ping.cgi. | |||||
| CVE-2020-10213 | 2 Dlink, Trendnet | 4 Dir-825, Dir-825 Firmware, Tew-632brp and 1 more | 2020-03-09 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the wps_sta_enrollee_pin parameter in a set_sta_enrollee_pin.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected. | |||||
| CVE-2020-10215 | 2 Dlink, Trendnet | 4 Dir-825, Dir-825 Firmware, Tew-632brp and 1 more | 2020-03-09 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the dns_query_name parameter in a dns_query.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected. | |||||
| CVE-2020-10216 | 2 Dlink, Trendnet | 4 Dir-825, Dir-825 Firmware, Tew-632brp and 1 more | 2020-03-09 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the date parameter in a system_time.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected. | |||||