Total
2296 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-44959 | 1 Dlink | 2 Dsl-3782, Dsl-3782 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| An issue found in D-Link DSL-3782 v.1.03 and before allows remote authenticated users to execute arbitrary code as root via the Router IP Address fields of the network settings page. | |||||
| CVE-2023-44827 | 1 Easycorp | 3 Zentao, Zentao Biz, Zentao Max | 2024-11-21 | N/A | 8.8 HIGH |
| An issue in ZenTao Community Edition v.18.6 and before, ZenTao Biz v.8.6 and before, ZenTao Max v.4.7 and before allows an attacker to execute arbitrary code via a crafted script to the Office Conversion Settings function. | |||||
| CVE-2023-43891 | 1 Netis-systems | 2 N3m, N3m Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the Changing Username and Password function. This vulnerability is exploited via a crafted payload. | |||||
| CVE-2023-43510 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | N/A | 4.7 MEDIUM |
| A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a non-privileged user on the underlying operating system leading to partial system compromise. | |||||
| CVE-2023-43477 | 1 Telstra | 2 Arcadyan Lh1000, Arcadyan Lh1000 Firmware | 2024-11-21 | N/A | 6.8 MEDIUM |
| The ping_from parameter of ping_tracerte.cgi in the web UI of Telstra Smart Modem Gen 2 (Arcadyan LH1000), firmware versions < 0.18.15r, was not properly sanitized before being used in a system call, which could allow an authenticated attacker to achieve command injection as root on the device. | |||||
| CVE-2023-43455 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the command parameter of the setting/setTracerouteCfg component. | |||||
| CVE-2023-43454 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the hostName parameter of the switchOpMode component. | |||||
| CVE-2023-43453 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the IP parameter of the setDiagnosisCfg component. | |||||
| CVE-2023-43322 | 1 Zpesystems | 1 Nodegrid Os | 2024-11-21 | N/A | 8.8 HIGH |
| ZPE Systems, Inc Nodegrid OS v5.0.0 to v5.0.17, v5.2.0 to v5.2.19, v5.4.0 to v5.4.16, v5.6.0 to v5.6.13, v5.8.0 to v5.8.10, and v5.10.0 to v5.10.3 was discovered to contain a command injection vulnerability via the endpoint /v1/system/toolkit/files/. | |||||
| CVE-2023-43207 | 1 Dlink | 2 Dwl-6610ap, Dwl-6610ap Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function config_upload_handler. This vulnerability allows attackers to execute arbitrary commands via the configRestore parameter. | |||||
| CVE-2023-43206 | 1 Dlink | 2 Dwl-6610ap, Dwl-6610ap Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function web_cert_download_handler. This vulnerability allows attackers to execute arbitrary commands via the certDownload parameter. | |||||
| CVE-2023-43204 | 1 Dlink | 2 Dwl-6610ap, Dwl-6610ap Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function sub_2EF50. This vulnerability allows attackers to execute arbitrary commands via the manual-time-string parameter. | |||||
| CVE-2023-43202 | 1 Dlink | 2 Dwl-6610ap, Dwl-6610ap Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function pcap_download_handler. This vulnerability allows attackers to execute arbitrary commands via the update.device.packet-capture.tftp-file-name parameter. | |||||
| CVE-2023-43138 | 1 Tp-link | 2 Tl-er5120g, Tl-er5120g Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds NAPT rules after authentication, and the rule name has an injection point. | |||||
| CVE-2023-43137 | 1 Tp-link | 2 Tl-er5120g, Tl-er5120g Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds ACL rules after authentication, and the rule name parameter has injection points. | |||||
| CVE-2023-43128 | 1 Dlink | 2 Dir-806, Dir-806 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection due to lax filtering of HTTP_ST parameters. | |||||
| CVE-2023-42810 | 1 Systeminformation | 1 Systeminformation | 2024-11-21 | N/A | 9.8 CRITICAL |
| systeminformation is a System Information Library for Node.JS. Versions 5.0.0 through 5.21.6 have a SSID Command Injection Vulnerability. The problem was fixed with a parameter check in version 5.21.7. As a workaround, check or sanitize parameter strings that are passed to `wifiConnections()`, `wifiNetworks()` (string only). | |||||
| CVE-2023-42326 | 1 Netgate | 2 Pfsense, Pfsense Plus | 2024-11-21 | N/A | 8.8 HIGH |
| An issue in Netgate pfSense v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the interfaces_gif_edit.php and interfaces_gre_edit.php components. | |||||
| CVE-2023-42136 | 1 Paxtechnology | 9 A50, A6650, A77 and 6 more | 2024-11-21 | N/A | 7.8 HIGH |
| PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow the execution of arbitrary commands with system account privilege by shell injection starting with a specific word. The attacker must have shell access to the device in order to exploit this vulnerability. | |||||
| CVE-2023-41724 | 1 Ivanti | 1 Standalone Sentry | 2024-11-21 | N/A | 8.8 HIGH |
| A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat actor to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network. | |||||