Total
4869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-38319 | 1 Opennds | 1 Opennds | 2025-06-20 | N/A | 9.8 CRITICAL |
| An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the FAS key entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands. | |||||
| CVE-2023-38318 | 1 Opennds | 1 Opennds | 2025-06-20 | N/A | 9.8 CRITICAL |
| An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the gateway FQDN entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands. | |||||
| CVE-2023-49329 | 1 Anomali | 1 Match | 2025-06-20 | N/A | 7.2 HIGH |
| Anomali Match before 4.6.2 allows OS Command Injection. An authenticated admin user can inject and execute operating system commands. This arises from improper handling of untrusted input, enabling an attacker to elevate privileges, execute system commands, and potentially compromise the underlying operating system. The fixed versions are 4.4.5, 4.5.4, and 4.6.2. The earliest affected version is 4.3. | |||||
| CVE-2025-5030 | 1 Ackites | 1 Killwxapkg | 2025-06-20 | 5.1 MEDIUM | 5.0 MEDIUM |
| A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It has been declared as critical. This vulnerability affects the function processFile of the file internal/unpack/unpack.go of the component wxapkg File Parser. The manipulation leads to os command injection. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-23061 | 1 Totolink | 2 A3300r, A3300r Firmware | 2025-06-20 | N/A | 9.8 CRITICAL |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the minute parameter in the setScheduleCfg function. | |||||
| CVE-2023-52029 | 1 Totolink | 2 A3700r, A3700r Firmware | 2025-06-20 | N/A | 9.8 CRITICAL |
| TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setDiagnosisCfg function. | |||||
| CVE-2023-52028 | 1 Totolink | 2 A3700r, A3700r Firmware | 2025-06-20 | N/A | 9.8 CRITICAL |
| TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setTracerouteCfg function. | |||||
| CVE-2023-49254 | 1 Hongdian | 2 H8951-4g-esp, H8951-4g-esp Firmware | 2025-06-20 | N/A | 8.8 HIGH |
| Authenticated user can execute arbitrary commands in the context of the root user by providing payload in the "destination" field of the network test tools. This is similar to the vulnerability CVE-2021-28151 mitigated on the user interface level by blacklisting characters with JavaScript, however, it can still be exploited by sending POST requests directly. | |||||
| CVE-2023-51123 | 1 Dlink | 2 Dir-815, Dir-815 Firmware | 2025-06-20 | N/A | 9.8 CRITICAL |
| An issue discovered in D-Link dir815 v.1.01SSb08.bin allows a remote attacker to execute arbitrary code via a crafted POST request to the service parameter in the soapcgi_main function of the cgibin binary component. | |||||
| CVE-2023-49235 | 1 Trendnet | 2 Tv-ip1314pi, Tv-ip1314pi Firmware | 2025-06-20 | N/A | 9.8 CRITICAL |
| An issue was discovered in libremote_dbg.so on TRENDnet TV-IP1314PI 5.5.3 200714 devices. Filtering of debug information is mishandled during use of popen. Consequently, an attacker can bypass validation and execute a shell command. | |||||
| CVE-2024-23060 | 1 Totolink | 2 A3300r, A3300r Firmware | 2025-06-17 | N/A | 9.8 CRITICAL |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDmzCfg function. | |||||
| CVE-2024-21821 | 1 Tp-link | 6 Archer Ax3000, Archer Ax3000 Firmware, Archer Ax5400 and 3 more | 2025-06-17 | N/A | 8.0 HIGH |
| Multiple TP-LINK products allow a network-adjacent authenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands. | |||||
| CVE-2022-36510 | 1 H3c | 2 Gr2200, Gr2200 Firmware | 2025-06-17 | N/A | 7.8 HIGH |
| H3C GR2200 MiniGR1A0V100R014 was discovered to contain a command injection vulnerability via the param parameter at DelL2tpLNSList. | |||||
| CVE-2022-36509 | 1 H3c | 2 Gr3200, Gr3200 Firmware | 2025-06-17 | N/A | 7.8 HIGH |
| H3C GR3200 MiniGR1B0V100R014 was discovered to contain a command injection vulnerability via the param parameter at DelL2tpLNSList. | |||||
| CVE-2025-39240 | 2025-06-17 | N/A | 7.2 HIGH | ||
| Some Hikvision Wireless Access Point are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to arbitrary command execution. | |||||
| CVE-2024-33792 | 1 Netis-systems | 2 Mex605, Mex605 Firmware | 2025-06-17 | N/A | 9.8 CRITICAL |
| netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary OS commands via a crafted payload to the tracert page. | |||||
| CVE-2024-33793 | 1 Netis-systems | 2 Mex605, Mex605 Firmware | 2025-06-17 | N/A | 5.3 MEDIUM |
| netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary OS commands via a crafted payload to the ping test page. | |||||
| CVE-2022-45699 | 1 Apsystems | 2 Ecu-r, Ecu-r Firmware | 2025-06-17 | N/A | 9.8 CRITICAL |
| Command injection in the administration interface in APSystems ECU-R version 5203 allows a remote unauthenticated attacker to execute arbitrary commands as root using the timezone parameter. | |||||
| CVE-2024-21833 | 1 Tp-link | 10 Archer Ax3000, Archer Ax3000 Firmware, Archer Ax5400 and 7 more | 2025-06-16 | N/A | 8.8 HIGH |
| Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product to execute arbitrary OS commands. The affected device, with the initial configuration, allows login only from the LAN port or Wi-Fi. | |||||
| CVE-2023-51984 | 1 Dlink | 2 Dir-822, Dir-822 Firmware | 2025-06-16 | N/A | 9.8 CRITICAL |
| D-Link DIR-822+ V1.0.2 was found to contain a command injection in SetStaticRouteSettings function. allows remote attackers to execute arbitrary commands via shell. | |||||