Total
3877 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-6342 | 1 Zyxel | 2 Nas326 Firmware, Nas542 Firmware | 2024-09-10 | 9.8 Critical |
| **UNSUPPORTED WHEN ASSIGNED** A command injection vulnerability in the export-cgi program of Zyxel NAS326 firmware versions through V5.21(AAZF.18)C0 and NAS542 firmware versions through V5.21(ABAG.15)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request. | ||||
| CVE-2024-8574 | 1 Totolink | 3 Ac1200 T8 Firmware, T8, T8 Firmware | 2024-09-10 | 6.3 Medium |
| A vulnerability has been found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220 and classified as critical. This vulnerability affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument slaveIpList leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-7699 | 1 Phoenixcontact | 36 Fl Mguard 2102 Firmware, Fl Mguard 2105 Firmware, Fl Mguard 4102 Pci Firmware and 33 more | 2024-09-10 | 8.8 High |
| An low privileged remote attacker can execute OS commands with root privileges due to improper neutralization of special elements in user data. | ||||
| CVE-2024-43385 | 1 Phoenixcontact | 36 Fl Mguard 2102 Firmware, Fl Mguard 2105 Firmware, Fl Mguard 4102 Pci Firmware and 33 more | 2024-09-10 | 8.8 High |
| A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable PROXY_HTTP_PORT in mGuard devices. | ||||
| CVE-2024-43386 | 1 Phoenixcontact | 36 Fl Mguard 2102 Firmware, Fl Mguard 2105 Firmware, Fl Mguard 4102 Pci Firmware and 33 more | 2024-09-10 | 8.8 High |
| A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable EMAIL_NOTIFICATION.TO in mGuard devices. | ||||
| CVE-2024-43387 | 1 Phoenixcontact | 36 Fl Mguard 2102 Firmware, Fl Mguard 2105 Firmware, Fl Mguard 4102 Pci Firmware and 33 more | 2024-09-10 | 8.8 High |
| A low privileged remote attacker can read and write files as root due to improper neutralization of special elements in the variable EMAIL_RELAY_PASSWORD in mGuard devices. | ||||
| CVE-2024-44333 | 1 Dlink | 6 Di-7003gv2 Firmware, Di-7100g\+v2 Firmware, Di-7100gv2 Firmware and 3 more | 2024-09-09 | 8.8 High |
| D-Link DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command Execution. An attacker can achieve arbitrary command execution by sending a carefully crafted malicious string to the CGI function responsible for handling usb_paswd.asp. | ||||
| CVE-2023-47104 | 2 Linux, Vareille | 2 Linux Kernel, Tiny File Dialogs | 2024-09-09 | 9.8 Critical |
| tinyfiledialogs (aka tiny file dialogs) before 3.15.0 allows shell metacharacters (such as a backquote or a dollar sign) in titles, messages, and other input data. NOTE: this issue exists because of an incomplete fix for CVE-2020-36767, which only considered single and double quote characters. | ||||
| CVE-2023-22816 | 1 Westerndigital | 11 My Cloud, My Cloud Dl2100, My Cloud Dl4100 and 8 more | 2024-09-09 | 6 Medium |
| A post-authentication remote command injection vulnerability in a CGI file in Western Digital My Cloud OS 5 devices that could allow an attacker to build files with redirects and execute larger payloads. This issue affects My Cloud OS 5 devices: before 5.26.300. | ||||
| CVE-2023-39300 | 1 Qnap | 1 Qts | 2024-09-09 | 7.2 High |
| An OS command injection vulnerability has been reported to affect legacy QTS. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 4.3.6.2805 build 20240619 and later QTS 4.3.4.2814 build 20240618 and later QTS 4.3.3.2784 build 20240619 and later QTS 4.2.6 build 20240618 and later | ||||
| CVE-2023-47563 | 2024-09-09 | 7.4 High | ||
| An OS command injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: Video Station 5.8.2 and later | ||||
| CVE-2024-26258 | 2024-09-09 | 7.1 High | ||
| OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with credentials to execute arbitrary OS commands by sending a specially crafted request to the product. | ||||
| CVE-2023-40072 | 1 Elecom | 4 Wab-s300, Wab-s300 Firmware, Wab-s600-ps and 1 more | 2024-09-09 | 8.8 High |
| OS command injection vulnerability in ELECOM wireless LAN access point devices allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. | ||||
| CVE-2024-22372 | 1 Elecom | 10 Wrc-x1800gs-b, Wrc-x1800gs-b Firmware, Wrc-x1800gsa-b and 7 more | 2024-09-09 | 6.8 Medium |
| OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. | ||||
| CVE-2024-25579 | 2024-09-09 | 6.8 Medium | ||
| OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit "WMC-2LX-B". | ||||
| CVE-2024-39607 | 1 Elecom | 3 Wrc-x1500gs-b Firmware, Wrc-x1500gsa-b Firmware, Wrc-x6000xs-g Firmware | 2024-09-09 | 6.8 Medium |
| OS command injection vulnerability exists in ELECOM wireless LAN routers. A specially crafted request may be sent to the affected product by a logged-in user with an administrative privilege to execute an arbitrary OS command. | ||||
| CVE-2024-43804 | 1 Roxy-wi | 1 Roxy-wi | 2024-09-06 | 8.8 High |
| Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. An OS Command Injection vulnerability allows any authenticated user on the application to execute arbitrary code on the web application server via port scanning functionality. User-supplied input is used without validation when constructing and executing an OS command. User supplied JSON POST data is parsed and if "id" JSON key does not exist, JSON value supplied via "ip" JSON key is assigned to the "ip" variable. Later on, "ip" variable which can be controlled by the attacker is used when constructing the cmd and cmd1 strings without any extra validation. Then, server_mod.subprocess_execute function is called on both cmd1 and cmd2. When the definition of the server_mod.subprocess_execute() function is analyzed, it can be seen that subprocess.Popen() is called on the input parameter with shell=True which results in OS Command Injection. This issue has not yet been patched. Users are advised to contact the Roxy-WI to coordinate a fix. | ||||
| CVE-2024-4883 | 1 Progress | 1 Whatsup Gold | 2024-09-06 | 9.8 Critical |
| In WhatsUp Gold versions released before 2023.1.3, a Remote Code Execution issue exists in Progress WhatsUp Gold. This vulnerability allows an unauthenticated attacker to achieve the RCE as a service account through NmApi.exe. | ||||
| CVE-2024-4884 | 1 Progress | 1 Whatsup Gold | 2024-09-06 | 9.8 Critical |
| In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The Apm.UI.Areas.APM.Controllers.CommunityController allows execution of commands with iisapppool\nmconsole privileges. | ||||
| CVE-2023-41352 | 1 Nokia | 2 G-040w-q, G-040w-q Firmware | 2024-09-06 | 7.2 High |
| Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient filtering for user input. A remote attacker with administrator privilege can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services. | ||||