Total
4084 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-27992 | 1 Zyxel | 6 Nas326, Nas326 Firmware, Nas540 and 3 more | 2024-11-21 | 9.8 Critical |
The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, NAS540 firmware versions prior to V5.21(AATB.11)C0, and NAS542 firmware versions prior to V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands remotely by sending a crafted HTTP request. | ||||
CVE-2023-27991 | 1 Zyxel | 38 Atp100, Atp100 Firmware, Atp100w and 35 more | 2024-11-21 | 8.8 High |
The post-authentication command injection vulnerability in the CLI command of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow an authenticated attacker to execute some OS commands remotely. | ||||
CVE-2023-27988 | 1 Zyxel | 6 Nas326, Nas326 Firmware, Nas540 and 3 more | 2024-11-21 | 7.2 High |
The post-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.13)C0 could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device remotely. | ||||
CVE-2023-27985 | 1 Gnu | 1 Emacs | 2024-11-21 | 7.8 High |
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90 | ||||
CVE-2023-27917 | 1 Contec | 38 Cps-mc341-a1-111, Cps-mc341-a1-111 Firmware, Cps-mc341-adsc1-111 and 35 more | 2024-11-21 | 8.8 High |
OS command injection vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker who can access Network Maintenance page to execute arbitrary OS commands with a root privilege. The affected products and versions are as follows: M2M Gateway with the firmware Ver.3.7.10 and earlier (CPS-MG341-ADSC1-111, CPS-MG341-ADSC1-931, CPS-MG341G-ADSC1-111, CPS-MG341G-ADSC1-930, and CPS-MG341G5-ADSC1-931), M2M Controller Integrated Type with firmware Ver.3.7.6 and earlier versions (CPS-MC341-ADSC1-111, CPS-MC341-ADSC1-931, CPS-MC341-ADSC2-111, CPS-MC341G-ADSC1-110, CPS-MC341Q-ADSC1-111, CPS-MC341-DS1-111, CPS-MC341-DS11-111, CPS-MC341-DS2-911, and CPS-MC341-A1-111), and M2M Controller Configurable Type with firmware Ver.3.8.8 and earlier versions (CPS-MCS341-DS1-111, CPS-MCS341-DS1-131, CPS-MCS341G-DS1-130, CPS-MCS341G5-DS1-130, and CPS-MCS341Q-DS1-131). | ||||
CVE-2023-27886 | 1 Propumpservice | 2 Osprey Pump Controller, Osprey Pump Controller Firmware | 2024-11-21 | 9.8 Critical |
Osprey Pump Controller version 1.01 is vulnerable to an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through a HTTP POST parameter called by index.php script. | ||||
CVE-2023-27826 | 1 Seowonintech | 2 Swc-5100w, Swc-5100w Firmware | 2024-11-21 | 8.8 High |
SeowonIntech SWC 5100W WIMAX Bootloader 1.18.19.0, HW 0.0.7.0, and FW 1.11.0.1, 1.9.9.4 are vulnerable to OS Command Injection. which allows attackers to take over the system with root privilege by abusing doSystem() function. | ||||
CVE-2023-27521 | 1 Contec | 4 Sv-cpt-mc310, Sv-cpt-mc310 Firmware, Sv-cpt-mc310f and 1 more | 2024-11-21 | 8.8 High |
OS command injection vulnerability in the mail setting page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows remote authenticated attackers to execute an arbitrary OS command. | ||||
CVE-2023-27514 | 1 Contec | 4 Sv-cpt-mc310, Sv-cpt-mc310 Firmware, Sv-cpt-mc310f and 1 more | 2024-11-21 | 8.8 High |
OS command injection vulnerability in the download page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to execute an arbitrary OS command. | ||||
CVE-2023-27407 | 1 Siemens | 2 Scalance Lpe9403, Scalance Lpe9403 Firmware | 2024-11-21 | 9.9 Critical |
A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). The web based management of affected device does not properly validate user input, making it susceptible to command injection. This could allow an authenticated remote attacker to access the underlying operating system as the root user. | ||||
CVE-2023-27394 | 1 Propumpservice | 2 Osprey Pump Controller, Osprey Pump Controller Firmware | 2024-11-21 | 9.8 Critical |
Osprey Pump Controller version 1.01 is vulnerable an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through a HTTP GET parameter called by DataLogView.php, EventsView.php and AlarmsView.php scripts. | ||||
CVE-2023-27380 | 1 Peplink | 2 Surf Soho, Surf Soho Firmware | 2024-11-21 | 7.2 High |
An OS command injection vulnerability exists in the admin.cgi USSD_send functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
CVE-2023-27367 | 1 Netgear | 1 Rax30 Firmware | 2024-11-21 | N/A |
NETGEAR RAX30 libcms_cli Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the libcms_cli module. The issue results from the lack of proper validation of a user-supplied command before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19838. | ||||
CVE-2023-27356 | 1 Netgear | 1 Rax30 Firmware | 2024-11-21 | N/A |
NETGEAR RAX30 logCtrl Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the logCtrl action. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19825. | ||||
CVE-2023-27216 | 1 Dlink | 2 Dsl-3782, Dsl-3782 Firmware | 2024-11-21 | 8.8 High |
An issue found in D-Link DSL-3782 v.1.03 allows remote authenticated users to execute arbitrary code as root via the network settings page. | ||||
CVE-2023-27198 | 1 Paxtechnology | 2 Pax A930, Pax A930 Firmware | 2024-11-21 | 6.8 Medium |
PAX A930 device with PayDroid_7.1.1_Virgo_V04.5.02_20220722 can allow the execution of arbitrary commands by using the exec service and including a specific word in the command to be executed. The attacker must have physical USB access to the device in order to exploit this vulnerability. | ||||
CVE-2023-27076 | 1 Tenda | 2 G103, G103 Firmware | 2024-11-21 | 9.8 Critical |
Command injection vulnerability found in Tenda G103 v.1.0.0.5 allows attacker to execute arbitrary code via a the language parameter. | ||||
CVE-2023-26921 | 1 Quectel | 2 Ag550qcn, Ag550qcn Firmware | 2024-11-21 | 9.8 Critical |
OS Command Injection vulnerability in quectel AG550QCN allows attackers to execute arbitrary commands via ql_atfwd. | ||||
CVE-2023-26759 | 1 Smeup | 1 Erp | 2024-11-21 | 8.8 High |
Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an OS command injection vulnerability via calls made to the XMService component. | ||||
CVE-2023-26613 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-11-21 | 9.8 Critical |
An OS command injection vulnerability in D-Link DIR-823G firmware version 1.02B05 allows unauthorized attackers to execute arbitrary operating system commands via a crafted GET request to EXCU_SHELL. |