Filtered by CWE-78
Total 4084 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-43443 1 Buffalo 22 Wcr-1166ds, Wcr-1166ds Firmware, Wsr-2533dhp and 19 more 2024-11-21 8.8 High
OS command injection vulnerability in Buffalo network devices allows an network-adjacent attacker to execute an arbitrary OS command if a specially crafted request is sent to the management page.
CVE-2022-43390 1 Zyxel 78 Ax7501-b0, Ax7501-b0 Firmware, Dx3301-t0 and 75 more 2024-11-21 5.4 Medium
A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to execute some OS commands on a vulnerable device by sending a crafted HTTP request.
CVE-2022-43325 1 Telosalliance 2 Omnia Mpx Node, Omnia Mpx Node Firmware 2024-11-21 9.8 Critical
An unauthenticated command injection vulnerability in the product license validation function of Telos Alliance Omnia MPX Node 1.3.* - 1.4.* allows attackers to execute arbitrary commands via a crafted payload injected into the license input.
CVE-2022-43184 1 Dlink 2 Dir-878, Dir-878 Firmware 2024-11-21 9.8 Critical
D-Link DIR878 1.30B08 Hotfix_04 was discovered to contain a command injection vulnerability via the component /bin/proc.cgi.
CVE-2022-42999 1 Dlink 2 Dir-816, Dir-816 Firmware 2024-11-21 7.5 High
D-Link DIR-816 A2 1.10 B05 was discovered to contain multiple command injection vulnerabilities via the admuser and admpass parameters at /goform/setSysAdm.
CVE-2022-42496 1 Kujirahand 1 Nadesiko3 2024-11-21 9.8 Critical
OS command injection vulnerability in Nako3edit, editor component of nadesiko3 (PC Version) v3.3.74 and earlier allows a remote attacker to obtain appkey of the product and execute an arbitrary OS command on the product.
CVE-2022-42493 1 Siretta 2 Quartz-gold, Quartz-gold Firmware 2024-11-21 9.8 Critical
Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is reachable through the m2m's DOWNLOAD_INFO command.
CVE-2022-42492 1 Siretta 2 Quartz-gold, Quartz-gold Firmware 2024-11-21 9.8 Critical
Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is reachable through the m2m's DOWNLOAD_AD command.
CVE-2022-42491 1 Siretta 2 Quartz-gold, Quartz-gold Firmware 2024-11-21 9.8 Critical
Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is reachable through the m2m's M2M_CONFIG_SET command
CVE-2022-42490 1 Siretta 2 Quartz-gold, Quartz-gold Firmware 2024-11-21 9.8 Critical
Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is reachable through the m2m's DOWNLOAD_CFG_FILE command
CVE-2022-42484 2 Freshtomato, Siretta 3 Freshtomato, Quartz-gold, Quartz-gold Firmware 2024-11-21 9.8 Critical
An OS command injection vulnerability exists in the httpd logs/view.cgi functionality of FreshTomato 2022.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2022-42433 1 Tp-link 2 Tl-wr841 Firmware, Tl-wr841n 2024-11-21 8.0 High
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR841N TL-WR841N(US)_V14_220121 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the ated_tp service. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-17356.
CVE-2022-42290 1 Nvidia 2 Dgx A100, Dgx A100 Firmware 2024-11-21 7.2 High
NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering.
CVE-2022-42289 1 Nvidia 2 Dgx A100, Dgx A100 Firmware 2024-11-21 7.2 High
NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering.
CVE-2022-42279 1 Nvidia 2 Dgx A100, Dgx A100 Firmware 2024-11-21 7.2 High
NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering.
CVE-2022-42140 1 Deltaww 2 Dx-2100-l1-cn, Dx-2100-l1-cn Firmware 2024-11-21 7.2 High
Delta Electronics DX-2100-L1-CN 2.42 is vulnerable to Command Injection via lform/net_diagnose.
CVE-2022-42139 1 Deltaww 2 Dvw-w02w2-e2, Dvw-w02w2-e2 Firmware 2024-11-21 8.8 High
Delta Electronics DVW-W02W2-E2 1.5.0.10 is vulnerable to Command Injection via Crafted URL.
CVE-2022-42055 1 Gl-inet 1 Goodcloud 2024-11-21 6.5 Medium
Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 via the ping and traceroute tools allow attackers to read arbitrary files on the system.
CVE-2022-42053 1 Tenda 2 Ac1200 V-w15ev2, W15e Firmware 2024-11-21 7.8 High
Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a command injection vulnerability via the PortMappingServer parameter in the setPortMapping function.
CVE-2022-41955 1 Autolabproject 1 Autolab 2024-11-21 8.8 High
Autolab is a course management service, initially developed by a team of students at Carnegie Mellon University, that enables instructors to offer autograded programming assignments to their students over the Web. A remote code execution vulnerability was discovered in Autolab's MOSS functionality, whereby an instructor with access to the feature might be able to execute code on the server hosting Autolab. This vulnerability has been patched in version 2.10.0. As a workaround, disable the MOSS feature if it is unneeded by replacing the body of `run_moss` in `app/controllers/courses_controller.rb` with `render(plain: "Feature disabled", status: :bad_request) && return`.