Total
4026 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-21108 | 1 Netgear | 2 R7800, R7800 Firmware | 2024-08-05 | 6.8 Medium |
| NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. | ||||
| CVE-2018-21107 | 1 Netgear | 2 R7800, R7800 Firmware | 2024-08-05 | 6.8 Medium |
| NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. | ||||
| CVE-2018-21126 | 1 Netgear | 4 Wac505, Wac505 Firmware, Wac510 and 1 more | 2024-08-05 | 8.8 High |
| Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17. | ||||
| CVE-2018-21109 | 1 Netgear | 2 R7800, R7800 Firmware | 2024-08-05 | 6.8 Medium |
| NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. | ||||
| CVE-2018-21099 | 1 Netgear | 2 R7800, R7800 Firmware | 2024-08-05 | 8.0 High |
| NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. | ||||
| CVE-2018-21100 | 1 Netgear | 2 R7800, R7800 Firmware | 2024-08-05 | 8.0 High |
| NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. | ||||
| CVE-2018-20969 | 2 Gnu, Redhat | 6 Patch, Enterprise Linux, Rhel Aus and 3 more | 2024-08-05 | N/A |
| do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter. | ||||
| CVE-2018-20841 | 1 Hootoo | 2 Tripmate Titan Ht-tm05, Tripmate Titan Ht-tm05 Firmware | 2024-08-05 | N/A |
| HooToo TripMate Titan HT-TM05 and HT-05 routers with firmware 2.000.022 and 2.000.082 allow remote command execution via shell metacharacters in the mac parameter of a protocol.csp?function=set&fname=security&opt=mac_table request. | ||||
| CVE-2018-20727 | 1 Nedi | 1 Nedi | 2024-08-05 | N/A |
| Multiple command injection vulnerabilities in NeDi before 1.7Cp3 allow authenticated users to execute code on the server side via the flt parameter to Nodes-Traffic.php, the dv parameter to Devices-Graph.php, or the tit parameter to drawmap.php. | ||||
| CVE-2018-20434 | 1 Librenms | 1 Librenms | 2024-08-05 | N/A |
| LibreNMS 1.46 allows remote attackers to execute arbitrary OS commands by using the $_POST['community'] parameter to html/pages/addhost.inc.php during creation of a new device, and then making a /ajax_output.php?id=capture&format=text&type=snmpwalk&hostname=localhost request that triggers html/includes/output/capture.inc.php command mishandling. | ||||
| CVE-2018-20323 | 1 Mailcleaner | 1 Mailcleaner | 2024-08-05 | N/A |
| www/soap/application/MCSoap/Logs.php in MailCleaner Community Edition 2018.08 allows remote attackers to execute arbitrary OS commands. | ||||
| CVE-2018-20218 | 1 Teracue | 6 Enc-400 Hdmi, Enc-400 Hdmi2, Enc-400 Hdmi2 Firmware and 3 more | 2024-08-05 | N/A |
| An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. The login form passes user input directly to a shell command without any kind of escaping or validation in /usr/share/www/check.lp file. An attacker is able to perform command injection using the "password" parameter in the login form. | ||||
| CVE-2018-20334 | 1 Asus | 47 Asuswrt, Gt-ac2900, Gt-ac5300 and 44 more | 2024-08-05 | 9.8 Critical |
| An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using this issue, an attacker can control the router and get shell. | ||||
| CVE-2018-20122 | 1 Fastweb | 2 Fastgate, Fastgate Firmware | 2024-08-05 | N/A |
| The web interface on FASTGate Fastweb devices with firmware through 0.00.47_FW_200_Askey 2017-05-17 (software through 1.0.1b) exposed a CGI binary that is vulnerable to a command injection vulnerability that can be exploited to achieve remote code execution with root privileges. No authentication is required in order to trigger the vulnerability. | ||||
| CVE-2018-20114 | 1 Dlink | 4 Dir-818lw, Dir-818lw Firmware, Dir-860l and 1 more | 2024-08-05 | 9.8 Critical |
| On D-Link DIR-818LW Rev.A 2.05.B03 and DIR-860L Rev.B 2.03.B03 devices, unauthenticated remote OS command execution can occur in the soap.cgi service of the cgibin binary via an "&&" substring in the service parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-6530. | ||||
| CVE-2018-20057 | 2 D-link, Dlink | 4 Dir-605l Firmware, Dir-619l Firmware, Dir-605l and 1 more | 2024-08-05 | N/A |
| An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. goform/formSysCmd allows remote authenticated users to execute arbitrary OS commands via the sysCmd POST parameter. | ||||
| CVE-2018-19989 | 2 D-link, Dlink | 3 Dir-822 Firmware, Dir-822, Dir-822 Firmware | 2024-08-05 | N/A |
| In the /HNAP1/SetQoSSettings message, the uplink parameter is vulnerable, and the vulnerability affects D-Link DIR-822 Rev.B 202KRb06 and DIR-822 Rev.C 3.10B06 devices. In the SetQoSSettings.php source code, the uplink parameter is saved in the /bwc/entry:1/bandwidth and /bwc/entry:2/bandwidth internal configuration memory without any regex checking. And in the bwc_tc_spq_start, bwc_tc_wfq_start, and bwc_tc_adb_start functions of the bwcsvcs.php source code, the data in /bwc/entry:1/bandwidth and /bwc/entry:2/bandwidth is used with the tc command without any regex checking. A vulnerable /HNAP1/SetQoSSettings XML message could have shell metacharacters in the uplink element such as the `telnetd` string. | ||||
| CVE-2018-19988 | 2 D-link, Dlink | 2 Dir-868l Firmware, Dir-868l | 2024-08-05 | N/A |
| In the /HNAP1/SetClientInfoDemo message, the AudioMute and AudioEnable parameters are vulnerable, and the vulnerabilities affect D-Link DIR-868L Rev.B 2.05B02 devices. In the SetClientInfoDemo.php source code, the AudioMute and AudioEnble parameters are saved in the ShellPath script file without any regex checking. After the script file is executed, the command injection occurs. It needs to bypass the wget command option with a single quote. A vulnerable /HNAP1/SetClientInfoDemo XML message could have single quotes and backquotes in the AudioMute or AudioEnable element, such as the '`telnetd`' string. | ||||
| CVE-2018-19949 | 1 Qnap | 1 Qts | 2024-08-05 | 9.8 Critical |
| If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build 20200130; QTS 4.3.6.1218 on build 20200214; QTS 4.3.4.1190 on build 20200107; QTS 4.3.3.1161 on build 20200109; QTS 4.2.6 on build 20200109. | ||||
| CVE-2018-19990 | 2 D-link, Dlink | 2 Dir-822 Firmware, Dir-822 | 2024-08-05 | N/A |
| In the /HNAP1/SetWiFiVerifyAlpha message, the WPSPIN parameter is vulnerable, and the vulnerability affects D-Link DIR-822 B1 202KRb06 devices. In the SetWiFiVerifyAlpha.php source code, the WPSPIN parameter is saved in the $rphyinf1."/media/wps/enrollee/pin" and $rphyinf2."/media/wps/enrollee/pin" and $rphyinf3."/media/wps/enrollee/pin" internal configuration memory without any regex checking. And in the do_wps function of the wps.php source code, the data in $rphyinf3."/media/wps/enrollee/pin" is used with the wpatalk command without any regex checking. A vulnerable /HNAP1/SetWiFiVerifyAlpha XML message could have shell metacharacters in the WPSPIN element such as the `telnetd` string. | ||||