Total
2086 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-27836 | 1 Tp-link | 2 Tl-wpa8630p, Tl-wpa8630p Firmware | 2024-08-02 | 9.8 Critical |
| TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain a command injection vulnerability via the devicePwd parameter in the function sub_ 40A80C. | ||||
| CVE-2023-27796 | 1 Ruijienetworks | 6 Rg-ew1200g Pro, Rg-ew1200g Pro Firmware, Rg-ew1800gx Pro and 3 more | 2024-08-02 | 8.8 High |
| RG-EW1200G PRO Wireless Routers EW_3.0(1)B11P204, RG-EW1800GX PRO Wireless Routers EW_3.0(1)B11P204, and RG-EW3200GX PRO Wireless Routers EW_3.0(1)B11P204 were discovered to contain multiple command injection vulnerabilities via the data.ip, data.protocal, data.iface and data.package parameters in the runPackDiagnose function of diagnose.lua. | ||||
| CVE-2023-27581 | 1 Github-slug-action Project | 1 Github-slug-action | 2024-08-02 | 8.8 High |
| github-slug-action is a GitHub Action to expose slug value of GitHub environment variables inside of one's GitHub workflow. Starting in version 4.0.0` and prior to version 4.4.1, this action uses the `github.head_ref` parameter in an insecure way. This vulnerability can be triggered by any user on GitHub on any workflow using the action on pull requests. They just need to create a pull request with a branch name, which can contain the attack payload. This can be used to execute code on the GitHub runners and to exfiltrate any secrets one uses in the CI pipeline. A patched action is available in version 4.4.1. No workaround is available. | ||||
| CVE-2023-27407 | 1 Siemens | 2 Scalance Lpe9403, Scalance Lpe9403 Firmware | 2024-08-02 | 9.9 Critical |
| A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). The web based management of affected device does not properly validate user input, making it susceptible to command injection. This could allow an authenticated remote attacker to access the underlying operating system as the root user. | ||||
| CVE-2023-27232 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2024-08-02 | 9.8 Critical |
| TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wanStrategy parameter at /setting/setWanIeCfg. | ||||
| CVE-2023-27229 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2024-08-02 | 9.8 Critical |
| TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the upBw parameter at /setting/setWanIeCfg. | ||||
| CVE-2023-27240 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2024-08-02 | 9.8 Critical |
| Tenda AX3 V16.03.12.11 was discovered to contain a command injection vulnerability via the lanip parameter at /goform/AdvSetLanip. | ||||
| CVE-2023-27224 | 1 Jc21 | 1 Nginx Proxy Manager | 2024-08-02 | 9.8 Critical |
| An issue found in NginxProxyManager v.2.9.19 allows an attacker to execute arbitrary code via a lua script to the configuration file. | ||||
| CVE-2023-27135 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2024-08-02 | 9.8 Critical |
| TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the enabled parameter at /setting/setWanIeCfg. | ||||
| CVE-2023-27231 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2024-08-02 | 9.8 Critical |
| TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the downBw parameter at /setting/setWanIeCfg. | ||||
| CVE-2023-27079 | 1 Tenda | 2 G103, G103 Firmware | 2024-08-02 | 7.5 High |
| Command Injection vulnerability found in Tenda G103 v.1.0.05 allows an attacker to obtain sensitive information via a crafted package | ||||
| CVE-2023-27078 | 1 Tp-link | 2 Tl-mr3020, Tl-mr3020 Firmware | 2024-08-02 | 9.8 Critical |
| A command injection issue was found in TP-Link MR3020 v.1_150921 that allows a remote attacker to execute arbitrary commands via a crafted request to the tftp endpoint. | ||||
| CVE-2023-26978 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2024-08-02 | 9.8 Critical |
| TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pppoeAcName parameter at /setting/setWanIeCfg. | ||||
| CVE-2023-26866 | 1 Greenpacket | 4 Ot-235, Ot-235 Firmware, Wr-1200 and 1 more | 2024-08-02 | 9.8 Critical |
| GreenPacket OH736's WR-1200 Indoor Unit, OT-235 with firmware versions M-IDU-1.6.0.3_V1.1 and MH-46360-2.0.3-R5-GP respectively are vulnerable to remote command injection. Commands are executed using pre-login execution and executed with root privileges allowing complete takeover. | ||||
| CVE-2023-26801 | 1 Lb-link | 8 Bl-ac1900, Bl-ac1900 Firmware, Bl-lte300 and 5 more | 2024-08-02 | 9.8 Critical |
| LB-LINK BL-AC1900_2.0 v1.0.1, LB-LINK BL-WR9000 v2.4.9, LB-LINK BL-X26 v1.2.5, and LB-LINK BL-LTE300 v1.0.8 were discovered to contain a command injection vulnerability via the mac, time1, and time2 parameters at /goform/set_LimitClient_cfg. | ||||
| CVE-2023-26822 | 1 Dlink | 2 Go-rt-ac750, Go-rt-ac750 Firmware | 2024-08-02 | 9.8 Critical |
| D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at soapcgi.main. | ||||
| CVE-2023-26848 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2024-08-02 | 9.8 Critical |
| TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the org parameter at setting/delStaticDhcpRules. | ||||
| CVE-2023-26800 | 1 Ruijienetworks | 6 Rg-ew1200, Rg-ew1200 Firmware, Rg-ew1200g Pro and 3 more | 2024-08-02 | 9.8 Critical |
| Ruijie Networks RG-EW1200 Wireless Routers EW_3.0(1)B11P204 was discovered to contain a command injetion vulnerability via the params.path parameter in the upgradeConfirm function. | ||||
| CVE-2023-26602 | 1 Asus | 1 Asmb8-ikvm Firmware | 2024-08-02 | 9.8 Critical |
| ASUS ASMB8 iKVM firmware through 1.14.51 allows remote attackers to execute arbitrary code by using SNMP to create extensions, as demonstrated by snmpset for NET-SNMP-EXTEND-MIB with /bin/sh for command execution. | ||||
| CVE-2023-26493 | 1 Cocos | 1 Cocos-engine | 2024-08-02 | 8.1 High |
| Cocos Engine is an open-source framework for building 2D & 3D real-time rendering and interactive content. In the github repo for Cocos Engine the `web-interface-check.yml` was subject to command injection. The `web-interface-check.yml` was triggered when a pull request was opened or updated and contained the user controllable field `(${{ github.head_ref }} – the name of the fork’s branch)`. This would allow an attacker to take over the GitHub Runner and run custom commands (potentially stealing secrets such as GITHUB_TOKEN) and altering the repository. The workflow has since been removed for the repository. There are no actions required of users. | ||||