Total
4026 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-13306 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2024-08-05 | N/A |
| System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ftpUser" POST parameter. | ||||
| CVE-2018-13336 | 1 Terra-master | 1 Terramaster Operating System | 2024-08-05 | N/A |
| System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "pwd" parameter during user creation. | ||||
| CVE-2018-13314 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2024-08-05 | N/A |
| System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ipAddr" POST parameter. | ||||
| CVE-2018-13316 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2024-08-05 | N/A |
| System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "subnet" POST parameter. | ||||
| CVE-2018-13338 | 1 Terra-master | 1 Terramaster Operating System | 2024-08-05 | N/A |
| System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "username" parameter during user creation. | ||||
| CVE-2018-13311 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2024-08-05 | N/A |
| System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "sambaUser" POST parameter. | ||||
| CVE-2018-13353 | 1 Terra-master | 1 Terramaster Operating System | 2024-08-05 | N/A |
| System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute commands via the "checkport" parameter. | ||||
| CVE-2018-13318 | 1 Buffalo | 2 Ts5600d1206, Ts5600d1206 Firmware | 2024-08-05 | N/A |
| System command injection in User.create method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute system commands via the "name" parameter. | ||||
| CVE-2018-13307 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2024-08-05 | N/A |
| System command injection in fromNtp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ntpServerIp2" POST parameter. Certain payloads cause the device to become permanently inoperable. | ||||
| CVE-2018-13320 | 1 Buffalo | 2 Ts5600d1206, Ts5600d1206 Firmware | 2024-08-05 | N/A |
| System Command Injection in network.set_auth_settings in Buffalo TS5600D1206 version 3.70-0.10 allows attackers to execute system commands via the adminUsername and adminPassword parameters. | ||||
| CVE-2018-13023 | 1 Mi | 2 Mi Router 3, Miwifi Os | 2024-08-05 | N/A |
| System command injection vulnerability in wifi_access in Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute system commands via the "timeout" URL parameter. | ||||
| CVE-2018-12972 | 1 Opentsdb | 1 Opentsdb | 2024-08-05 | N/A |
| An issue was discovered in OpenTSDB 2.3.0. Many parameters to the /q URI can execute commands, including o, key, style, and yrange and y2range and their JSON input. | ||||
| CVE-2018-12670 | 1 Sv3c | 4 H.264 Poe Ip Camera Firmware, Sv-b01poe-1080p-l, Sv-b11vpoe-1080p-l and 1 more | 2024-08-05 | N/A |
| SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices allow OS Command Injection. | ||||
| CVE-2018-12577 | 1 Tp-link | 2 Tl-wr841n, Tl-wr841n Firmware | 2024-08-05 | N/A |
| The Ping and Traceroute features on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow authenticated blind Command Injection. | ||||
| CVE-2018-12483 | 1 Ocsinventory-ng | 1 Ocsinventory Ng | 2024-08-05 | N/A |
| OCS Inventory 2.4.1 is prone to a remote command-execution vulnerability. Specifically, this issue occurs because the content of the ipdiscover_analyser rzo GET parameter is concatenated to a string used in an exec() call in the PHP code. Authentication is needed in order to exploit this vulnerability. | ||||
| CVE-2018-12312 | 1 Asustor | 2 As602t, Data Master | 2024-08-05 | N/A |
| OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "secret_key" URL parameter. | ||||
| CVE-2018-12317 | 1 Asustor | 2 As-602t, Data Master | 2024-08-05 | N/A |
| OS command injection in group.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root by modifying the "name" POST parameter. | ||||
| CVE-2018-12313 | 1 Asustor | 2 As602t, Data Master | 2024-08-05 | N/A |
| OS command injection in snmp.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands without authentication via the "rocommunity" URL parameter. | ||||
| CVE-2018-12307 | 1 Asustor | 2 As602t, Data Master | 2024-08-05 | N/A |
| OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "name" POST parameter. | ||||
| CVE-2018-12316 | 1 Asustor | 2 As602t, Data Master | 2024-08-05 | N/A |
| OS Command Injection in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands by modifying the filename POST parameter. | ||||