Filtered by CWE-78
Total 4526 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-0293 1 Totolink 2 Lr1200gb, Lr1200gb Firmware 2025-06-03 6.3 Medium
A vulnerability classified as critical was found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected by this vulnerability is the function setUploadSetting of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249859. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-0298 1 Totolink 2 N200re, N200re Firmware 2025-06-03 7.3 High
A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been classified as critical. Affected is the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249864. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-0299 1 Totolink 2 N200re, N200re Firmware 2025-06-03 7.3 High
A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been declared as critical. Affected by this vulnerability is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249865 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-3368 1 Chamilo 1 Chamilo 2025-06-03 9.8 Critical
Command injection in `/main/webservices/additional_webservices.php` in Chamilo LMS <= v1.11.20 allows unauthenticated attackers to obtain remote code execution via improper neutralisation of special characters. This is a bypass of CVE-2023-34960.
CVE-2023-48842 1 Dlink 2 Go-rt-ac750, Go-rt-ac750 Firmware 2025-06-03 9.8 Critical
D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at hedwig.cgi.
CVE-2023-49038 1 Buffalo 2 Ls210d, Ls210d Firmware 2025-06-02 7.2 High
Command injection in the ping utility on Buffalo LS210D 1.78-0.03 allows a remote authenticated attacker to inject arbitrary commands onto the NAS as root.
CVE-2023-51217 1 Tenhot 2 Tws-200, Tws-200 Firmware 2025-06-02 8.8 High
An issue discovered in TenghuTOS TWS-200 firmware version:V4.0-201809201424 allows a remote attacker to execute arbitrary code via crafted command on the ping page component.
CVE-2024-24332 1 Totolink 2 A3300r, A3300r Firmware 2025-05-30 9.8 Critical
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the url parameter in the setUrlFilterRules function.
CVE-2025-40582 1 Siemens 2 Scalance Lpe9403, Scalance Lpe9403 Firmware 2025-05-30 7.8 High
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Affected devices do not properly sanitize configuration parameters. This could allow a non-privileged local attacker to execute root commands on the device.
CVE-2024-0778 1 Uniview 2 Isc 2500-s, Isc 2500-s Firmware 2025-05-30 8 High
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in Uniview ISC 2500-S up to 20210930. Affected by this issue is the function setNatConfig of the file /Interface/DevManage/VM.php. The manipulation of the argument natAddress/natPort/natServerPort leads to os command injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251696. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
CVE-2025-44880 1 Wavlink 2 Wl-wn579a3, Wl-wn579a3 Firmware 2025-05-30 9.8 Critical
A command injection vulnerability in the component /cgi-bin/adm.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execute arbitrary commands via a crafted input.
CVE-2025-44882 1 Wavlink 2 Wl-wn579a3, Wl-wn579a3 Firmware 2025-05-30 9.8 Critical
A command injection vulnerability in the component /cgi-bin/firewall.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execute arbitrary commands via a crafted input.
CVE-2024-46329 1 Vonets 2 Vap11g-300, Vap11g-300 Firmware 2025-05-29 8 High
VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain a command injection vulnerability via the SystemCommand object.
CVE-2023-38323 1 Opennds 1 Opennds 2025-05-29 9.8 Critical
An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the status path script entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands.
CVE-2024-24331 1 Totolink 2 A3300r, A3300r Firmware 2025-05-29 9.8 Critical
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setWiFiScheduleCfg function.
CVE-2024-24327 1 Totolink 2 A3300r, A3300r Firmware 2025-05-29 9.8 Critical
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pppoePass parameter in the setIpv6Cfg function.
CVE-2024-0986 1 Issabel 1 Pbx 2025-05-29 4.7 Medium
A vulnerability was found in Issabel PBX 4.0.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php?menu=asterisk_cli of the component Asterisk-Cli. The manipulation of the argument Command leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252251. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-1115 1 Openbi 1 Openbi 2025-05-29 7.3 High
A vulnerability was found in openBI up to 1.0.8 and classified as critical. This issue affects the function dlfile of the file /application/websocket/controller/Setting.php. The manipulation of the argument phpPath leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252473 was assigned to this vulnerability.
CVE-2025-48047 2025-05-29 N/A
An authenticated user can perform command injection via unsanitized input to the NetFax Server’s ping functionality via the /test.php endpoint.
CVE-2025-26817 1 Netwrix 1 Password Secure 2025-05-29 9.8 Critical
Netwrix Password Secure 9.2.0.32454 allows OS command injection.