Total
4573 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-42897 | 1 Feminer Wms Project | 1 Feminer Wms | 2024-11-21 | 9.8 Critical |
| A remote command execution (RCE) vulnerability was found in FeMiner wms V1.0 in /wms/src/system/datarec.php. The $_POST[r_name] is directly passed into the $mysqlstr and is executed by exec. | ||||
| CVE-2021-42890 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2024-11-21 | 9.8 Critical |
| TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function NTPSyncWithHost of the file system.so which can control hostTime to attack. | ||||
| CVE-2021-42888 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2024-11-21 | 9.8 Critical |
| TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setLanguageCfg of the file global.so which can control langType to attack. | ||||
| CVE-2021-42885 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2024-11-21 | 9.8 Critical |
| TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceMac of the file global.so which can control deviceName to attack. | ||||
| CVE-2021-42884 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2024-11-21 | 9.8 Critical |
| TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceName of the file global.so which can control thedeviceName to attack. | ||||
| CVE-2021-42875 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2024-11-21 | 9.8 Critical |
| TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in the function setDiagnosisCfg of the file lib/cste_modules/system.so to control the ipDoamin. | ||||
| CVE-2021-42872 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2024-11-21 | 9.8 Critical |
| TOTOLINK EX1200T V4.1.2cu.5215 is affected by a command injection vulnerability that can remotely execute arbitrary code. | ||||
| CVE-2021-42852 | 1 Lenovo | 10 A1, A1 Firmware, T1 and 7 more | 2024-11-21 | 8 High |
| A command injection vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an authenticated user to execute operating system commands by sending a crafted packet to the device. | ||||
| CVE-2021-42796 | 1 Aveva | 1 Edge | 2024-11-21 | 9.8 Critical |
| An issue was discovered in ExecuteCommand() in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior that allows unauthenticated arbitrary commands to be executed. | ||||
| CVE-2021-42784 | 1 Dlink | 2 Dwr-932c, Dwr-932c E1 Firmware | 2024-11-21 | 9.8 Critical |
| OS Command Injection vulnerability in debug_fcgi of D-Link DWR-932C E1 firmware allows a remote attacker to perform command injection via a crafted HTTP request. | ||||
| CVE-2021-42759 | 1 Fortinet | 2 Meru, Meru Firmware | 2024-11-21 | 6.7 Medium |
| A violation of secure design principles in Fortinet Meru AP version 8.6.1 and below, version 8.5.5 and below allows attacker to execute unauthorized code or commands via crafted cli commands. | ||||
| CVE-2021-42538 | 1 Emerson | 6 Wireless 1410 Gateway, Wireless 1410 Gateway Firmware, Wireless 1410d Gateway and 3 more | 2024-11-21 | 8 High |
| The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled input. | ||||
| CVE-2021-42372 | 1 Xorux | 2 Lpar2rrd, Stor2rrd | 2024-11-21 | 8.8 High |
| A shell command injection in the HW Events SNMP community in XoruX LPAR2RRD and STOR2RRD before 7.30 allows authenticated remote attackers to execute arbitrary shell commands as the user running the service. | ||||
| CVE-2021-42324 | 1 Dcnglobal | 2 S4600-10p-si, S4600-10p-si Firmware | 2024-11-21 | 7.4 High |
| An issue was discovered on DCN (Digital China Networks) S4600-10P-SI devices before R0241.0470. Due to improper parameter validation in the console interface, it is possible for a low-privileged authenticated attacker to escape the sandbox environment and execute system commands as root via shell metacharacters in the capture command parameters. Command output will be shown on the Serial interface of the device. Exploitation requires both credentials and physical access. | ||||
| CVE-2021-42232 | 1 Tp-link | 2 Archer A7, Archer A7 Firmware | 2024-11-21 | 9.8 Critical |
| TP-Link Archer A7 Archer A7(US)_V5_210519 is affected by a command injection vulnerability in /usr/bin/tddp. The vulnerability is caused by the program taking part of the received data packet as part of the command. This will cause an attacker to execute arbitrary commands on the router. | ||||
| CVE-2021-42165 | 1 Mitrastar | 2 Gpt-2541gnac-n1, Gpt-2541gnac-n1 Firmware | 2024-11-21 | 8.8 High |
| MitraStar GPT-2541GNAC-N1 (HGU) 100VNZ0b33 devices allow remote authenticated users to obtain root access by executing command "deviceinfo show file &&/bin/bash" because of incorrect sanitization of parameter "path". | ||||
| CVE-2021-42071 | 1 Visual-tools | 2 Dvr Vx16, Dvr Vx16 Firmware | 2024-11-21 | 9.8 Critical |
| In Visual Tools DVR VX16 4.2.28.0, an unauthenticated attacker can achieve remote command execution via shell metacharacters in the cgi-bin/slogin/login.py User-Agent HTTP header. | ||||
| CVE-2021-41739 | 1 Artica-proxy | 1 Artica Proxy | 2024-11-21 | 9.8 Critical |
| A OS Command Injection vulnerability was discovered in Artica Proxy 4.30.000000. Attackers can execute OS commands in cyrus.events.php with GET param logs and POST param rp. | ||||
| CVE-2021-41738 | 1 Zeroshell | 1 Zeroshell | 2024-11-21 | 8.8 High |
| ZeroShell 3.9.5 has a command injection vulnerability in /cgi-bin/kerbynet IP parameter, which may allow an authenticated attacker to execute system commands. | ||||
| CVE-2021-41315 | 1 Device42 | 1 Remote Collector | 2024-11-21 | 8.8 High |
| The Device42 Remote Collector before 17.05.01 does not sanitize user input in its SNMP Connectivity utility. This allows an authenticated attacker (with access to the console application) to execute arbitrary OS commands and escalate privileges. | ||||