Total
4546 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-20655 | 1 Soliton | 1 Filezen | 2024-11-21 | 7.2 High |
| FileZen (V3.0.0 to V4.2.7 and V5.0.0 to V5.0.2) allows a remote attacker with administrator rights to execute arbitrary OS commands via unspecified vectors. | ||||
| CVE-2021-20648 | 1 Elecom | 2 Wrc-300febk-s, Wrc-300febk-s Firmware | 2024-11-21 | 6.8 Medium |
| ELECOM WRC-300FEBK-S allows an attacker with administrator rights to execute arbitrary OS commands via unspecified vectors. | ||||
| CVE-2021-20639 | 1 Logitech | 2 Lan-w300n\/pgrb, Lan-w300n\/pgrb Firmware | 2024-11-21 | 6.8 Medium |
| LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute arbitrary OS commands via unspecified vectors. | ||||
| CVE-2021-20638 | 1 Logitech | 2 Lan-w300n\/pgrb, Lan-w300n\/pgrb Firmware | 2024-11-21 | 6.8 Medium |
| LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute arbitrary OS commands via unspecified vectors. | ||||
| CVE-2021-20557 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2024-11-21 | 7.2 High |
| IBM Security Guardium 11.2 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 199184. | ||||
| CVE-2021-20173 | 1 Netgear | 2 R6700, R6700 Firmware | 2024-11-21 | 8.8 High |
| Netgear Nighthawk R6700 version 1.0.4.120 contains a command injection vulnerability in update functionality of the device. By triggering a system update check via the SOAP interface, the device is susceptible to command injection via preconfigured values. | ||||
| CVE-2021-20160 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2024-11-21 | 8.8 High |
| Trendnet AC2600 TEW-827DRU version 2.08B01 contains a command injection vulnerability in the smb functionality of the device. The username parameter used when configuring smb functionality for the device is vulnerable to command injection as root. | ||||
| CVE-2021-20159 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2024-11-21 | 8.8 High |
| Trendnet AC2600 TEW-827DRU version 2.08B01 is vulnerable to command injection. The system log functionality of the firmware allows for command injection as root by supplying a malformed parameter. | ||||
| CVE-2021-20144 | 1 Gryphonconnect | 2 Gryphon Tower, Gryphon Tower Firmware | 2024-11-21 | 8.8 High |
| An unauthenticated command injection vulnerability exists in the parameters of operation 49 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the controller_server service on port 9999. | ||||
| CVE-2021-20143 | 1 Gryphonconnect | 2 Gryphon Tower, Gryphon Tower Firmware | 2024-11-21 | 8.8 High |
| An unauthenticated command injection vulnerability exists in the parameters of operation 48 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the controller_server service on port 9999. | ||||
| CVE-2021-20142 | 1 Gryphonconnect | 2 Gryphon Tower, Gryphon Tower Firmware | 2024-11-21 | 8.8 High |
| An unauthenticated command injection vulnerability exists in the parameters of operation 41 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the controller_server service on port 9999. | ||||
| CVE-2021-20141 | 1 Gryphonconnect | 2 Gryphon Tower, Gryphon Tower Firmware | 2024-11-21 | 8.8 High |
| An unauthenticated command injection vulnerability exists in the parameters of operation 32 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the controller_server service on port 9999. | ||||
| CVE-2021-20140 | 1 Gryphonconnect | 2 Gryphon Tower, Gryphon Tower Firmware | 2024-11-21 | 8.8 High |
| An unauthenticated command injection vulnerability exists in the parameters of operation 10 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the controller_server service on port 9999. | ||||
| CVE-2021-20139 | 1 Gryphonconnect | 2 Gryphon Tower, Gryphon Tower Firmware | 2024-11-21 | 8.8 High |
| An unauthenticated command injection vulnerability exists in the parameters of operation 3 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the controller_server service on port 9999. | ||||
| CVE-2021-20138 | 1 Gryphonconnect | 2 Gryphon Tower, Gryphon Tower Firmware | 2024-11-21 | 8.8 High |
| An unauthenticated command injection vulnerability exists in multiple parameters in the Gryphon Tower router’s web interface at /cgi-bin/luci/rc. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the web interface. | ||||
| CVE-2021-20122 | 1 Telus | 2 Prv65b444a-s-ts, Prv65b444a-s-ts Firmware | 2024-11-21 | 7.2 High |
| The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is affected by an authenticated command injection vulnerability in multiple parameters passed to tr69_cmd.cgi. A remote attacker connected to the router's LAN and authenticated with a super user account, or using a bypass authentication vulnerability like CVE-2021-20090 could leverage this issue to run commands or gain a shell as root on the target device. | ||||
| CVE-2021-20074 | 1 Racom | 2 M\!dge, M\!dge Firmware | 2024-11-21 | 8.8 High |
| Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows users to escape the provided command line interface and execute arbitrary OS commands. | ||||
| CVE-2021-20044 | 1 Sonicwall | 10 Sma 200, Sma 200 Firmware, Sma 210 and 7 more | 2024-11-21 | 8.8 High |
| A post-authentication remote command injection vulnerability in SonicWall SMA100 allows a remote authenticated attacker to execute OS system commands in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. | ||||
| CVE-2021-20039 | 1 Sonicwall | 10 Sma 200, Sma 200 Firmware, Sma 210 and 7 more | 2024-11-21 | 8.8 High |
| Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. | ||||
| CVE-2021-20026 | 1 Sonicwall | 1 Network Security Manager | 2024-11-21 | 8.8 High |
| A vulnerability in the SonicWall NSM On-Prem product allows an authenticated attacker to perform OS command injection using a crafted HTTP request. This vulnerability affects NSM On-Prem 2.2.0-R10 and earlier versions. | ||||