Total
4371 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-36061 | 1 Engenius | 1 Ews356 Fit | 2024-11-12 | 9.8 Critical |
| EnGenius EWS356-FIT devices through 1.1.30 allow blind OS command injection. This allows an attacker to execute arbitrary OS commands via shell metacharacters to the Ping and Speed Test utilities. | ||||
| CVE-2024-45827 | 1 Softbank | 1 Mesh Wi-fi Router Rp562b Firmware | 2024-11-12 | 8 High |
| Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in Mesh Wi-Fi router RP562B firmware version v1.0.2 and earlier. If this vulnerability is exploited, a network-adjacent authenticated attacker may execute an arbitrary OS command. | ||||
| CVE-2024-48074 | 1 Draytek | 1 Vigor2960 Firmware | 2024-11-08 | 8 High |
| An authorized RCE vulnerability exists in the DrayTek Vigor2960 router version 1.4.4, where an attacker can place a malicious command into the table parameter of the doPPPoE function in the cgi-bin/mainfunction.cgi route, and finally the command is executed by the system function. | ||||
| CVE-2024-10919 | 1 Didi | 2 Super-jacoco, Super Jacoco | 2024-11-08 | 6.3 Medium |
| A vulnerability has been found in didi Super-Jacoco 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /cov/triggerUnitCover. The manipulation of the argument uuid leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-10915 | 1 Dlink | 8 Dns-320, Dns-320 Firmware, Dns-320lw and 5 more | 2024-11-08 | 8.1 High |
| A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been rated as critical. Affected by this issue is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the argument group leads to os command injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2020-8007 | 1 Pwrstudio | 1 Ev Charger | 2024-11-08 | 9.8 Critical |
| The pwrstudio web application of EV Charger (in the server in Circontrol Raption through 5.6.2) is vulnerable to OS command injection via three fields of the configuration menu for ntpserver0, ntpserver1, and pingip. | ||||
| CVE-2023-29120 | 2 Enel X, Enelx | 3 Juicebox Pro3.0 22kw Cellular, Waybox Pro, Waybox Pro Firmware | 2024-11-08 | 9.6 Critical |
| Waybox Enel X web management application could be used to execute arbitrary OS commands and provide administrator’s privileges over the Waybox system. | ||||
| CVE-2024-51661 | 1 Davidlingren | 1 Media Library Assistant | 2024-11-08 | 9.1 Critical |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in David Lingren Media Library Assistant allows Command Injection.This issue affects Media Library Assistant: from n/a through 3.19. | ||||
| CVE-2024-21531 | 1 Git | 1 Git-shallow-clone | 2024-11-07 | 5.3 Medium |
| All versions of the package git-shallow-clone are vulnerable to Command injection due to missing sanitization or mitigation flags in the process variable of the gitShallowClone function. | ||||
| CVE-2024-9139 | 1 Moxa | 8 Edf-g1002-bp Firmware, Edr-8010 Firmware, Edr-810 Firmware and 5 more | 2024-11-06 | 7.2 High |
| The affected product permits OS command injection through improperly restricted commands, potentially allowing attackers to execute arbitrary code. | ||||
| CVE-2024-10202 | 1 Wellchoose | 1 Administrative Management System | 2024-11-06 | 8.8 High |
| Administrative Management System from Wellchoose has an OS Command Injection vulnerability, allowing remote attackers with regular privileges to inject and execute arbitrary OS commands. | ||||
| CVE-2024-51023 | 1 Dlink | 1 Dir 823g Firmware | 2024-11-05 | 8.8 High |
| D-Link DIR_823G 1.0.2B05 was discovered to contain a command injection vulnerability via the Address parameter in the SetNetworkTomographySettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. | ||||
| CVE-2024-51252 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2024-11-05 | 8 High |
| In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the restore function. | ||||
| CVE-2024-51024 | 1 Dlink | 1 Dir 823g Firmware | 2024-11-05 | 8 High |
| D-Link DIR_823G 1.0.2B05 was discovered to contain a command injection vulnerability via the HostName parameter in the SetWanSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. | ||||
| CVE-2024-51248 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2024-11-05 | 8 High |
| In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the modifyrow function. | ||||
| CVE-2024-51247 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2024-11-05 | 8 High |
| In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doPPPo function. | ||||
| CVE-2024-51245 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2024-11-05 | 8 High |
| In DrayTek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the rename_table function. | ||||
| CVE-2024-51244 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2024-11-05 | 8 High |
| In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doIPSec function. | ||||
| CVE-2024-51021 | 1 Netgear | 3 R6400 Firmware, R7000p Firmware, Xr300 Firmware | 2024-11-05 | 8 High |
| Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a command injection vulnerability via the wan_gateway parameter at genie_fix2.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. | ||||
| CVE-2024-51010 | 1 Netgear | 4 R6400 Firmware, R7000p Firmware, R8500 Firmware and 1 more | 2024-11-05 | 8 High |
| Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a command injection vulnerability in the component ap_mode.cgi via the apmode_gateway parameter. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. | ||||