Filtered by CWE-77
Total 2590 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-51260 1 Draytek 2 Vigor3900, Vigor3900 Firmware 2025-04-10 9.8 Critical
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the acme_process function.
CVE-2022-39088 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-04-10 6.7 Medium
In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.
CVE-2022-39087 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-04-10 6.7 Medium
In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.
CVE-2022-39086 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-04-10 6.7 Medium
In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.
CVE-2022-39085 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-04-10 6.7 Medium
In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.
CVE-2024-48153 1 Draytek 2 Vigor3900, Vigor3900 Firmware 2025-04-10 9.8 Critical
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_subconfig function.
CVE-2024-30891 1 Tenda 2 Ac18, Ac18 Firmware 2025-04-10 8.8 High
A command injection vulnerability exists in /goform/exeCommand in Tenda AC18 v15.03.05.05, which allows attackers to construct cmdinput parameters for arbitrary command execution.
CVE-2022-39073 1 Zte 2 Mf286r, Mf286r Firmware 2025-04-10 9.8 Critical
There is a command injection vulnerability in ZTE MF286R, Due to insufficient validation of the input parameters, an attacker could use the vulnerability to execute arbitrary commands.
CVE-2022-25923 1 Exec-local-bin Project 1 Exec-local-bin 2025-04-10 7.4 High
Versions of the package exec-local-bin before 1.2.0 are vulnerable to Command Injection via the theProcess() functionality due to improper user-input sanitization.
CVE-2020-36642 1 Jobe Project 1 Jobe 2025-04-10 5.5 Medium
A vulnerability was found in trampgeek jobe up to 1.6.x and classified as critical. This issue affects the function run_in_sandbox of the file application/libraries/LanguageTask.php. The manipulation leads to command injection. Upgrading to version 1.7.0 is able to address this issue. The identifier of the patch is 8f43daf50c943b98eaf0c542da901a4a16e85b02. It is recommended to upgrade the affected component. The identifier VDB-217553 was assigned to this vulnerability.
CVE-2025-25632 1 Tenda 2 Ac15, Ac15 Firmware 2025-04-09 9.8 Critical
Tenda AC15 v15.03.05.19 is vulnerable to Command Injection via the handler function in /goform/telnet.
CVE-2025-22912 1 Edimax 2 Re11s, Re11s Firmware 2025-04-09 9.8 Critical
RE11S v1.11 was discovered to contain a command injection vulnerability via the component /goform/formAccept.
CVE-2025-22949 1 Tenda 2 Ac9, Ac9 Firmware 2025-04-09 9.8 Critical
Tenda ac9 v1.0 firmware v15.03.05.19 is vulnerable to command injection in /goform/SetSambaCfg, which may lead to remote arbitrary code execution.
CVE-2025-27083 2025-04-09 7.2 High
Authenticated command injection vulnerabilities exist in the AOS-10 GW and AOS-8 Controller/Mobility Conductor web-based management interface. Successful exploitation of these vulnerabilities allows an Authenticated attacker to execute arbitrary commands as a privileged user on the underlying operating system.
CVE-2024-32282 1 Tenda 2 Fh1202, Fh1202 Firmware 2025-04-09 6.3 Medium
Tenda FH1202 v1.2.0.14(408) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter.
CVE-2024-34204 1 Totolink 2 Cp450, Cp450 Firmware 2025-04-09 9.8 Critical
TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the setUpgradeFW function via the FileName parameter.
CVE-2024-34206 1 Totolink 2 Cp450, Cp450 Firmware 2025-04-09 6.5 Medium
TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter.
CVE-2024-35340 1 Tenda 2 Fh1206, Fh1206 Firmware 2025-04-09 8.6 High
Tenda FH1206 V1.2.0.8(8155) was discovered to contain a command injection vulnerability via the cmdinput parameter at ip/goform/formexeCommand.
CVE-2022-45094 1 Siemens 1 Sinec Ins 2025-04-09 8.4 High
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management (443/tcp) of the affected product, could potentially inject commands into the dhcpd configuration of the affected product. An attacker might leverage this to trigger remote code execution on the affected component.
CVE-2008-3880 1 Zoneminder 1 Zoneminder 2025-04-09 N/A
SQL injection vulnerability in zm_html_view_event.php in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary SQL commands via the filter array parameter.