Total
2590 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-0640 | 1 Trendnet | 2 Tew-652brp, Tew-652brp Firmware | 2025-03-26 | 7.2 High |
| A vulnerability was found in TRENDnet TEW-652BRP 3.04b01. It has been classified as critical. Affected is an unknown function of the file ping.ccp of the component Web Interface. The manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220020. | ||||
| CVE-2023-22657 | 1 F5 | 2 F5os-a, F5os-c | 2025-03-26 | 7 High |
| On F5OS-A beginning in version 1.2.0 to before 1.3.0 and F5OS-C beginning in version 1.3.0 to before 1.5.0, processing F5OS tenant file names may allow for command injection. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2024-10096 | 2025-03-26 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2023-24154 | 1 Totolink | 2 T8, T8 Firmware | 2025-03-26 | 9.8 Critical |
| TOTOLINK T8 V4.1.5cu was discovered to contain a command injection vulnerability via the slaveIpList parameter in the function setUpgradeFW. | ||||
| CVE-2023-24153 | 1 Totolink | 2 T8, T8 Firmware | 2025-03-26 | 9.8 Critical |
| A command injection vulnerability in the version parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | ||||
| CVE-2023-24152 | 1 Totolink | 2 T8, T8 Firmware | 2025-03-26 | 9.8 Critical |
| A command injection vulnerability in the serverIp parameter in the function meshSlaveUpdate of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | ||||
| CVE-2023-24151 | 1 Totolink | 2 T8, T8 Firmware | 2025-03-26 | 9.8 Critical |
| A command injection vulnerability in the ip parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | ||||
| CVE-2023-24150 | 1 Totolink | 2 T8, T8 Firmware | 2025-03-26 | 9.8 Critical |
| A command injection vulnerability in the serverIp parameter in the function meshSlaveDlfw of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | ||||
| CVE-2021-31575 | 1 Mediatek | 4 En7528, En7528 Firmware, En7580 and 1 more | 2025-03-26 | 9.8 Critical |
| In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210009; Issue ID: OSBNB00123234. | ||||
| CVE-2023-24157 | 1 Totolink | 2 T8, T8 Firmware | 2025-03-26 | 9.8 Critical |
| A command injection vulnerability in the serverIp parameter in the function updateWifiInfo of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | ||||
| CVE-2023-24156 | 1 Totolink | 2 T8, T8 Firmware | 2025-03-26 | 9.8 Critical |
| A command injection vulnerability in the ip parameter in the function recvSlaveUpgstatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | ||||
| CVE-2023-24148 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-03-26 | 9.8 Critical |
| TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadUserData function. | ||||
| CVE-2021-31574 | 1 Mediatek | 4 En7528, En7528 Firmware, En7580 and 1 more | 2025-03-26 | 9.8 Critical |
| In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210009; Issue ID: OSBNB00123234. | ||||
| CVE-2021-31573 | 1 Mediatek | 4 En7528, En7528 Firmware, En7580 and 1 more | 2025-03-26 | 9.8 Critical |
| In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210009; Issue ID: OSBNB00123234. | ||||
| CVE-2023-0649 | 1 Dst-admin Project | 1 Dst-admin | 2025-03-26 | 6.3 Medium |
| A vulnerability has been found in dst-admin 1.5.0 and classified as critical. This vulnerability affects unknown code of the file /home/sendBroadcast. The manipulation of the argument message leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220036. | ||||
| CVE-2023-24138 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-03-25 | 9.8 Critical |
| TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the host_time parameter in the NTPSyncWithHost function. | ||||
| CVE-2023-24276 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2025-03-25 | 9.8 Critical |
| TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the country parameter at setting/delStaticDhcpRules. | ||||
| CVE-2022-25855 | 1 Create-choo-app3 Project | 1 Create-choo-app3 | 2025-03-25 | 7.4 High |
| All versions of the package create-choo-app3 are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization. | ||||
| CVE-2023-24330 | 1 Dlink | 2 Dir-882, Dir-882 Firmware | 2025-03-25 | 8.8 High |
| Command Injection vulnerability in D-Link Dir 882 with firmware version DIR882A1_FW130B06 allows attackers to run arbitrary commands via crafted POST request to /HNAP1/. | ||||
| CVE-2023-24331 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-03-25 | 9.8 Critical |
| Command Injection vulnerability in D-Link Dir 816 with firmware version DIR-816_A2_v1.10CNB04 allows attackers to run arbitrary commands via the urlAdd parameter. | ||||