CVE-2024-9200

A post-authentication command injection vulnerability in the "host" parameter of the diagnostic function in Zyxel VMG4005-B50A firmware versions through V5.15ABQA.2.2C0 could allow an authenticated attacker with administrator privileges to execute operating system OS commands on a vulnerable devi...

CVE-2024-50363

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection'" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G = 1.6.3, EKI-6333AC-2GD = v1.6.3 and EKI-6333AC-1GPO = v1.2.1. The source of the vulnerability relies on...

CVE-2024-50360

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection'" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G = 1.6.3, EKI-6333AC-2GD = v1.6.3 and EKI-6333AC-1GPO = v1.2.1. The source of the vulnerability relies on...

The vulnerability of the industrial process visualization and control system mySCADA myPRO Runtime and the mySCADA myPRO Manager lies in the failure to take measures to neutralize special elements used in the operating system’s commands, allowing attackers to execute arbitrary operating system commands.

The vulnerability of the industrial process visualization and control systems mySCADA myPRO and mySCADA myPRO Manager lies in the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrar...

CVE-2024-52034

CVE-2024-52034 concerns the mySCADA myPRO Manager. A parameter in a command is not properly validated, enabling an unauthenticated remote attacker to inject arbitrary operating system commands (OS Command Injection). Public sources corroborate that the vulnerability affects the myPRO Manager and ...

CVE-2024-52034 mySCADA myPRO OS Command Injection

An OS Command Injection vulnerability exists within myPRO Manager. A parameter within a command can be exploited by an unauthenticated remote attacker to inject arbitrary operating system commands...

CVE-2024-52034 mySCADA myPRO OS Command Injection

An OS Command Injection vulnerability exists within myPRO Manager. A parameter within a command can be exploited by an unauthenticated remote attacker to inject arbitrary operating system commands...

CVE-2024-47407

CVE-2024-47407 concerns mySCADA myPRO Manager, where a parameter in a command fails input validation, enabling an unauthenticated remote attacker to inject arbitrary OS commands. Connected sources confirm this is an unauthenticated command-injection vulnerability affecting MyPRO Manager versions ...

The vulnerability of the MediaCMS content management system lies in its lack of measures to neutralize special elements used in the operating system’s command set. This allows attackers to execute arbitrary operating system commands, gain control over resources, and penetrate the internal network.

The vulnerability of the MediaCMS content management system is related to the lack of measures taken to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor to execute arbitrary operating system commands remotely, gain...

KASDA KW5515 安全漏洞

KASDA KW5515 is a wireless router from KASDA. A security vulnerability exists in KASDA KW5515 v1.7 and earlier versions. A remote attacker can exploit this vulnerability to execute arbitrary operating system commands via cgi parameters...

The vulnerability of the SSH and Telnet protocol implementations of the D-Link DSL6740C modem’s microprogramming software allows a intruder to execute arbitrary commands.

The vulnerability of SSH and Telnet protocols implemented by the microprogramming software of the D-Link DSL6740C modem lies in the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute...

CVE-2024-8881

A post-authentication command injection vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80AAHN.1C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to execute some operating system OS commands on an affected device by...

CVE-2024-8881

A post-authentication command injection vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80AAHN.1C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to execute some operating system OS commands on an affected device by...

CVE-2024-52018

Netgear XR300 v1.0.3.78 was discovered to contain a command injection vulnerability in the systemname parameter at geniedyn.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request...

CVE-2024-52019

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wangateway parameter at geniefix2.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request...

CVE-2024-51008

Netgear XR300 v1.0.3.78 was discovered to contain a command injection vulnerability in the systemname parameter at wizdyn.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request...

CHANGING IDExpert 操作系统命令注入漏洞

CHANGING IDExpert is an authentication system based on zero trust and integrating various mechanisms such as FIDO, biometrics, MFA, etc. from China-based CHANGING. An operating system command injection vulnerability exists in CHANGING IDExpert versions 2.6.1 through 2.8.1.240620, which originates...

The vulnerability of microprogrammed multifunctional devices (MFUs) such as Xerox Altalink, Versalink, and WorkCentre lies in the lack of measures taken to neutralize special elements used in the operating system’s command set. This allows a perpetrator to execute arbitrary code.

The vulnerability of microprogrammed multifunctional devices MFUs such as Xerox Altalink, Versalink, and WorkCentre lies in the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute...

Cisco Adaptive Security Appliance Software SSH Remote Command Injection Vulnerability (cisco-sa-asa-ssh-rce-gRAuPEUF)

A vulnerability in the SSH subsystem of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to execute operating system commands as root. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by...

CVE-2024-20329

A vulnerability in the SSH subsystem of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to execute operating system commands as root. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by...