402 matches found
Merit LILIN IP Camera Series 操作系统命令注入漏洞
The Merit LILIN IP Camera Series is a series of IP video recorders from Merit LILIN of Taiwan, China. The Merit LILIN IP Camera Series suffers from an operating system command injection vulnerability that stems from OS command injection, which could allow an authenticated, remote attacker to inje...
PT-2026-2044
Name of the Vulnerable Software and Affected Versions Merit LILIN DVR/NVR models affected versions not specified Merit Lilin DH032 affected versions not specified Description An authenticated remote attacker can inject arbitrary OS commands on Merit LILIN DVR/NVR devices and execute them. This is...
CVE-2025-46645
Dell PowerProtect Data Domain with DD OS is affected by OS Command Injection due to improper neutralization of special elements. A high-privilege attacker with remote access could execute commands, potentially impacting confidentiality, integrity, and availability as described. Affected releases ...
CVE-2025-46644
Dell PowerProtect Data Domain (DD OS) affected ranges: Feature Release 7.7.1.0–8.4.0.0, LTS2025 8.3.1.10, LTS2024 7.13.1.0–7.13.1.40, LTS2023 7.10.1.0–7.10.1.70. Description: OS Command Injection vulnerability due to improper neutralization of special elements in commands. Impact: a highly privil...
EUVD-2026-0897
In the backup parameters, a user with high privilege is able to concatenate custom instructions to the backup setup. Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Centreon Infra Monitoring Backup configuration in the administration setup...
CVE-2025-64124
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Nuvation Energy Multi-Stack Controller MSC allows OS Command Injection.This issue affects Multi-Stack Controller MSC: before 2.5.1...
CVE-2025-64120
CVE-2025-64120 affects the Nuvation Energy Multi-Stack Controller (MSC). The vulnerability is caused by improper neutralization of special elements in OS command handling, enabling an OS command injection. Affected versions are MSC 2.3.8 up to, but not including, 2.5.1 (i.e., 2.3.8–2.5.0). Impact...
CVE-2023-53872
Wp2Fac 1.0 has an OS command injection vulnerability in the send.php endpoint. The vulnerability allows remote attackers to execute arbitrary system commands by injecting shell commands through the numara parameter (using & to chain commands). Impact is described as high for confidentiality, inte...
CVE-2023-53872 Wp2Fac 1.0 OS Command Injection via send.php Endpoint
Wp2Fac 1.0 contains an OS command injection vulnerability in the send.php endpoint that allows remote attackers to execute arbitrary system commands. Attackers can inject shell commands through the 'numara' parameter by appending shell commands with '&' operators to execute malicious code...
EUVD-2025-202724
OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the actiondealupdate in file /usr/lib/lua/luci/controller/api/rcmsAPI.lua...
CVE-2025-56118
OS Command Injection vulnerability in Ruijie X60 PRO X6010212014RG-X60 PRO V1.00/V2.00 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devsta/nbrcwmp.lua...
CVE-2025-56120
OS Command Injection vulnerability in Ruijie X60 PRO X6010212014RG-X60 PRO V1.00/V2.00 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devconfig/configretain.lua...
CVE-2025-56117
OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V109241521 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devsta/nbrcwmp.lua...
CVE-2025-56111
OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the networksetwanconf in file /usr/lib/lua/luci/controller/admin/netport.lua...
CVE-2025-56109
OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the actionwireless in file /usr/lib/lua/luci/control/admin/wireless.lua...
PT-2025-50677
Name of the Vulnerable Software and Affected Versions Ruijie X30-PRO version X30-PRO-V1 09241521 Description An OS Command Injection issue exists in Ruijie X30-PRO version X30-PRO-V1 09241521. Attackers can execute arbitrary commands by sending a specially crafted POST request to the pwdmodify...
PT-2025-50658
Name of the Vulnerable Software and Affected Versions Ruijie RG-BCR RG-BCR860 affected versions not specified Description An issue exists that allows attackers to execute arbitrary commands. This can be triggered by sending a specially crafted POST request to the action service within the file...
PT-2025-50656
Name of the Vulnerable Software and Affected Versions Ruijie RG-EW1200 versions EW 3.01B11P227 EW1200 11130208RG-EW1200 V1.00 Description An OS Command Injection issue exists in Ruijie RG-EW1200. Attackers can execute arbitrary commands by sending a specially crafted POST request to the module ge...
CVE-2025-56093
OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V109241521 allowing attackers to execute arbitrary commands via a crafted POST request to the setWisp in file /usr/lib/lua/luci/modules/wireless.lua...
CVE-2025-56122
CVE-2025-56122 affects Ruijie RG-EW1800GX PRO (B11P226_EW1800GX-PRO_10223117). The vulnerability is an OS Command Injection in the Lua module at /usr/local/lua/dev_sta/networkConnect.lua, exploitable via a crafted POST request to the module_get endpoint. CVSSv3.1 base score 8.8 (HIGH) with networ...