3861 matches found
CVE-2013-10069
The CVE-2013-10069 entry describes an unauthenticated OS command injection in the web interface (command.php) of multiple D-Link routers, specifically DIR-600 rev B (≤2.14b01) and DIR-300 rev B (≤2.13). The flaw arises from improper handling of the cmd POST parameter, enabling a remote attacker t...
SUSE CVE-2025-5030
A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It has been declared as critical. This vulnerability affects the function processFile of the file internal/unpack/unpack.go of the component wxapkg File Parser. The manipulation leads to os command injection. The attack can be initiated...
CVE-2013-10049
An OS command injection vulnerability exists in multiple Raidsonic NAS devices—specifically tested on IB-NAS5220 and IB-NAS4220—via the unauthenticated timeHandler.cgi endpoint exposed through the web interface. The CGI script fails to properly sanitize user-supplied input in the timeZone paramet...
CVE-2013-10058
The CVE-2013-10058 entry describes an authenticated OS command-injection affecting Linksys routers (tested on WRT160Nv2) running firmware v2.0.03 via the /apply.cgi endpoint. The web UI fails to sanitize input to the ping_size parameter during diagnostics, allowing an authenticated attacker to in...
PT-2025-32517 · Linksys · Linksys Re9000 +5
Name of the Vulnerable Software and Affected Versions: Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 versions up to 20250801 Description: A vulnerability exists in Linksys range extenders that allows for remote OS command injection. The issue is located in the um red function within t...
PT-2025-32498 · Linksys · Linksys Re6250 +5
Name of the Vulnerable Software and Affected Versions: Linksys RE6250 versions prior to 20250801 Linksys RE6300 versions prior to 20250801 Linksys RE6350 versions prior to 20250801 Linksys RE6500 versions prior to 20250801 Linksys RE7000 versions prior to 20250801 Linksys RE9000 versions prior to...
PT-2025-32495 · Linksys · Linksys Re9000 +5
Name of the Vulnerable Software and Affected Versions: Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 versions up to 20250801 Description: A vulnerability exists in Linksys range extenders that allows for remote OS command injection. The issue is related to the setDFSSetting function...
PT-2025-32515 · Linksys · Linksys Re9000 +5
Name of the Vulnerable Software and Affected Versions: Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 versions up to 20250801 Description: A vulnerability exists in Linksys range extenders due to a flaw in the um inspect cross band function within the /goform/RP setBasicAuto file...
PT-2025-32518 · Linksys · Linksys Re7000 +5
Name of the Vulnerable Software and Affected Versions: Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 versions up to 20250801 Description: A vulnerability exists in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000. The issue is due to os command injection in the sub 3517C...
PT-2025-32516 · Linksys · Linksys Re7000 +5
Name of the Vulnerable Software and Affected Versions: Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 versions up to 20250801 Description: A vulnerability exists in the ipv6cmd function of the /goform/setIpv6 file. Manipulation of the following arguments leads to OS command injection:...
VulnCheck KEV: CVE-2025-32813
An issue was discovered in Infoblox NETMRI before 7.6.1. Remote Unauthenticated Command Injection can occur...
SUSE CVE-2015-10141
An unauthenticated OS command injection vulnerability exists within Xdebug versions 2.5.5 and earlier, a PHP debugging extension developed by Derick Rethans. When remote debugging is enabled, Xdebug listens on port 9000 and accepts debugger protocol commands without authentication. An attacker ca...
CVE-2025-7952
A vulnerability classified as critical was found in TOTOLINK T6 4.1.5cu.748. This vulnerability affects the function ckeckKeepAlive of the file wireless.so of the component MQTT Packet Handler. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been...
CVE-2025-7932
A vulnerability classified as critical has been found in D-Link DIR‑817L up to 1.04B01. This affects the function lxmldbcsystem of the file ssdpcgi. The manipulation leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be...
CVE-2025-41675 Remote Command Injection via GET in Cloud Server Communication Script Due to Improper Input Neutralization
A high privileged remote attacker can execute arbitrary system commands via GET requests in the cloud server communication script due to improper neutralization of special elements used in an OS command...
CVE-2025-41675
CVE-2025-41675 concerns MB CONNECT LINE mbNET.mini and Helmholz/mbNET.mini gateways where an OS command injection arises from improper neutralization of special elements in OS commands. The vulnerability allows a high-privilege remote attacker to trigger arbitrary system commands via GET requests...
CVE-2025-41675 Remote Command Injection via GET in Cloud Server Communication Script Due to Improper Input Neutralization
A high privileged remote attacker can execute arbitrary system commands via GET requests in the cloud server communication script due to improper neutralization of special elements used in an OS command...
CVE-2025-41674 Remote Command Injection in diagnostic Action Due to Improper Input Neutralization
A high privileged remote attacker can execute arbitrary system commands via POST requests in the diagnostic action due to improper neutralization of special elements used in an OS command...
CVE-2025-41674 Remote Command Injection in diagnostic Action Due to Improper Input Neutralization
A high privileged remote attacker can execute arbitrary system commands via POST requests in the diagnostic action due to improper neutralization of special elements used in an OS command...
CVE-2025-41674
The CVE-2025-41674 entry matches an OS command injection in MB CONNECT LINE mbNET.mini (industrial router) and Helmholz REX100/mbNET.mini family where improper neutralization of special elements in OS commands enables remote execution of commands via POST to a diagnostic action. Connected sources...