CVE-2024-7158

A vulnerability was found in TOTOLINK A3100R 4.1.2cu.5050B20200504. It has been declared as critical. This vulnerability affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument telnetenabled leads to command...

CVE-2024-7158

CVE-2024-7158 affects TOTOLINK A3100R (v4.1.2cu.5050_B20200504). The vulnerability is in the HTTP POST Request Handler’s setTelnetCfg function (/cgi-bin/cstecgi.cgi): manipulation of the telnet_enabled argument enables command injection. Impact is remote exploitation with potential high severity ...

PT-2024-38120 · Totolink · Totolink A3100R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3100R version 4.1.2cu.5050 B20200504 Description: A critical issue affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi in the HTTP POST Request Handler component. The manipulation of the telnet enabled argument leads ...

CVE-2024-7120

A vulnerability, which was classified as critical, was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. This affects an unknown part of the file listbaseconfig.php of the component Web Interface. The manipulation of the argument template leads to os command injection. It is possible...

PT-2024-22557 · Ifm · Smart Plc Ac14Xx Firmware +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: A remote attacker with high privileges may use a writing file function to inject OS commands. There is no information provided about the estimated numbe...

USN-6856-1 fontforge vulnerabilities

It was discovered that FontForge incorrectly handled filenames. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform a command injection. CVE-2024-25081 It was discovered that FontForge incorrectly...

CVE-2024-6269

A vulnerability has been found in Ruijie RG-UAC 1.0 and classified as critical. This vulnerability affects the function getip.addrdetails of the file /view/vpn/autovpn/sxhvpnlic.php of the component HTTP POST Request Handler. The manipulation of the argument indevice leads to command injection. T...

CVE-2024-6186

A vulnerability, which was classified as critical, was found in Ruijie RG-UAC 1.0. This affects an unknown part of the file /view/userAuthentication/SSO/commit.php. The manipulation of the argument adlogname leads to os command injection. It is possible to initiate the attack remotely. The exploi...

CVE-2024-6187

A vulnerability has been found in Ruijie RG-UAC 1.0 and classified as critical. This vulnerability affects unknown code of the file /view/vpn/autovpn/subcommit.php. The manipulation of the argument key leads to os command injection. The attack can be initiated remotely. The exploit has been...

CVE-2024-6185

A vulnerability, which was classified as critical, has been found in Ruijie RG-UAC 1.0. Affected by this issue is the function getipaddrdetails of the file /view/dhcp/dhcpConfig/commit.php. The manipulation of the argument ethname leads to os command injection. The attack may be launched remotely...

PT-2024-37441 · Ruijie · Ruijie Rg-Uac

Name of the Vulnerable Software and Affected Versions: Ruijie RG-UAC version 1.0 Description: A critical vulnerability has been found in the file /view/vpn/autovpn/sub commit.php, where the manipulation of the key argument leads to os command injection. The attack can be initiated remotely. The...

PT-2024-27683 · Totolink · Totolink X6000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A6000R version 1.0.1-B20201211.2000 Description: A command injection issue allows a remote attacker to execute arbitrary code via the iface parameter in the vif enable function. This enables the attacker to inject and execute command...

PT-2024-5054

Name of the Vulnerable Software and Affected Versions GeoVision devices affected versions not specified Description The issue exists due to the failure to properly filter user input for specific functionality, allowing unauthenticated remote attackers to inject and execute arbitrary system comman...

PT-2024-4394 · Ruijie · Ruijie Rg-Uac

Name of the Vulnerable Software and Affected Versions: Ruijie RG-UAC version 1.0 Description: A critical issue has been found in the function get ip addr details of the file /view/dhcp/dhcpConfig/commit.php. The manipulation of the argument ethname leads to os command injection. The attack may be...

ASKEY 5G NR Small Cell 操作系统命令注入漏洞

The Askey 5G NR Small Cell is a 5G base station from China's Askey Electronic Technology Askey. An OS command injection vulnerability exists in ASKEY 5G NR Small Cell version V6, which stems from the inability to properly filter user input for certain functions, allowing an attacker to execute...

CVE-2024-5196

CVE-2024-5196 targets Arris VAP2500 v08.50. A vulnerability in /tools_command.php (parameter cmb_header/txt_command) allows remote command injection. Exploitation is possible remotely; public disclosure noted. No remediation details provided in the supplied documents.

CVE-2024-5194

A vulnerability was found in Arris VAP2500 08.50. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /assoctable.php. The manipulation of the argument id leads to command injection. The attack can be launched remotely. The exploit has been...

CVE-2024-4965

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in D-Link DAR-7000-40 V31R02B1413C and classified as critical. This issue affects some unknown processing of the file /useratte/resmanage.php. The manipulation of the argument load leads to os command injection. The attack may be initiated...

VulnCheck KEV: CVE-2023-50358

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network...

LoLLMs Operating System Command Injection Vulnerability

LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. An operating system command injection vulnerability exists in LoLLMs versions prior to 9.5 that stems from incorrect neutralization of special elements used in operating system commands, allowi...