CVE-2024-3871 Authenticated Remote Command Injection in Delta Electronics DVW

The Delta Electronics DVW-W02W2-E2 devices expose a web administration interface to users. This interface implements multiple features that are affected by command injections and stack overflows vulnerabilities. Successful exploitation of these flaws would allow remote unauthenticated attackers t...

Delta Electronics DVW-W02W2-E2 安全漏洞

Delta Electronics DVW-W02W2-E2 is an industrial wireless networking solution from Delta Electronics China. A security vulnerability exists in Delta Electronics DVW-W02W2-E2 version 2.5.2 and earlier, which stems from the presence of a command injection and stack overflow that allows a remote,...

PT-2024-11933 · Welotec · Tk515L +13

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: A remote attacker with low privileges can perform a command injection, potentially leading to root access. Recommendations: At the moment, there is no...

VulnCheck KEV: CVE-2024-13985

A command injection vulnerability in Dahua EIMS versions prior to 2240008 allows unauthenticated remote attackers to execute arbitrary system commands via the capturehandle.action interface. The flaw stems from improper input validation in the captureCommand parameter, which is processed without...

PT-2024-6464 · D Link · D-Link Dns-321 +16

Name of the Vulnerable Software and Affected Versions: D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04 versions up to 20240814...

PT-2024-6465 · D Link · D-Link Dns-321 +16

Name of the Vulnerable Software and Affected Versions: D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04 versions up to 20240814...

VulnCheck KEV: CVE-2020-12124

A remote command-line injection vulnerability in the /cgi-bin/liveapi.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication...

CVE-2024-3009

A vulnerability has been found in Tenda FH1205 2.0.0.7775 and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. The attack can be launched remotely. The exploit h...

CVE-2024-3009

A vulnerability has been found in Tenda FH1205 2.0.0.7775 and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. The attack can be launched remotely. The exploit h...

CVE-2024-3009

CVE-2024-3009 affects Tenda FH1205 firmware v2.0.0.7(775). The vulnerability lies in the function formWriteFacMac in the file /goform/WriteFacMac, where manipulating the mac argument leads to command injection. This can be triggered remotely over a network with no user interaction, and public exp...

CVE-2024-2991

A vulnerability has been found in Tenda FH1203 2.0.1.6 and classified as critical. This vulnerability affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. The attack can be initiated remotely. The exploit has been...

CVE-2024-2910

A vulnerability, which was classified as critical, has been found in Ruijie RG-EG350 up to 20240318. Affected by this issue is the function vpnAction of the file /itboxpi/vpnquicksetservice.php?a=setvpn of the component HTTP POST Request Handler. The manipulation of the argument...

CVE-2024-2910

A vulnerability, which was classified as critical, has been found in Ruijie RG-EG350 up to 20240318. Affected by this issue is the function vpnAction of the file /itboxpi/vpnquicksetservice.php?a=setvpn of the component HTTP POST Request Handler. The manipulation of the argument...

CVE-2024-2853

A vulnerability was found in Tenda AC10U 15.03.06.48/15.03.06.49. It has been rated as critical. This issue affects the function formSetSambaConf of the file /goform/setsambacfg. The manipulation of the argument usbName leads to os command injection. The attack may be initiated remotely. The...

CVE-2024-2851

A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20multi. It has been classified as critical. This affects the function formSetSambaConf of the file /goform/setsambacfg. The manipulation of the argument usbName leads to os command injection. It is possible to initiate the attack remotely...

CVE-2024-2812

A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20multi. It has been classified as critical. This affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to os command injection. It is possible to initiate the attack remotely. The...

CVE-2024-2707

A vulnerability has been found in Tenda AC10U 15.03.06.49 and classified as critical. This vulnerability affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to os command injection. The attack can be initiated remotely. The exploit has...

CVE-2024-2642

CVE-2024-2642 concerns Ruijie RG-NBS2009G-P devices (up to 20240305). Affected component: the /EXCU_SHELL file, where improper handling of the Command1 argument enables remote command injection. Sources across multiple documents confirm this vulnerability and indicate that the exploit has been pu...

PT-2024-2496 · Tenda · Tenda Ac7

Name of the Vulnerable Software and Affected Versions: Tenda AC7 version 15.03.06.44 Description: A critical issue is present in the Tenda AC7 router's software, related to the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the mac argument leads to os command...

PT-2024-2394 · Tenda · Tenda Ac10

Name of the Vulnerable Software and Affected Versions: Tenda AC10U versions 15.03.06.48 through 15.03.06.49 Description: A critical issue affects the function formSetSambaConf of the file /goform/setsambacfg. The manipulation of the argument usbName leads to os command injection. The attack may b...