CVE-2023-23356

A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands. We have already fixed the vulnerability in the following versions:...

CVE-2023-2522

A vulnerability was found in Chengdu VEC40G 3.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /sendorder.cgi?parameter=accessdetect of the component Network Detection. The manipulation of the argument COUNT with the input 3 | netstat -an...

CVE-2023-20219

Multiple vulnerabilities in the web management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The attacker would need valid device credentials but does not require...

CVE-2022-30105

In Belkin N300 Firmware 1.00.08, the script located at /settinghidden.asp, which is accessible before and after configuring the device, exhibits multiple remote command injection vulnerabilities. The following parameters in the form name form; list vulnerable parameters, are not properly sanitize...

CVE-2022-29516

The web console of FUJITSU Network IPCOM series IPCOM EX2 IN3200, 3500, IPCOM EX2 LB1100, 3200, 3500, IPCOM EX2 SC1100, 3200, 3500, IPCOM EX2 NW1100, 3200, 3500, IPCOM EX2 DC, IPCOM EX2 DC, IPCOM EX IN2300, 2500, 2700, IPCOM EX LB1100, 1300, 2300, 2500, 2700, IPCOM EX SC1100, 1300, 2300, 2500,...

CVE-2022-23661

A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager versions: 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability...

CVE-2022-24553

An issue was found in Zfaka = 1.4.5. The verification of the background file upload function check is not strict, resulting in remote command execution...

CVE-2022-28076

Seacms v11.6 was discovered to contain a remote command execution RCE vulnerability via the Mail Server Settings...

CVE-2022-28810

Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary operating OS commands as SYSTEM via the policy custom script feature. Due to the use of a default administrator password, attackers may be able to abuse this functionality with...

CVE-2022-37780

Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1.17 were discovered to contain a remote command execution RCE vulnerability via the pingAddr parameter of the tracert function...

CVE-2022-37880

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to comple...

CVE-2022-31814

pfSense pfBlockerNG through 2.1.426 allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host header. NOTE: 3.x is unaffected...

CVE-2022-46552

D-Link DIR-846 Firmware FW100A53DBR was discovered to contain a remote command execution RCE vulnerability via the lan0dhcpsstaticlist parameter. This vulnerability is exploited via a crafted POST request...

CVE-2022-43946

Multiple vulnerabilities including an incorrect permission assignment for critical resource CWE-732 vulnerability and a time-of-check time-of-use TOCTOU race condition CWE-367 vulnerability in Fortinet FortiClientWindows before 7.0.7 allows attackers on the same file sharing network to execute...

CVE-2022-25441

Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution RCE vulnerability via the vlanid parameter in the SetIPTVCfg function...

CVE-2022-25438

Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution RCE vulnerability via the SetIPTVCfg function...

CVE-2022-25390

DCN Firewall DCME-520 was discovered to contain a remote command execution RCE vulnerability via the host parameter in the file /system/tool/ping.php...

CVE-2022-24630

An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. BrowseFiles.php allows a ?cmd=ssh POST request with an sshcommand field that is executed...

CVE-2025-46176

Hardcoded credentials in the Telnet service in D-Link DIR-605L v2.13B01 and DIR-816L v2.06B01 allow attackers to remotely execute arbitrary commands via firmware analysis...

CVE-2025-46176

Hardcoded credentials in the Telnet service in D-Link DIR-605L v2.13B01 and DIR-816L v2.06B01 allow attackers to remotely execute arbitrary commands via firmware analysis...