19628 matches found
The vulnerability of the microprogrammed software of Zyxel ATP, USG FLEX, and USG FLEX 50(W)/USG20(W)-VPN devices allows a hacker to execute arbitrary commands.
The vulnerability of the microprogrammed network devices Zyxel ATP, USG FLEX, and USG FLEX 50W/USG20W-VPN exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary...
QNAP QTS and QuTS hero OS command injection vulnerability (CNVD-2025-27829)
QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...
The vulnerability of the microprogrammed network device software of Zyxel ATP, USG FLEX, and USG FLEX 50(W)/USG20(W)-VPN lies in the lack of measures to neutralize special elements used in the operating system’s command set. This allows attackers to execute arbitrary commands.
The vulnerability of the microprogrammed software in Zyxel ATP, USG FLEX, and USG FLEX 50W/USG20W-VPN devices is related to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary...
CVE-2023-36103
Command Injection vulnerability in goform/SetIPTVCfg interface of Tenda AC15 V15.03.05.20 allows remote attackers to run arbitrary commands via crafted POST request...
CVE-2023-36103
Command Injection vulnerability in goform/SetIPTVCfg interface of Tenda AC15 V15.03.05.20 allows remote attackers to run arbitrary commands via crafted POST request...
CVE-2024-43386
A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable EMAILNOTIFICATION.TO in mGuard devices...
PT-2024-30546 · Mguard · Mguard
Name of the Vulnerable Software and Affected Versions: mGuard devices affected versions not specified Description: A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable EMAIL NOTIFICATION.TO...
The vulnerability of the microprogramming software of Mitel telephones of models 6800, 6900, 6970, and 6900w lies in the fact that it allows for the insertion or modification of arguments, enabling a perpetrator to execute arbitrary commands.
The vulnerability of the microprogramming software in SIP phones of the Mitel series 6800, 6900, 6970, and 6900w is related to the implementation or modification of arguments. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
CVE-2024-44335
D-Link DI-7003G v19.12.24A1, DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command Execution RCE via versionupgrade.asp...
CVE-2024-44334
D-Link DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command Execution due to insufficient parameter filtering in the CGI handling function of upgradefilter.asp...
CVE-2024-44333
D-Link DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command Execution. An attacker can achieve arbitrary command execution by sending a carefully crafted malicious...
CVE-2024-44335
Affected devices: D-Link DI-7003G (v19.12.24A1), DI-7003GV2 (v24.04.18D1), DI-7100G+V2 (v24.04.18D1), DI-7100GV2 (v24.04.18D1), DI-7200GV2 (v24.04.18E1), DI-7300G+V2 (v24.04.18D1), and DI-7400G+V2 (v24.04.18D1). RedHat and NVD descriptions confirm a Remote Command Execution (RCE) vulnerability vi...
CVE-2024-44334
D-Link DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command Execution due to insufficient parameter filtering in the CGI handling function of upgradefilter.asp...
CVE-2024-44334
D-Link DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command Execution due to insufficient parameter filtering in the CGI handling function of upgradefilter.asp...
CVE-2024-44335
D-Link DI-7003G v19.12.24A1, DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command Execution RCE via versionupgrade.asp...
PT-2024-6438 · D Link · Di-7200Gv2 +4
Name of the Vulnerable Software and Affected Versions: D-Link DI-7003GV2 version 24.04.18D1 D-Link DI-7100G+V2 version 24.04.18D1 D-Link DI-7100GV2 version 24.04.18D1 D-Link DI-7200GV2 version 24.04.18E1 D-Link DI-7300G+V2 version 24.04.18D1 D-Link DI-7400G+V2 version 24.04.18D1 Description: The...
CVE-2024-44333
CVE-2024-44333 affects multiple D-Link routers (DI-7003GV2, DI-7100G+V2, DI-7100GV2, DI-7200GV2, DI-7300G+V2, DI-7400G+V2). The issue is a Remote Command Execution in the CGI handling usb_paswd.asp, caused by insufficient input handling in that function. An attacker can send a crafted string to e...
CVE-2024-44333
D-Link DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command Execution. An attacker can achieve arbitrary command execution by sending a carefully crafted malicious...
PT-2024-6519 · D Link · Di-7200Gv2 +5
Name of the Vulnerable Software and Affected Versions: D-Link DI-7003G version 19.12.24A1 D-Link DI-7003GV2 version 24.04.18D1 D-Link DI-7100G+V2 version 24.04.18D1 D-Link DI-7100GV2 version 24.04.18D1 D-Link DI-7200GV2 version 24.04.18E1 D-Link DI-7300G+V2 version 24.04.18D1 D-Link DI-7400G+V2...
PT-2024-6387 · Zyxel · Zyxel Nas326 +1
Name of the Vulnerable Software and Affected Versions: Zyxel NAS326 versions through V5.21AAZF.18C0 Zyxel NAS542 versions through V5.21ABAG.15C0 Description: A command injection vulnerability in the export-cgi program of Zyxel NAS326 and NAS542 firmware could allow an unauthenticated attacker to...