Lucene search
K

19628 matches found

BDU FSTEC
BDU FSTEC
added 2024/09/16 12:0 a.m.4 views

The vulnerability of the microprogrammed software of Zyxel ATP, USG FLEX, and USG FLEX 50(W)/USG20(W)-VPN devices allows a hacker to execute arbitrary commands.

The vulnerability of the microprogrammed network devices Zyxel ATP, USG FLEX, and USG FLEX 50W/USG20W-VPN exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

9CVSS6.2AI score0.01339EPSS
Exploits0References2Affected Software4
CNVD
CNVD
added 2024/09/11 12:0 a.m.2 views

QNAP QTS and QuTS hero OS command injection vulnerability (CNVD-2025-27829)

QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...

7.2CVSS7.7AI score0.01073EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/09/11 12:0 a.m.4 views

The vulnerability of the microprogrammed network device software of Zyxel ATP, USG FLEX, and USG FLEX 50(W)/USG20(W)-VPN lies in the lack of measures to neutralize special elements used in the operating system’s command set. This allows attackers to execute arbitrary commands.

The vulnerability of the microprogrammed software in Zyxel ATP, USG FLEX, and USG FLEX 50W/USG20W-VPN devices is related to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

9CVSS6.2AI score0.01339EPSS
Exploits0References4Affected Software4
OSV
OSV
added 2024/09/10 4:15 p.m.4 views

CVE-2023-36103

Command Injection vulnerability in goform/SetIPTVCfg interface of Tenda AC15 V15.03.05.20 allows remote attackers to run arbitrary commands via crafted POST request...

9.8CVSS6AI score0.01436EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2024/09/10 4:15 p.m.9 views

CVE-2023-36103

Command Injection vulnerability in goform/SetIPTVCfg interface of Tenda AC15 V15.03.05.20 allows remote attackers to run arbitrary commands via crafted POST request...

9.8CVSS6AI score0.01436EPSS
Exploits1References2
OSV
OSV
added 2024/09/10 9:15 a.m.5 views

CVE-2024-43386

A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable EMAILNOTIFICATION.TO in mGuard devices...

8.8CVSS6AI score0.0074EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/09/10 12:0 a.m.5 views

PT-2024-30546 · Mguard · Mguard

Name of the Vulnerable Software and Affected Versions: mGuard devices affected versions not specified Description: A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable EMAIL NOTIFICATION.TO...

8.8CVSS7.7AI score0.0074EPSS
Exploits0References10
BDU FSTEC
BDU FSTEC
added 2024/09/10 12:0 a.m.4 views

The vulnerability of the microprogramming software of Mitel telephones of models 6800, 6900, 6970, and 6900w lies in the fact that it allows for the insertion or modification of arguments, enabling a perpetrator to execute arbitrary commands.

The vulnerability of the microprogramming software in SIP phones of the Mitel series 6800, 6900, 6970, and 6900w is related to the implementation or modification of arguments. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

7.7CVSS8.4AI score0.4161EPSS
Exploits3References4
NVD
NVD
added 2024/09/09 6:15 p.m.13 views

CVE-2024-44335

D-Link DI-7003G v19.12.24A1, DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command Execution RCE via versionupgrade.asp...

8.8CVSS0.12441EPSS
Exploits0References2
NVD
NVD
added 2024/09/09 6:15 p.m.11 views

CVE-2024-44334

D-Link DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command Execution due to insufficient parameter filtering in the CGI handling function of upgradefilter.asp...

8.8CVSS0.31751EPSS
Exploits0References2
NVD
NVD
added 2024/09/09 5:15 p.m.13 views

CVE-2024-44333

D-Link DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command Execution. An attacker can achieve arbitrary command execution by sending a carefully crafted malicious...

8.8CVSS0.12441EPSS
Exploits0References2
CVE
CVE
added 2024/09/09 12:0 a.m.45 views

CVE-2024-44335

Affected devices: D-Link DI-7003G (v19.12.24A1), DI-7003GV2 (v24.04.18D1), DI-7100G+V2 (v24.04.18D1), DI-7100GV2 (v24.04.18D1), DI-7200GV2 (v24.04.18E1), DI-7300G+V2 (v24.04.18D1), and DI-7400G+V2 (v24.04.18D1). RedHat and NVD descriptions confirm a Remote Command Execution (RCE) vulnerability vi...

8.8CVSS7.5AI score0.12441EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/09/09 12:0 a.m.9 views

CVE-2024-44334

D-Link DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command Execution due to insufficient parameter filtering in the CGI handling function of upgradefilter.asp...

7.2AI score0.31751EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/09/09 12:0 a.m.60 views

CVE-2024-44334

D-Link DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command Execution due to insufficient parameter filtering in the CGI handling function of upgradefilter.asp...

0.31751EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/09/09 12:0 a.m.10 views

CVE-2024-44335

D-Link DI-7003G v19.12.24A1, DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command Execution RCE via versionupgrade.asp...

7.2AI score0.12441EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/09/09 12:0 a.m.4 views

PT-2024-6438 · D Link · Di-7200Gv2 +4

Name of the Vulnerable Software and Affected Versions: D-Link DI-7003GV2 version 24.04.18D1 D-Link DI-7100G+V2 version 24.04.18D1 D-Link DI-7100GV2 version 24.04.18D1 D-Link DI-7200GV2 version 24.04.18E1 D-Link DI-7300G+V2 version 24.04.18D1 D-Link DI-7400G+V2 version 24.04.18D1 Description: The...

8.8CVSS8.5AI score0.12441EPSS
Exploits0References7
CVE
CVE
added 2024/09/09 12:0 a.m.43 views

CVE-2024-44333

CVE-2024-44333 affects multiple D-Link routers (DI-7003GV2, DI-7100G+V2, DI-7100GV2, DI-7200GV2, DI-7300G+V2, DI-7400G+V2). The issue is a Remote Command Execution in the CGI handling usb_paswd.asp, caused by insufficient input handling in that function. An attacker can send a crafted string to e...

8.8CVSS7.5AI score0.12441EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/09/09 12:0 a.m.10 views

CVE-2024-44333

D-Link DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command Execution. An attacker can achieve arbitrary command execution by sending a carefully crafted malicious...

7.4AI score0.12441EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/09/09 12:0 a.m.3 views

PT-2024-6519 · D Link · Di-7200Gv2 +5

Name of the Vulnerable Software and Affected Versions: D-Link DI-7003G version 19.12.24A1 D-Link DI-7003GV2 version 24.04.18D1 D-Link DI-7100G+V2 version 24.04.18D1 D-Link DI-7100GV2 version 24.04.18D1 D-Link DI-7200GV2 version 24.04.18E1 D-Link DI-7300G+V2 version 24.04.18D1 D-Link DI-7400G+V2...

8.8CVSS8.2AI score0.12441EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/09/09 12:0 a.m.11 views

PT-2024-6387 · Zyxel · Zyxel Nas326 +1

Name of the Vulnerable Software and Affected Versions: Zyxel NAS326 versions through V5.21AAZF.18C0 Zyxel NAS542 versions through V5.21ABAG.15C0 Description: A command injection vulnerability in the export-cgi program of Zyxel NAS326 and NAS542 firmware could allow an unauthenticated attacker to...

9.8CVSS8.4AI score0.02064EPSS
Exploits0References33
Rows per page
Query Builder