78 matches found
CVE-2025-67038
Summary: CVE-2025-67038 affects Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module concatenates the username into a shell command used for logging on authentication failures, allowing injection of arbitrary OS commands with root privileges. Multiple sources (NVD, Red Hat, CISA KEV, CNNVD) describe ...
CVE-2025-67038
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication fails. The username is directly concatenated with the command without any sanitization. This allow attackers to inject arbitrary OS commands into the...
CVE-2024-55020
A command injection vulnerability in the DHCP activation feature of Weintek cMT-3072XH2 easyweb Web Version v2.1.53, OS v20231011 allows attackers to execute arbitrary commands with root privileges...
PT-2025-47891
CERT/CC Warns of Unpatched Root-Level Command Injection Flaws in Tenda 4G03 Pro and N300 Routers CVE-2025-13207, CVE-2024-24481 https://t.co/ZUXQixklyd...
CVE-2022-50596
D-Link DIR-1260 Wi-Fi router firmware versions up to and including v1.20B05 contain a command injection vulnerability within the web management interface that allows for unauthenticated attackers to execute arbitrary commands on the device with root privileges. The flaw specifically exists within...
CVE-2025-41699
Phoenix Contact CHARX SEC-3xxx charging controllers are affected by CVE-2025-41699. The vulnerability is a code injection (CWE-94) that an attacker with a low-privileged remote account for the Web-based management can exploit to change system configuration and perform a root command injection, co...
EUVD-2017-15291
Malware in sbrugna...
EUVD-2025-31217
Malicious code in bioql PyPI...
EUVD-2025-31180
Malicious code in bioql PyPI...
CVE-2025-35027
Multiple robotic products by Unitree sharing a common firmware, including the Go2, G1, H1, and B2 devices, contain a command injection vulnerability. By setting a malicious string when configuring the on-board WiFi via a BLE module of an affected robot, then triggering a restart of the WiFi...
CVE-2025-60017
Unitree Go2, G1, H1, and B2 devices through 2025-09-20 allow root OS command injection via the hostapdrestart.sh wifissid or wifipass parameter within restartwifiap and restartwifista...
CVE-2025-60017
Unitree Go2, G1, H1, and B2 devices through 2025-09-20 allow root OS command injection via the hostapdrestart.sh wifissid or wifipass parameter within restartwifiap and restartwifista...
CVE-2025-60017
Unitree Go2, G1, H1, and B2 devices through 2025-09-20 allow root OS command injection via the hostapdrestart.sh wifissid or wifipass parameter within restartwifiap and restartwifista...
CVE-2025-60017
CVE-2025-60017 affects Unitree Go2, G1, H1 and B2 devices through 2025-09-20. The root cause is a command injection in the hostapd_restart.sh flow, triggered by crafted values for wifi_ssid or wifi_pass used by restart_wifi_ap and restart_wifi_sta. This leads to potential root-level command execu...
CVE-2025-41684 Weidmueller: Root Command Injection via Unsanitized Input in tls_iotgen_setting Endpoint
An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the Main Web Interface endpoint tlsiotgensetting...
CVE-2025-41684
An authenticated remote attacker can execute arbitrary commands with root privileges via the tls_iotgen_setting endpoint in the Main Web Interface of affected Apache IoT devices. Root cause is improper sanitizing of user input, enabling command injection. Impact is full control of the device at r...
CVE-2025-41683 Weidmueller: Root Command Injection via Unsanitized Input in event_mail_test Endpoint
An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the Main Web Interface endpoint eventmailtest...
CVE-2025-41683 Weidmueller: Root Command Injection via Unsanitized Input in event_mail_test Endpoint
An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the Main Web Interface endpoint eventmailtest...
CVE-2023-23295
Korenix Jetwave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection via /goform/formSysCmd. An attacker an modify the sysCmd parameter in order to execute commands as root...
CVE-2022-36309
Airspan AirVelocity 1500 software versions prior to 15.18.00.2511 have a root command injection vulnerability in the ActiveBank parameter of the recoverySubmit.cgi script running on the eNodeB's web management UI. This issue may affect other AirVelocity and AirSpeed models...