CVE-2019-13539

Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform VLFT10GEN software version 4.0.0 and below, and Valleylab FX8 Energy Platform VLFX8GEN software version 1.1.0 and below use the descrypt algorithm for OS password hashing. While interactive, network-based...

CVE-2013-0694

The Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier have hardcoded credentials in a ROM, which makes it easier for remote attackers to obtain shell access to the underlying OS by...

CVE-2016-20016

MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108HE, contain a web shell that is accessible via a /shell URI. A remote unauthenticated attacker can execute arbitrary operating system commands as root. This vulnerability has also been referred to as the "JAWS webserver RCE"...

CVE-2025-44084

D-link DI-8100 16.07.26A1 is vulnerable to Command Injection. An attacker can exploit this vulnerability by crafting specific HTTP requests, triggering the command execution flaw and gaining the highest privilege shell access to the firmware system...

Asterisk 操作系统命令注入漏洞

Asterisk is an Asterisk open source software for PBX systems that runs on Linux and supports IP calls using SIP, IAX, and H323 protocols. Asterisk suffers from an operating system command injection vulnerability that stems from a clipermissions.conf configuration failure, which could lead to...

PT-2025-22244 · D Link · D-Link Di-8100

Name of the Vulnerable Software and Affected Versions: D-link DI-8100 version 16.07.26A1 Description: The issue allows an attacker to exploit a Command Injection flaw by crafting specific HTTP requests. This triggers the command execution flaw and can provide the attacker with the highest privile...

CVE-2025-44084

D-link DI-8100 16.07.26A1 is vulnerable to Command Injection. An attacker can exploit this vulnerability by crafting specific HTTP requests, triggering the command execution flaw and gaining the highest privilege shell access to the firmware system...

Tenda RX2 Pro setLanCfg API Endpoint Input Validation Error Vulnerability

Tenda RX2 Pro is a high performance WiFi 6 signal amplifier from Tenda China. The Tenda RX2 Pro suffers from an input validation error vulnerability that stems from a lack of input validation in the setLanCfg API endpoint, which can be exploited by an attacker to gain root shell access...

CVE-2024-11861

EnerSys AMPA 22.09 and prior versions are vulnerable to command injection leading to privileged remote shell access...

CVE-2024-12442

EnerSys AMPA versions 24.04 through 24.16, inclusive, are vulnerable to command injection leading to privileged remote shell access...

CVE-2024-12442 Command injection in EnerSys AMPA versions 24.04 through 24.16, inclusive

EnerSys AMPA versions 24.04 through 24.16, inclusive, are vulnerable to command injection leading to privileged remote shell access...

CVE-2024-11861

The CVE-2024-11861 entry details a command-injection vulnerability in EnerSys AMPA 22.09 and earlier, enabling privileged remote shell access via vulnerable components. Affected software: EnerSys AMPA (versions ≤ 22.09). Root cause: command-injection flaw as described in multiple sources. Impact:...

CVE-2024-11861 Command injection in EnerSys AMPA 22.09 and prior versions

EnerSys AMPA 22.09 and prior versions are vulnerable to command injection leading to privileged remote shell access...

PT-2025-20556 · Enersys · Enersys Ampa

Name of the Vulnerable Software and Affected Versions: EnerSys AMPA versions 24.04 through 24.16 Description: The issue allows for command injection, which can lead to privileged remote shell access. Recommendations: For EnerSys AMPA versions 24.04 through 24.16, update to a version that is not...

CVE-2025-46628

Lack of input validation/sanitization in the 'ate' management service in the Tenda RX2 Pro 16.03.30.14 allows an unauthorized remote attacker to gain root shell access to the device by sending a crafted UDP packet to the 'ate' service when it is enabled. Authentication is not needed...

CVE-2025-46628

Lack of input validation/sanitization in the 'ate' management service in the Tenda RX2 Pro 16.03.30.14 allows an unauthorized remote attacker to gain root shell access to the device by sending a crafted UDP packet to the 'ate' service when it is enabled. Authentication is not needed...

CVE-2025-32886

An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. All packets sent over RF are also sent over UART with USB Shell, allowing someone with local access to gain information about the protocol and intercept sensitive data...

CVE-2025-46628

Lack of input validation/sanitization in the 'ate' management service in the Tenda RX2 Pro 16.03.30.14 allows an unauthorized remote attacker to gain root shell access to the device by sending a crafted UDP packet to the 'ate' service when it is enabled. Authentication is not needed...

PT-2025-18477 · D Link · D-Link Dir-816

Name of the Vulnerable Software and Affected Versions: D-Link DIR-816 version A2V1.1.0B05 Description: The issue is related to a command injection in iptablesWebsFilterRun, allowing remote attackers to execute arbitrary commands via the shell. This enables attackers to potentially gain unauthoriz...

Tenda RX2 Pro 安全漏洞

Tenda RX2 Pro is a high performance WiFi 6 signal amplifier from Tenda China. The Tenda RX2 Pro suffers from an input validation error vulnerability that stems from a lack of input validation in the setLanCfg API endpoint, which can be exploited by an attacker to gain root shell access...