408 matches found
CVE-2018-13418
System command injection in ajaxdata.php in TerraMaster TOS 3.1.03 allows attackers to execute system commands via the "newname" parameter...
CVE-2018-14893
A system command injection vulnerability in zyshclient in ZyXEL NSA325 V2 version 4.81 allows attackers to execute system commands via the web application API...
CVE-2018-16130
System command injection in requestmitv in Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute arbitrary system commands via the "payload" URL parameter...
CVE-2018-13353
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute commands via the "checkport" parameter...
CVE-2018-13354
System command injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "Event" parameter...
CVE-2018-13336
CVE-2018-13336 : TerraMaster TOS 3.1.03 contains a system command injection in the Ajax request path ajaxdata.php used during user creation. The vulnerability is exploitable via the pwd parameter, enabling an attacker to execute arbitrary system commands. According to NVD metrics, the issue has a...
CVE-2018-16130
Affected product: Xiaomi Mi Router 3, firmware 2.22.15. Vulnerability: system command injection in the /request_mitv endpoint via the payload URL parameter, allowing an attacker to execute arbitrary commands. Root cause: unsanitized “payload” parameter leading to command execution. Impact: high (...
CVE-2018-14893
CVE-2018-14893 concerns ZyXEL NSA325 V2 (firmware version 4.81) with a command injection vulnerability in the zyshclient component. The flaw permits an attacker to execute system commands via the web application API. Multiple sources (NVD, CVE records, CNVD) describe the same issue, identifying z...
CVE-2018-13354
TerraMaster TOS 3.1.03 is affected by a system command injection in logtable.php exposed via the Event parameter, enabling an attacker to execute arbitrary commands. Multiple sources (NVD, CNVD, OpenVAS, PRION, CVELIST) corroborate that the flaw is reachable remotely (network) with high/critical ...
CVE-2018-13330
TerraMaster TOS 3.1.03 is affected by a system command injection in ajaxdata.php during group creation via the groupname parameter. The vulnerability allows an attacker to execute system commands on the device. Connected advisories (CNVD-2019-00661, NVD CVE-2018-13330, PRION-CVE-2018-13330, OpenV...
CVE-2018-13316
CVE-2018-13316 describes a System command injection in the TOTOLINK A3002RU router (version 1.0.8) via the formAliasIp function, where an attacker can trigger command execution through the POST parameter subnet. The connected CNVD/CVE sources corroborate the model: TOTOLINK A3002RU is affected by...
CVE-2018-13307
TOTOLINK A3002RU (firmware 1.0.8) suffers a system command injection in the fromNtp handler, exploitable via the ntpServerIp2 POST parameter. The vulnerability allows an attacker to execute system commands, with the potential to render the device permanently inoperable. The provided documents do ...
CVE-2018-13023
The connected CNVD entry confirms a concrete vulnerability in Xiaomi Mi Router 3, affecting version 2.22.15, via the wifi_access endpoint. The root cause is a system command injection exploitable through the timeout URL parameter, enabling an attacker to execute arbitrary commands. CVSS info from...
CVE-2018-13353
TerraMaster TOS 3.1.03 contains a command injection vulnerability in ajaxdata.php via the checkport parameter. The issue allows an attacker to execute arbitrary commands, as indicated by CVE-2018-13353 with high severity (CVSS v3.0 base 8.8). The connected documents confirm the affected endpoint ...
CVE-2018-13338
TerraMaster TOS 3.1.03 is affected by a remote command injection in ajaxdata.php during user creation. The vulnerability enables an attacker to execute arbitrary system commands by manipulating the username parameter. This is documented in CVE-2018-13338 and reiterated in multiple checks (NVD ent...
CVE-2018-13314
The connected documents identify a concrete vulnerability: TOTOLINK A3002RU (firmware version 1.0.8) is affected by a system command injection in the formAliasIp function, exploitable via the ipAddr POST parameter. This allows an attacker to execute system commands on the device. The CNVD-2018-26...
CVE-2018-13306
CVE-2018-13306 corresponds to a command injection vulnerability in TOTOLINK A3002RU (firmware version 1.0.8) exploitable via the ftpUser POST parameter in the formDlna component. Multiple sources (NVD, CVE List, CNVD) confirm that an attacker can cause system command execution, with the NVD CVSS ...
CVE-2018-13358
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "checkName" parameter...
CVE-2018-13314
System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ipAddr" POST parameter...
CVE-2018-13316
System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "subnet" POST parameter...