CVE-2021-20141

An unauthenticated command injection vulnerability exists in the parameters of operation 32 in the controllerserver service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet t...

CVE-2021-20142

An unauthenticated command injection vulnerability exists in the parameters of operation 41 in the controllerserver service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet t...

CVE-2021-20140

An unauthenticated command injection vulnerability exists in the parameters of operation 10 in the controllerserver service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet t...

CVE-2019-6288

Edgecore ECS2020 Firmware 1.0.0.0 devices allow Unauthenticated Command Injection via the command1 HTTP header to the /EXCUSHELL URI...

CVE-2021-36380

Sunhillo SureLine before 8.7.0.1.1 allows Unauthenticated OS Command Injection via shell metacharacters in ipAddr or dnsAddr /cgi/networkDiag.cgi...

CVE-2021-38528

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D8500 before 1.0.3.58, R6900P before 1.3.2.132, R7000P before 1.3.2.132, R7100LG before 1.0.0.64, WNDR3400v3 before 1.0.1.38, and XR300 before 1.0.3.56...

CVE-2021-38530

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK40 before 2.5.1.16, RBR40 before 2.5.1.16, RBS40 before 2.5.1.16, RBK20 before 2.5.1.16, RBR20 before 2.5.1.16, RBS20 before 2.5.1.16, RBK50 before 2.5.1.16, RBR50 before 2.5.1.16, RBS50 befo...

CVE-2020-7388 Sage X3 AdxAdmin Unauthenticated Command Execution Bypass by Spoofing

Sage X3 Unauthenticated Remote Command Execution RCE as SYSTEM in AdxDSrv.exe component. By editing the client side authentication request, an attacker can bypass credential validation. While exploiting this does require knowledge of the installation path, that information can be learned by...

Backdoor.Win32.Zombam.l Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/9729e9fc004ea49d3c2ddee28736dae3B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Zombam.l Vulnerability: Unauthenticated URL Command Injection Description: Zombam...

CVE-2021-33514

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker via the vulnerable /sqfs/lib/libsal.so.0.0 library used by a CGI application, as demonstrated by setup.cgi?token=';$HTTPUSERAGENT;' with an OS command in the User-Agent field. This affects GC108P before...

CVE-2020-27227

An exploitable unatuhenticated command injection exists in the OpenClinic GA 5.173.3. Specially crafted web requests can cause commands to be executed on the server. An attacker can send a web request with parameters containing specific parameter to trigger this vulnerability, potentially allowin...

CVE-2020-27227

OpenClinic GA 5.173.3 is affected by an unauthenticated command injection. TALOS-2020-1203 documents that specially crafted requests to the server (notably POST to /openclinic/util/shell.jsp with parameters such as c=whoami) can execute commands, potentially exfiltrating the database and credenti...

CVE-2021-29077

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBW30 before 2.6.2.2, RBS40V before 2.6.2.4, RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12,...

CVE-2021-29079

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12...

CVE-2021-20198

A flaw was found in the OpenShift Installer before version v0.9.0-master.0.20210125200451-95101da940b0. During installation of OpenShift Container Platform 4 clusters, bootstrap nodes are provisioned with anonymous authentication enabled on kubelet port 10250. A remote attacker able to reach this...

CVE-2019-25024

OpenRepeater (ORP) prior to 2.2 is affected by an unauthenticated command-injection vulnerability. The issue arises from unsafely handling shell metacharacters in the functions/ajax_system.php post_service parameter, enabling arbitrary command execution on the vulnerable system. Reported across m...

Selea Targa IP OCR-ANPR Camera Remote Code Execution

!/bin/bash Selea Targa IP OCR-ANPR Camera Unauthenticated Remote Code Execution Vendor: Selea s.r.l. Product web page: https://www.selea.com Affected version: Model: iZero Targa 512 Targa 504 Targa Semplice Targa 704 TKM Targa 805 Targa 710 INOX Targa 750 Targa 704 ILB Firmware: BLD201113005214...

Terramaster TOS < 4.2.07 Multiple Vulnerabilities - Active Check

Terramaster TOS is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2020-35797

NETGEAR NMS300 devices before 1.6.0.27 are affected by command injection by an unauthenticated attacker...

CVE-2020-35798

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects R6400v2 before 1.0.4.84, R6700v3 before 1.0.4.84, R6900P before 1.3.2.124, R7000 before 1.0.11.100, R7000P before 1.3.2.124, R7800 before 1.0.2.74, R7850 before 1.0.5.60, R7900 before 1.0.4.26,...