CVE-2024-41136

An authenticated command injection vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateways Command Line Interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system...

CVE-2024-48637

D-Link DIR882FW130B06 and DIR878 DIR878FW130B08 were discovered to contain a command injection vulnerability via the VLANID:1/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request...

CVE-2024-57036

TOTOLINK A810R V4.1.2cu.5032B20200407 was found to contain a command insertion vulnerability in downloadFile.cgi main function. This vulnerability allows an attacker to execute arbitrary commands by sending HTTP request...

CVE-2024-57473

H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the mac address editing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to...

CVE-2024-57480

H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the AP configuration function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs...

CVE-2024-53940

An issue was discovered in Victure RX1800 WiFi 6 Router software ENV1.0.0r12110933, hardware 1.0 devices. Certain /cgi-bin/luci/admin endpoints are vulnerable to command injection. Attackers can exploit this by sending crafted payloads through parameters intended for the ping utility, enabling...

CVE-2024-52723

In TOTOLINK X6000R V9.4.0cu.1041B20240224 in the shttpd file, the UciSet Str function is used without strict parameter filtering. An attacker can achieve arbitrary command execution by constructing the payload...

CVE-2024-6542

Improper neutralization of livestatus command delimiters in mknotifyd in Checkmk = 2.0.0p39, 2.1.0p47, 2.2.0p32 and 2.3.0p11 allows arbitrary livestatus command execution...

CVE-2024-52010

Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. A command injection vulnerability in the Web SSH feature allows an authenticated attacker to execute arbitrary commands as root on the host. Zoraxy has a Web SSH terminal feature that allows authenticated users to connect to SSH...

CVE-2024-51010

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a command injection vulnerability in the component apmode.cgi via the apmodegateway parameter. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request...

CVE-2024-51023

D-Link DIR823G 1.0.2B05 was discovered to contain a command injection vulnerability via the Address parameter in the SetNetworkTomographySettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request...

CVE-2024-51251

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the backup function...

CVE-2024-51299

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the dumpSyslog function...

CVE-2024-51296

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the pingtrace function...

CVE-2024-51304

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the ldapsearchdn function...

CVE-2023-39367

An OS command injection vulnerability exists in the web interface mac2name functionality of Peplink Smart Reader v1.2.0 in QEMU. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2023-52038

An issue discovered in TOTOLINK X6000R v9.4.0cu.852B20230719 allows attackers to run arbitrary commands via the sub415C80 function...

CVE-2023-52040

An issue discovered in TOTOLINK X6000R v9.4.0cu.852B20230719 allows attackers to run arbitrary commands via the sub41284C function...

CVE-2023-50147

There is an arbitrary command execution vulnerability in the setDiagnosisCfg function of the cstecgi .cgi of the TOTOlink A3700R router device in its firmware version V9.1.2u.5822B20200513...

CVE-2023-49236

A stack-based buffer overflow was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices, leading to arbitrary command execution. This occurs because of lack of length validation during an sscanf of a user-entered scale field in the RTSP playback function of davinci...