CVE-2023-51019

TOTOlink EX1800T v9.1.0cu.2112B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘key5g’ parameter of the setWiFiExtenderConfig interface of the cstecgi .cgi...

CVE-2023-51015

TOTOLINX EX1800T v9.1.0cu.2112B20220316 is vulnerable to arbitrary command execution in the ‘enable parameter’ of the setDmzCfg interface of the cstecgi .cgi...

CVE-2023-51126

Command injection vulnerability in /usr/www/res.php in FLIR AX8 up to 1.46.16 allows attackers to run arbitrary commands via the value parameter. NOTE: The vendor has stated that with the introduction of firmware version 1.49.16 Jan 2023 the FLIR AX8 should no longer be affected by the...

CVE-2023-51023

TOTOlink EX1800T v9.1.0cu.2112B20220316 is vulnerable to arbitrary command execution in the ‘hosttime’ parameter of the NTPSyncWithHost interface of the cstecgi .cgi...

CVE-2023-6078

An OS Command Injection vulnerability exists in BIOVIA Materials Studio products from Release BIOVIA 2021 through Release BIOVIA 2023. Upload of a specially crafted perl script can lead to arbitrary command execution...

CVE-2023-24333

A stack overflow vulnerability in Tenda AC21 with firmware version USAC21V1.0reV16.03.08.15cnTDC01 allows attackers to run arbitrary commands via crafted POST request to /goform/openSchedWifi...

CVE-2023-46683

A post authentication command injection vulnerability exists when configuring the wireguard VPN functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection . An attacker can make an authenticated...

CVE-2023-39544

CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command...

CVE-2023-26286

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX runtime services library to execute arbitrary commands. IBM X-Force ID: 248421...

CVE-2023-35019

IBM Security Verify Governance, Identity Manager 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 257873...

CVE-2023-51034

TOTOlink EX1200L V9.3.5u.6146B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi UploadFirmwareFile interface...

CVE-2023-49695

OS command injection vulnerability in WRC-X3000GSN v1.0.2, WRC-X3000GS v1.0.24 and earlier, and WRC-X3000GSA v1.0.24 and earlier allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command by sending a specially crafted request to the product...

CVE-2023-43608

A data integrity vulnerability exists in the BRNOCHECKHASHFOR functionality of Buildroot 2023.08.1 and dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder...

CVE-2023-48886

A deserialization vulnerability in NettyRpc v1.2 allows attackers to execute arbitrary commands via sending a crafted RPC request...

CVE-2023-43207

D-LINK DWL-6610 FWv4.3.0.8B003C was discovered to contain a command injection vulnerability in the function configuploadhandler. This vulnerability allows attackers to execute arbitrary commands via the configRestore parameter...

CVE-2023-41149

F-RevoCRM version7.3.7 and version7.3.8 contains an OS command injection vulnerability. If this vulnerability is exploited, an attacker who can access the product may execute an arbitrary OS command on the server where the product is running...

CVE-2023-40193

Deco M4 firmware versions prior to 'Deco M4JPV21.5.8 Build 20230619' allows a network-adjacent authenticated attacker to execute arbitrary OS commands...

CVE-2023-39944

OS command injection vulnerability in WRC-F1167ACF all versions, and WRC-1750GHBK all versions allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request...

CVE-2023-3991

An OS command injection vulnerability exists in the httpd iperfrun.cgi functionality of FreshTomato 2023.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2023-39455

OS command injection vulnerability in ELECOM wireless LAN routers allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WRC-600GHBK-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all...