CVE-2023-51033

TOTOlink EX1200L V9.3.5u.6146B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi setOpModeCfg interface...

CVE-2023-37777

A SQL injection vulnerability exists in Synnefo Internet Management Software IMS version 2023 and earlier. This vulnerability occurs due to improper input validation in a specific API endpoint parameter allowing an attacker to manipulate SQL queries via crafted input. Successful exploitation coul...

CVE-2023-24671

VX Search v13.8 and v14.7 was discovered to contain an unquoted service path vulnerability which allows attackers to execute arbitrary commands at elevated privileges via a crafted executable file...

CVE-2023-24583

Two OS command injection vulnerabilities exist in the urvpnclient cmdnameaction functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This OS command injectio...

CVE-2023-24157

A command injection vulnerability in the serverIp parameter in the function updateWifiInfo of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet...

CVE-2023-24762

OS Command injection vulnerability in D-Link DIR-867 DIR867FW1.30B07 allows attackers to execute arbitrary commands via a crafted LocalIPAddress parameter for the SetVirtualServerSettings to HNAP1...

CVE-2022-25134

A command injection vulnerability in the function setUpgradeFW of TOTOLINK Technology router T6 V3Firmware T6V3V4.1.5cu.748B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet...

CVE-2022-43486

Hidden functionality vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to enable the debug functionalities and execute an arbitrary command on the affected devices...

CVE-2022-28491

TOTOLink outdoor CPE CP900 V6.3c.566B20171026 contains a command injection vulnerability in the NTPSyncWithHost function via the hostname parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2022-28583

It is found that there is a command injection vulnerability in the setWiFiWpsCfg interface in TOTOlink A7100RU v7.4cu.2313b20191024 router, which allows an attacker to execute arbitrary commands through a carefully constructed payload...

CVE-2022-40176

A vulnerability has been identified in Desigo PXM30-1 All versions V02.20.126.11-41, Desigo PXM30.E All versions V02.20.126.11-41, Desigo PXM40-1 All versions V02.20.126.11-41, Desigo PXM40.E All versions V02.20.126.11-41, Desigo PXM50-1 All versions V02.20.126.11-41, Desigo PXM50.E All versions...

CVE-2022-48074

An issue in NoMachine before v8.2.3 allows attackers to execute arbitrary commands via a crafted .nxs file...

CVE-2022-44000

An issue was discovered in BACKCLICK Professional 5.9.63. Due to an exposed internal communications interface, it is possible to execute arbitrary system commands on the server...

CVE-2022-25809

Improper Neutralization of audio output from 3rd and 4th Generation Amazon Echo Dot devices allows arbitrary voice command execution on these devices via a malicious skill in the case of remote attackers or by pairing a malicious Bluetooth device in the case of physically proximate attackers, aka...

CVE-2022-25084

TOTOLink T6 V5.9c.4085B20190428 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

CVE-2022-25075

TOTOLink A3000RU V5.9c.2280B20180512 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

CVE-2022-25078

TOTOLink A3600R V4.1.2cu.5182B20201102 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

The vulnerability of the SSH-server software solution for monitoring the status of B&R APROL industrial systems allows a intruder to execute arbitrary commands.

The vulnerability of the SSH-server software solution for monitoring the status of B&R APROL industrial systems is related to the inclusion of functions from an unreliable and uncontrolled area. Exploiting this vulnerability could allow a perpetrator to execute arbitrary commands...

The vulnerability of the “kiosk” mode in the redos-kiosk-utils package of the RED OS operating system allows a intruder to execute arbitrary commands.

The vulnerability of the “kiosk” mode in the redos-kiosk-utils package of the RED OS operating system is related to deficiencies in restricting the loading of files of a dangerous type. Exploiting this vulnerability allows an attacker to execute arbitrary commands...

The vulnerability of the formSysCmd function in the microprogramming software of the D-Link DIR-600L router allows a hacker to execute arbitrary commands.

The vulnerability of the formSysCmd function in the microprogramming system of the D-Link DIR-600L router is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using the host parameter...