CVE-2022-28494

TOTOLink outdoor CPE CP900 V6.3c.566B20171026 is discovered to contain a command injection vulnerability in the setUpgradeFW function via the filename parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2022-28497

TOTOLink outdoor CPE CP900 V6.3c.566B20171026 is discovered to contain a command injection vulnerability in the mtdwritebootloader function via the filename parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2020-19786

File upload vulnerability in CSKaza CSZ CMS v.1.2.2 fixed in v1.2.4 allows attacker to execute aritrary commands and code via crafted PHP file...

NETGEAR RBR750 dev_name Parameter Command Injection Vulnerability

The NETGEAR RBR750 is a home WiFi system from NETGEAR. The NETGEAR RBR750 version 4.6.8.5 suffers from a command injection vulnerability that stems from the devname parameter failing to properly filter constructed command special characters, commands, and so on. An attacker could exploit this...

NETGEAR RBR750 Command Injection Vulnerability

The NETGEAR RBR750 is a home WiFi system from NETGEAR. The NETGEAR RBR750 version 4.6.8.5 suffers from a command injection vulnerability that stems from a failure to properly filter constructed command special characters, commands, etc. in the hidden telnet service feature. An attacker could...

Ubuntu: Security Advisory (USN-5968-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-38452

A command execution vulnerability exists in the hidden telnet service functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability...

Command injection

A command execution vulnerability exists in the access control functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

Command injection

A command execution vulnerability exists in the hidden telnet service functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability...

Vulnerability Spotlight: Netgear Orbi router vulnerable to arbitrary command execution

Christopher McBee and Dave McDaniel of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered four vulnerabilities in the Netgear Orbi mesh wireless system, including the main hub router and satellite routers that extend the networks range. A mesh system allows users to set...

CVE-2022-37337

A command execution vulnerability exists in the access control functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2022-37337

A command execution vulnerability exists in the access control functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2022-38452

A command execution vulnerability exists in the hidden telnet service functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability...

CVE-2022-36429

A command execution vulnerability exists in the ubus backend communications functionality of Netgear Orbi Satellite RBS750 4.6.8.5. A specially-crafted JSON object can lead to arbitrary command execution. An attacker can send a sequence of malicious packets to trigger this vulnerability...

NETGEAR RBR750 安全漏洞

The NETGEAR RBR750 is a home WiFi system from NETGEAR. The NETGEAR RBR750 version 4.6.8.5 suffers from a command injection vulnerability that stems from a failure to properly filter constructed command special characters, commands, etc. in the hidden telnet service feature. An attacker could...

CBL Mariner 2.0 Security Update: ctags (CVE-2022-4515)

The version of ctags installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-4515 advisory. - A flaw was found in Exuberant Ctags in the way it handles the -o option. This option specifies the tag filenam...

CVE-2023-28617

org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters...

CVE-2023-28617

org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters...

CVE-2023-28617

org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters...

Tenda AX3 Command Injection Vulnerability (CNVD-2023-21670)

The Tenda Ax3 is an Ax1800 Gigabit Port Dual Band Wifi 6 Wireless Router from Tenda China. Tenda AX3 V16.03.12.11 suffers from a command injection vulnerability that stems from the lanip parameter of /goform/AdvSetLanip failing to correctly filter constructed command special characters, commands,...