Remote Code Execution (RCE)

n8n is vulnerable to Remote Code Execution. The vulnerability is due to unsafe execution of Git pre-commit hooks, where cloning a repository containing a malicious hook and later performing a commit via the Git Node can trigger arbitrary command execution within the n8n environment...

TRENDnet TEW-822DRE Command Injection Vulnerability

The TRENDnet TEW-822DRE is a dual-band wireless router from TRENDnet. The TRENDnet TEW-822DRE suffers from a command injection vulnerability that originates from a misuse of the parameter peerPin in the file /boafrm/formWsc, which can be exploited by an attacker to execute arbitrary commands on t...

TRENDnet TEW-800MB Command Injection Vulnerability

The TRENDnet TEW-800MB is a dual-band wireless router from TRENDnet. The TRENDnet TEW-800MB suffers from a command injection vulnerability that originates from a misbehavior of the parameter WizardConfigured in the file /goform/wizardset, which can be exploited by an attacker to execute arbitrary...

n8n Node.js Package 1.x < 2.0.0 Arbitrary Command Execution (N8scape)

The version of the n8n Node.js Package installed on the remote host is 1.x prior to 2.0.0. It is, therefore, affected by an arbitrary command execution vulnerability: - n8n is an open source workflow automation platform. From version 1.0.0 to before 2.0.0, a sandbox bypass vulnerability exists in...

CVE-2023-43206

D-LINK DWL-6610 FWv4.3.0.8B003C was discovered to contain a command injection vulnerability in the function webcertdownloadhandler. This vulnerability allows attackers to execute arbitrary commands via the certDownload parameter...

CVE-2023-31856

A command injection vulnerability in the hostTime parameter in the function NTPSyncWithHostof TOTOLINK CP300+ V5.2cu.7594B20200910 allows attackers to execute arbitrary commands via a crafted http packet...

CVE-2023-40158

Hidden functionality vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. As for the affected products/versions, see the detailed information provided by the vendor. Note that NR4H, NR8H, NR16H series and...

CVE-2018-18320

An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker can execute arbitrary commands because exec.php has a popen call. NOTE: the vendor indicates that Merlin.PHP is designed only for use on a trusted intranet network, and intentionally allows remote co...

CVE-2018-19025

In JUUKO K-808, an attacker could specially craft a packet that encodes an arbitrary command, which could be executed on the K-808 Firmware versions prior to numbers ending ...9A, ...9B, ...9C, etc...

CVE-2018-4061

An exploitable command injection vulnerability exists in the ACEManager iplogging.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can inject arbitrary commands, resulting in arbitrary command execution. An attacker can send an authenticated HTTP reque...

CVE-2021-33191

From Apache NiFi MiNiFi C++ version 0.5.0 the c2 protocol implements an "agent-update" command which was designed to patch the application binary. This "patching" command defaults to calling a trusted binary, but might be modified to an arbitrary value through a "c2-update" command. Said command ...

CVE-2021-33731

A vulnerability has been identified in SINEC NMS All versions V1.0 SP2 Update 1. A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application...

CVE-2021-22801

A CWE-269: Improper Privilege Management vulnerability exists that could cause an arbitrary command execution when the software is configured with specially crafted event actions. Affected Product: ConneXium Network Manager Software All Versions...

CVE-2022-23329

A vulnerability in $"freemarker.template.utility.Execute"?new of UJCMS Jspxcms v10.2.0 allows attackers to execute arbitrary commands via uploading malicious files...

CVE-2022-33948

HOME SPOT CUBE2 V102 contains an OS command injection vulnerability due to improper processing of data received from DHCP server. An adjacent attacker may execute an arbitrary OS command on the product if a malicious DHCP server is placed on the WAN side of the product...

CVE-2022-26212

Totolink A830R V5.9c.4729B20191112, A3100R V4.1.2cu.5050B20200504, A950RG V4.1.2cu.5161B20200903, A800R V4.1.2cu.5137B20200730, A3000RU V5.9c.5185B20201128, and A810R V4.1.2cu.5182B20201026 were discovered to contain a command injection vulnerability in the function setDeviceName, via the deviceM...

CVE-2022-26999

Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the static ip settings function via the wanipstat, wanmaskstat, wangwstat, and wandns1stat parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2022-26211

Totolink A830R V5.9c.4729B20191112, A3100R V4.1.2cu.5050B20200504, A950RG V4.1.2cu.5161B20200903, A800R V4.1.2cu.5137B20200730, A3000RU V5.9c.5185B20201128, and A810R V4.1.2cu.5182B20201026 were discovered to contain a command injection vulnerability in the function CloudACMunualUpdate, via the...

CVE-2022-26992

Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the ddns function via the DdnsUserName, DdnsHostName, and DdnsPassword parameters. This vulnerability allows attackers to execute arbitrary commands...

CVE-2022-35555

A command injection vulnerability exists in /goform/exeCommand in Tenda W6 V1.0.0.94122, which allows attackers to construct cmdinput parameters for arbitrary command execution...