Lucene search
K

183 matches found

Prion
Prion
added 2024/02/14 11:15 a.m.15 views

Command injection

Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary OS command on the affected product...

7.8AI score0.01176EPSS
Exploits0References3
NVD
NVD
added 2024/01/26 5:15 a.m.24 views

CVE-2023-38318

An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the gateway FQDN entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands...

9.8CVSS9.7AI score0.01096EPSS
Exploits1References4
Prion
Prion
added 2024/01/24 5:15 a.m.16 views

Command injection

Active debug code exists in Yamaha wireless LAN access point devices. If a logged-in user who knows how to use the debug function accesses the device's management page, this function can be enabled by performing specific operations. As a result, an arbitrary OS command may be executed and/or...

4.7CVSS7.5AI score0.00321EPSS
Exploits0References2Affected Software5
Cvelist
Cvelist
added 2024/01/24 4:35 a.m.35 views

CVE-2024-22366

Active debug code exists in Yamaha wireless LAN access point devices. If a logged-in user who knows how to use the debug function accesses the device's management page, this function can be enabled by performing specific operations. As a result, an arbitrary OS command may be executed and/or...

7AI score0.00321EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/12/06 12:0 a.m.16 views

CVE-2023-49897

An OS command injection vulnerability exists in AE1021PE firmware version 2.0.9 and earlier and AE1021 firmware version 2.0.9 and earlier. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in to the product. Recent assessments: Assessed Attacke...

8.8CVSS7.6AI score0.50729EPSS
In wildExploits1References5
Cvelist
Cvelist
added 2023/11/16 6:46 a.m.22 views

CVE-2023-43752

OS command injection vulnerability in WRC-X3000GS2-W v1.05 and earlier, WRC-X3000GS2-B v1.05 and earlier, and WRC-X3000GS2A-B v1.05 and earlier allows a network-adjacent authenticated user to execute an arbitrary OS command by sending a specially crafted request...

8.2AI score0.00999EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/10/03 12:12 a.m.7 views

CVE-2023-39222

OS command injection vulnerability in FURUNO SYSTEMS wireless LAN access point devices allows an authenticated user to execute an arbitrary OS command that is not intended to be executed from the web interface by sending a specially crafted request. Affected products and versions are as follows:...

7.6AI score0.01286EPSS
Exploits0References2
NVD
NVD
added 2023/09/06 10:15 a.m.24 views

CVE-2023-32619

Archer C50 firmware versions prior to 'Archer C50JPV3230505' and Archer C55 firmware versions prior to 'Archer C55JPV1230506' use hard-coded credentials to login to the affected device, which may allow a network-adjacent unauthenticated attacker to execute an arbitrary OS command...

8.8CVSS8.8AI score0.00344EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/09/06 9:24 a.m.19 views

CVE-2023-37284

Improper authentication vulnerability in Archer C20 firmware versions prior to 'Archer C20JPV1230616' allows a network-adjacent unauthenticated attacker to execute an arbitrary OS command via a crafted request to bypass authentication...

7.7AI score0.00357EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/09/06 9:24 a.m.29 views

CVE-2023-37284

Improper authentication vulnerability in Archer C20 firmware versions prior to 'Archer C20JPV1230616' allows a network-adjacent unauthenticated attacker to execute an arbitrary OS command via a crafted request to bypass authentication...

9.1AI score0.00357EPSS
Exploits0References2
NVD
NVD
added 2023/08/23 3:15 a.m.11 views

CVE-2023-38585

Improper authentication vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. As for the affected products/versions, see the detailed information provided by the vendor. Note that NR4H, NR8H, NR16H series a...

8.8CVSS8.8AI score0.00775EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/08/23 2:51 a.m.24 views

CVE-2023-40158

Hidden functionality vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. As for the affected products/versions, see the detailed information provided by the vendor. Note that NR4H, NR8H, NR16H series and...

8.8AI score0.00928EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/08/23 2:51 a.m.17 views

CVE-2023-38585

Improper authentication vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. As for the affected products/versions, see the detailed information provided by the vendor. Note that NR4H, NR8H, NR16H series a...

8.9AI score0.00775EPSS
Exploits0References3
CVE
CVE
added 2023/08/23 2:51 a.m.78 views

CVE-2023-38585

CVE-2023-38585 affects CBC America DVRs (NR-4H/8H/16H and DR-16F/8F/4F/16H/8H/4H/4M41 etc.). Root cause: improper authentication allowing a remote authenticated attacker to execute arbitrary OS commands or alter settings. Many affected NR/DR series are no longer supported and updates are not prov...

8.8CVSS8.7AI score0.00775EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2023/08/18 10:15 a.m.22 views

Command injection

OS command injection vulnerability in ELECOM wireless LAN routers allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WRC-F1167ACF all versions, WRC-1750GHBK all versions,...

7.5CVSS9.6AI score0.01241EPSS
Exploits0References2
Prion
Prion
added 2023/08/18 10:15 a.m.16 views

Command injection

OS command injection vulnerability in ELECOM wireless LAN routers allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WRC-600GHBK-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all...

6.5CVSS8.8AI score0.01265EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/08/18 9:43 a.m.21 views

CVE-2023-39944

OS command injection vulnerability in WRC-F1167ACF all versions, and WRC-1750GHBK all versions allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request...

9.1AI score0.01229EPSS
Exploits0References2
NVD
NVD
added 2023/06/13 10:15 a.m.14 views

CVE-2023-30762

Improper authentication vulnerability exists in KB-AHR series and KB-IRIP series. If this vulnerability is exploited, an arbitrary OS command may be executed on the product or the device settings may be altered. Affected products and versions are as follows: KB-AHR04D versions prior to...

9.8CVSS9.7AI score0.00733EPSS
Exploits0References2
NVD
NVD
added 2023/06/13 10:15 a.m.32 views

CVE-2023-30766

Hidden functionality issue exists in KB-AHR series and KB-IRIP series. If this vulnerability is exploited, an arbitrary OS command may be executed on the product or the device settings may be altered. Affected products and versions are as follows: KB-AHR04D versions prior to 91110.1.101106.78,...

9.8CVSS9.6AI score0.00703EPSS
Exploits0References2
Prion
Prion
added 2023/06/13 10:15 a.m.15 views

Command injection

OS command injection vulnerability exists in WPS Office version 10.8.0.6186. If a remote attacker who can conduct a man-in-the-middle attack connects the product to a malicious server and sends a specially crafted data, an arbitrary OS command may be executed on the system where the product is...

5.1CVSS8.2AI score0.0106EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder