PT-2025-48820

Name of the Vulnerable Software and Affected Versions AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 Description The AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 device contains an authenticated command injection issue within the SMB server function. This allow...

VMware vCenter Server 7.0.x < 7.0 U3v / 8.0.x < 8.0 U3e Authenticated Command Execution (CVE-2025-41225) (VMSA-2025-0010)

The version of VMware vCenter Server installed on the remote host is 7.0.x prior to 7.0 U3v, 8.0.x prior to 8.0 U3e. It is, therefore, affected by a vulnerability as referenced in the VMSA-2025-0010 advisory. - The vCenter Server contains an authenticated command-execution vulnerability...

CVE-2024-44845

DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the value parameter in the filterstring function...

CVE-2024-44844

DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the name parameter in the runcommand function...

CVE-2023-0432

The web configuration service of the affected device contains an authenticated command injection vulnerability. It can be used to execute system commands on the operating system OS from the device in the context of the user "root." If the attacker has credentials for the web service, then the...

CVE-2023-47576

An issue was discovered in Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices, allowing authenticated command injection through the web interface...

CVE-2022-40282

The web server of Hirschmann BAT-C2 before 09.13.01.00R04 allows authenticated command injection. This allows an authenticated attacker to pass commands to the shell of the system because the dir parameter of the FsCreateDir Ajax function is not sufficiently sanitized. The vendor's ID is...

CVE-2021-20122

The Telus Wi-Fi Hub PRV65B444A-S-TS with firmware version 3.00.20 is affected by an authenticated command injection vulnerability in multiple parameters passed to tr69cmd.cgi. A remote attacker connected to the router's LAN and authenticated with a super user account, or using a bypass...

CVE-2020-10173

Comtrend VR-3033 DE11-416SSG-C01R02.A2pvI042j1.d26m devices have Multiple Authenticated Command Injection vulnerabilities via the ping and traceroute diagnostic pages, as demonstrated by shell metacharacters in the pingIpAddress parameter to ping.cgi...

CVE-2020-24638

Multiple authenticated remote command executions are possible in Airwave Glass before 1.3.3 via the glassadmin cli. These allow for a user with glassadmin privileges to execute arbitrary code as root on the underlying host operating system...

CVE-2019-15298

A problem was found in Centreon Web through 19.04.3. An authenticated command injection is present in the page include/configuration/configObject/traps-mibs/formMibs.php. This page is called from the Centreon administration interface. This is the mibs management feature that contains a file filin...

CVE-2019-10854

Computrols CBAS 18.0.0 allows Authenticated Command Injection...

📄 Honeywell MB-Secure Command Injection

Honeywell MB-Secure versions 11.04 and up to 12.53 and PRO versions from 01.06 to 03.09 suffer from an authenticated command injection vulnerability. SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Authenticated Comman...

Authenticated Command Injection

github.com/nrkno/terraform-provider-windns is vulnerable to Authenticated command injection. The vulnerability is due to lack of input sanitization in the windnsrecord resource. Specifically, user-supplied inputs were not properly sanitized before being passed to the underlying PowerShell command...

CVE-2025-20118 Cisco Application Policy Infrastructure Controller Authenticated Command Injection Due to Sensitive Disclosure Vulnerability

A vulnerability in the implementation of the internal system processes of Cisco APIC could allow an authenticated, local attacker to access sensitive information on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is du...

CVE-2025-20117 Cisco Application Policy Infrastructure Controller Authenticated Command Injection Vulnerability

A vulnerability in the CLI of Cisco APIC could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due t...

CVE-2022-37912

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system...

CVE-2024-42502

Authenticated command injection vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability result in the ability to inject shell commands on the underlying operating system...

CVE-2025-23052

CVE-2025-23052 describes an authenticated command injection vulnerability in the CLI of Hewlett Packard Enterprise ArubaOS network management service. The issue allows an authenticated attacker with high privileges to execute arbitrary commands as the underlying OS user. The initial documents ind...

CVE-2025-23052 Authenticated Command Injection Vulnerability allows Unauthorized Command Execution in CLI Interface

Authenticated command injection vulnerability in the command line interface of a network management service. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands as a privileged user on the underlying operating system...