459 matches found
CVE-2025-23052 Authenticated Command Injection Vulnerability allows Unauthorized Command Execution in CLI Interface
Authenticated command injection vulnerability in the command line interface of a network management service. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands as a privileged user on the underlying operating system...
PT-2025-2310 · Wavlink · Wavlink Ac3000
Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 version M33A8.V5030.210505 Description: A command execution issue exists in the adm.cgi set TR069 functionality. This allows an attacker to execute arbitrary commands by sending a specially crafted HTTP request. The vulnerabili...
Hewlett Packard Enterprise ArubaOS 安全漏洞
Hewlett Packard Enterprise ArubaOS HPE ArubaOS is a networked wireless operating system from Hewlett Packard Enterprise. A security vulnerability exists in Hewlett Packard Enterprise ArubaOS that stems from an authenticated command injection vulnerability that can be successfully exploited to all...
CVE-2024-43649 Authenticated command injection via <redacted>.exe <redacted> parameter
Authenticated command injection in the filename of a .exe request leads to remote code execution as the root user. This issue affects Iocharger firmware for AC models before version 24120701. Likelihood: Moderate – This action is not a common place for command injection vulnerabilities to occur...
CVE-2024-43649 Authenticated command injection via <redacted>.exe <redacted> parameter
Authenticated command injection in the filename of a .exe request leads to remote code execution as the root user. This issue affects Iocharger firmware for AC models before version 24120701. Likelihood: Moderate – This action is not a common place for command injection vulnerabilities to occur...
CVE-2024-43650 Authenticated command injection in the <redacted> action leads to full remote code execution as root on the charging station
Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Iocharger firmware for AC models allows OS Command Injection as root This issue affects firmware versions before 24120701. Likelihood: Moderate – The binary does not seem to be used by the web...
ABB Cylon Aspect 3.08.02 (uploadDb.php) Remote Code Execution
Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB Cylon Aspect BMS/BAS controller suffers from an authenticated...
iocharger 安全漏洞
iocharger is an electric vehicle charging and smart energy management solution from Galaxy Zhangtan iocharger, a Chinese company. A security vulnerability exists in versions prior to iocharger 24120701, which stems from the presence of authenticated command injection that can lead to the executio...
VulnCheck KEV: CVE-2021-40407
Reolink RLC-410W IP cameras contain an authenticated OS command injection vulnerability in the device network settings functionality...
VulnCheck KEV: CVE-2020-25206
The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 allows authenticated command injection in the Throughput, WANStats, PhyStats, and QosStats API classes. An attacker with access to a web console account may execute operating system commands on affected devices by sending...
CVE-2024-55544
Missing input validation in the ORing IAP-420 web-interface allows authenticated Command Injections on OS level.This issue affects IAP-420 version 2.01e and below...
CVE-2024-55544 Authenticated Command Injection
Missing input validation in the ORing IAP-420 web-interface allows authenticated Command Injections on OS level.This issue affects IAP-420 version 2.01e and below...
GO-2024-3267 Zoraxy has an authenticated command injection in the Web SSH feature in github.com/tobychui/zoraxy
Zoraxy has an authenticated command injection in the Web SSH feature in github.com/tobychui/zoraxy. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...
GHSA-7HPF-G48V-HW3J Zoraxy has an authenticated command injection in the Web SSH feature
Summary A command injection vulnerability in the Web SSH feature allows an authenticated attacker to execute arbitrary commands as root on the host. Details Zoraxy has a Web SSH terminal feature that allows authenticated users to connect to SSH servers from their browsers. In...
Zoraxy has an authenticated command injection in the Web SSH feature
Summary A command injection vulnerability in the Web SSH feature allows an authenticated attacker to execute arbitrary commands as root on the host. Details Zoraxy has a Web SSH terminal feature that allows authenticated users to connect to SSH servers from their browsers. In...
CVE-2024-52010 Zoraxy has an authenticated command injection in the Web SSH feature
Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. A command injection vulnerability in the Web SSH feature allows an authenticated attacker to execute arbitrary commands as root on the host. Zoraxy has a Web SSH terminal feature that allows authenticated users to connect to SSH...
CVE-2024-35522
Netgear EX3700 ' AC750 WiFi Range Extender Essentials Edition before 1.0.0.98 contains an authenticated command injection in operatingmode.cgi via the apmode parameter with ap24gmanual set to 1 and ap24gmanualsec set to NotNone...
CVE-2024-35522
Netgear EX3700 ' AC750 WiFi Range Extender Essentials Edition before 1.0.0.98 contains an authenticated command injection in operatingmode.cgi via the apmode parameter with ap24gmanual set to 1 and ap24gmanualsec set to NotNone...
CVE-2024-46658
Syrotech SY-GOPON-8OLT-L3 v1.6.0240629 was discovered to contain an authenticated command injection vulnerability...
CVE-2024-46658
Syrotech SY-GOPON-8OLT-L3 v1.6.0240629 was discovered to contain an authenticated command injection vulnerability...