EUVD-2026-25970

A post-authentication command injection vulnerability in the “DomainName” parameter of the DHCP configuration file in Zyxel DX3301-T0 and EX3301-T0 firmware versions through 5.50ABVY.7.1C0 could allow an authenticated attacker with administrator privileges to execute OS commands on an affected...

CVE-2025-35004

Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFIP command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command 'Argument...

CVE-2025-35010

The CVE-2025-35010 entry concerns Microhard BulletLTE-NA2 and IPn4Gii-NA2 gateway devices. A post-authentication command injection flaw in the AT+MNPINGTM command, caused by improper neutralization of argument delimiters (CWE-88), can lead to privilege escalation. Documents confirm affected compo...

CVE-2024-48825

Tenda AC7 v.15.03.06.44 ateifconfigset has pre-authentication command injection allowing remote attackers to execute arbitrary code...

CVE-2022-37902

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system...

Mukashi: A New Mirai IoT Botnet Variant Targeting Zyxel NAS Devices

A new version of the infamous Mirai botnet is exploiting a recently uncovered critical vulnerability in network-attached storage NAS devices in an attempt to remotely infect and control vulnerable machines. Called "Mukashi," the new variant of the malware employs brute-force attacks using differe...

CVE-2019-15715

MantisBT (web-based defect tracker) prior to versions 1.3.20 and 2.22.1 is affected by CVE-2019-15715, a Post Authentication Command Injection that leads to Remote Code Execution. The vulnerability requires authentication and can result in high-severity impact (CVE indicates remote code execution...

Imperva SecureSphere 13 - Remote Command Execution

Imperva SecureSphere 13 - Remote Command Execution Title: Imperva SecureSphere 13 - Remote Command Execution Author: rsp3ar Date: 2018-10-08 Vendor: https://www.imperva.com/products/securesphere/ CVE: N/A Version: 13.0.10, 13.1.10, 13.2.10 Tested on: SecureSphere Virtual Appliance Description PWS...

TP-Link TL-WR841N v13 Authentication Command Injection Vulnerability

The TP-Link TL-WR841N v13 is a wireless router device. An authentication command injection vulnerability exists in the TP-Link TL-WR841N v13 ping and traceroute functions. An authenticated attacker can execute arbitrary commands on the router by sending specific CREST HTTP requests to the router...