81 matches found
CVE-2023-29915
H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via CMD parameter at /goform/aspForm...
CVE-2023-29915
The CVE-2023-29915 issue affects H3C Magic R200 (version R200V100R004 ). The vulnerability is a stack overflow triggered via the CMD parameter at the API endpoint /goform/aspForm . CVSS shows a Medium severity (4.9) with network access, low attack complexity, and high impact to availability, whil...
PT-2023-22472 · H3C · H3C Magic R200
Name of the Vulnerable Software and Affected Versions: H3C Magic R200 version R200V100R004 Description: A stack overflow issue was discovered via the CMD parameter at the "/goform/aspForm" API endpoint. Recommendations: For H3C Magic R200 version R200V100R004, consider disabling access to the...
CVE-2023-29915
H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via CMD parameter at /goform/aspForm...
CVE-2022-4232
A vulnerability, which was classified as critical, was found in SourceCodester Event Registration System 1.0. Affected is an unknown function. The manipulation of the argument cmd leads to unrestricted upload. It is possible to launch the attack remotely. VDB-214590 is the identifier assigned to...
CVE-2022-30909
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the CMD parameter at /goform/aspForm...
CVE-2022-30909
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the CMD parameter at /goform/aspForm...
Stack overflow
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the CMD parameter at /goform/aspForm...
CVE-2022-30909
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the CMD parameter at /goform/aspForm...
CVE-2022-29337
C-DATA FD702XW-X-R430 v2.1.13X001 was discovered to contain a command injection vulnerability via the vacmd parameter in formlanipv6. This vulnerability allows attackers to execute arbitrary commands via a crafted HTTP request...
PT-2022-19551 · Unknown · C-Data Fd702Xw-X-R430
Name of the Vulnerable Software and Affected Versions: C-DATA FD702XW-X-R430 version 2.1.13 X001 Description: A command injection issue was discovered, allowing attackers to execute arbitrary commands via a crafted HTTP request. This is achieved through the va cmd parameter in the formlanipv6...
The vulnerability of the cgi-bin/webupg component in D-Link DIR-825AC G1 router microprogramming software allows a hacker to execute arbitrary commands.
The vulnerability of the cgi-bin/webupg component in D-Link DIR-825AC G1 router microprogramming software is related to incorrect processing of the cmd parameter. Exploiting this vulnerability allows an attacker to execute arbitrary commands using a specially created POST request...
CVE-2021-46441
CVE-2021-46441 affects D-Link DIR-825 G1 firmware with the webupg binary. The vulnerability arises from a lack of parameter verification, allowing an attacker who has obtained authorization to supply cmd parameters that execute arbitrary system commands. Connected advisories corroborate a command...
D-Link DI-7200G Command Injection Vulnerability (CNVD-2022-15181)
D-Link Di-7200G is a gigabit enterprise router from China Youxun D-Link. D-Link DI-7200GV2.E1 v21.04.09E1 is vulnerable to command injection, which can be exploited by attackers to execute arbitrary commands via the cmd parameter...
CVE-2021-46233
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function mspinfo.htm. This vulnerability allows attackers to execute arbitrary commands via the cmd parameter...
CVE-2021-46233
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function mspinfo.htm. This vulnerability allows attackers to execute arbitrary commands via the cmd parameter...
CVE-2021-46233
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function mspinfo.htm. This vulnerability allows attackers to execute arbitrary commands via the cmd parameter...
VulnCheck KEV: CVE-2020-9377
D-Link DIR-610 devices allow remote code execution via the cmd parameter to command.php...
CVE-2020-9377
D-Link DIR-610 devices allow Remote Command Execution via the cmd parameter to command.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...
ZyXEL ZyWALL USG Cross-Site Request Forgery Vulnerability
ZyXEL ZyWALL USG is a network security firewall appliance from Hopkins ZyXEL Technology. A cross-site request forgery vulnerability exists in ZyXEL ZyWALL USG version 2.12 AQQ.2 and 3.30 AQQ.7. A remote attacker can exploit this vulnerability by adding user accounts with the help of the 'cmd'...