45029 matches found
Ruijie RG-BCR 安全漏洞
Ruijie RG-BCR is a series of cloud routers from China Ruijie Ruijie. A security vulnerability exists in the Ruijie RG-BCR RG-BCR860 version, which stems from improper handling of a specially crafted POST request for actionwireless in the file /usr/lib/lua/luci/control/admin/wireless.lua, which...
PT-2025-50666
Name of the Vulnerable Software and Affected Versions Ruijie RG-BCR600W affected versions not specified Description An issue exists in Ruijie RG-BCR600W that allows attackers to execute arbitrary commands. This is possible through a crafted POST request to the restart modules function located in...
PT-2025-50681
Name of the Vulnerable Software and Affected Versions Ruijie RG-YST EST, YSTAP 3.01B11P280YST250F versions V1.xxV2.xx Description An OS Command Injection issue exists in Ruijie RG-YST EST, YSTAP 3.01B11P280YST250F. Successful exploitation allows attackers to execute arbitrary commands. This is...
CVE-2025-56088
CVE-2025-56088 affects Ruijie RG-BCR RG-BCR860. The vulnerability is an OS command injection caused by unvalidated input in the action_service endpoint at /usr/lib/lua/luci/controller/admin/service.lua, exploitable via a crafted POST request. Impact as described: arbitrary command execution with ...
CVE-2025-65294
Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 contain an undocumented remote access mechanism enabling unrestricted remote command execution...
CVE-2025-65294
Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 contain an undocumented remote access mechanism enabling unrestricted remote command execution...
CVE-2024-58284
PopojiCMS 2.0.1 contains an authenticated remote command execution vulnerability that allows administrative users to inject malicious PHP code through the metadata settings endpoint. Attackers can log in and modify the meta content to create a web shell that executes arbitrary system commands...
CVE-2024-58280
CMSimple 5.15 contains a remote command execution vulnerability that allows authenticated attackers to modify file extensions and upload malicious PHP files. Attackers can append ',php' to Extensionsuserfiles and upload a shell script to the media directory to execute arbitrary code on the server...
CVE-2024-58284 PopojiCMS 2.0.1 Remote Command Execution via Authenticated Metadata Settings
PopojiCMS 2.0.1 contains an authenticated remote command execution vulnerability that allows administrative users to inject malicious PHP code through the metadata settings endpoint. Attackers can log in and modify the meta content to create a web shell that executes arbitrary system commands...
CVE-2024-58282
CVE-2024-58282 affects Serendipity 2.5.0 via remote code execution through authenticated media uploads. The root cause is improper handling of uploaded PHP files, enabling an authenticated administrator to upload a PHP shell that executes arbitrary commands on the server. Public references note t...
CVE-2024-58280 CMSimple 5.15 Remote Command Execution via Extensions Configuration
CMSimple 5.15 contains a remote command execution vulnerability that allows authenticated attackers to modify file extensions and upload malicious PHP files. Attackers can append ',php' to Extensionsuserfiles and upload a shell script to the media directory to execute arbitrary code on the server...
CVE-2024-58280 CMSimple 5.15 Remote Command Execution via Extensions Configuration
CMSimple 5.15 contains a remote command execution vulnerability that allows authenticated attackers to modify file extensions and upload malicious PHP files. Attackers can append ',php' to Extensionsuserfiles and upload a shell script to the media directory to execute arbitrary code on the server...
CVE-2024-58280
CVE-2024-58280 affects CMSimple 5.15 and enables authenticated remote code execution via the Extensions configuration: an attacker can append ",php" to Extensions_userfiles and upload a PHP shell to the media directory, enabling arbitrary code execution on the server. The available sources confir...
CVE-2025-12946
A vulnerability in the speedtest feature of affected NETGEAR Nighthawk routers, caused by improper input validation, can allow attackers on the router's WAN side, using attacker-in-the-middle techniques MiTM to manipulate DNS responses and execute commands when speedtests are run. This issue...
CVE-2025-41693
A low privileged remote attacker can use the ssh feature to execute commands directly after login. The process stays open and uses resources which leads to a reduced performance of the management functions. Switching functionality is not affected...
CVE-2025-2296
A flaw was found in EDK2 EFI Development Kit 2. This vulnerability allows an attacker to cause arbitrary command execution and impact Confidentiality, Integrity, and Availability via improper input validation by local access. Mitigation To reduce the risk by disabling direct-boot mode, ensuring a...
CVE-2025-65882
An issue was discovered in openmptcprouter thru 0.64 in file common/package/utils/sys-upgrade-helper/src/tools/sysupgrade.c in function createxoripadopad allowing attackers to potentially write arbitrary files or execute arbitrary commands...
D-Link DCS-930L Command Injection Vulnerability
D-Link DCS-930L is a network camera from China AUO D-Link. The D-Link DCS-930L suffers from a command injection vulnerability that stems from the failure to properly filter construct command special characters, commands, etc. in the parameter AdminID in the file /setSystemAdmin. An attacker can...
PT-2025-50325
Unauthenticated Telnet enablement via cstecgi.cgi auth bypass leading to unauthenticated root login with a blank password on factory/reset X5000R V9.1.0u.6369 B20230113 arbitrary command execution. Earlier versions that share the same implementation, may also be affected...
PT-2025-50529
Name of the Vulnerable Software and Affected Versions CMSimple version 5.15 Description An authenticated attacker can execute commands remotely on the server. This is possible by modifying file extensions and uploading malicious PHP files. Specifically, attackers can append ',php' to Extensions...