15 matches found
EUVD-2026-13037
OpenClaw versions 2026.2.26 prior to 2026.3.1 on Windows contain a current working directory injection vulnerability in wrapper resolution for .cmd/.bat files that allows attackers to influence execution behavior through cwd manipulation. Remote attackers can exploit improper shell execution...
CVE-2021-47781 Cmder Console Emulator 1.3.18 - 'Cmder.exe' Denial of Service (PoC)
Cmder Console Emulator 1.3.18 contains a buffer overflow vulnerability that allows attackers to trigger a denial of service condition through a maliciously crafted .cmd file. Attackers can create a specially constructed .cmd file with repeated characters to overwhelm the console emulator's buffer...
The vulnerability of the sync_time() function in the router_command.sh script of Quantenna’s Wi-Fi chip microprogramming software allows a hacker to execute arbitrary commands.
The vulnerability of the synctime function in the routercommand.sh script of Quantenna’s Wi-Fi chip microprogramming software is related to the implementation or modification of arguments. Exploiting this vulnerability could allow an attacker to execute arbitrary commands...
The vulnerability of the get_file_from_qtn() function in the router_command.sh script of the Quantenna Wi-Fi chip’s software allows a hacker to execute arbitrary commands.
The vulnerability of the getfilefromqtn function in the routercommand.sh script of the Quantenna Wi-Fi chip’s microprogramming system is related to the implementation or modification of arguments. Exploiting this vulnerability could allow a perpetrator to execute arbitrary commands...
CVE-2025-32459 ON Semiconductor Quantenna router_command.sh (in the sync_time argument) Argument Injection
The Quantenna Wi-Fi chipset ships with a local control script, routercommand.sh in the synctime argument, that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command 'Argument Injection'," and is estimated as a CVSS 7.7...
CVE-2025-32458 ON Semiconductor Quantenna router_command.sh (in the get_syslog_from_qtn argument) Argument Injection
The Quantenna Wi-Fi chipset ships with a local control script, routercommand.sh in the getsyslogfromqtn argument, that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command 'Argument Injection'," and is estimated as a CVSS...
Quantenna Communications Quantenna Wi-Fi chipset 安全漏洞
Quantenna Communications Quantenna Wi-Fi chipset is a WiFi chip from Quantenna Communications, USA. A security vulnerability exists in Quantenna Communications Quantenna Wi-Fi chipset version 8.0.0.28 and earlier, which originates from a command injection in the synctime parameter of the...
Quantenna Communications Quantenna Wi-Fi chipset 安全漏洞
Quantenna Communications Quantenna Wi-Fi chipset is a WiFi chip from Quantenna Communications, USA. A security vulnerability exists in Quantenna Communications Quantenna Wi-Fi chipset version 8.0.0.28 and earlier, which originates from a command injection in the getsyslogfromqtn parameter in the...
The vulnerability in the cmd.cgi script of Netgear WNR854T router software allows a hacker to execute arbitrary commands.
The vulnerability in the cmd.cgi script of Netgear WNR854T router microprogramming software relates to the failure to take measures to neutralize special elements used in operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
CVE-2023-38886
An issue in Dolibarr ERP CRM v.17.0.1 and before allows a remote privileged attacker to execute arbitrary code via a crafted command/script...
SAMSUNG sww-3400rw 跨站脚本漏洞
The SAMSUNG sww-3400rw Router is a wireless router from Samsung South Korea. The SAMSUNG sww-3400rw suffers from a cross-site scripting vulnerability that originates from cross-site scripting via the m2 parameter of sess-bin/command.cgi...
VulnCheck KEV: CVE-2020-24581
An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU2.31V1.1.47ae55. It contains an executecmd.cgi feature that is not reachable via the web user interface that lets an authenticated user execute Operating System commands...
The vulnerability of the “cgi-bin/execute_cmd.cgi” implementation of D-Link DSL-2888A router microprogramming software allows a hacker to execute arbitrary commands.
The vulnerability of the “cgi-bin/executecmd.cgi” implementation of D-Link DSL-2888A router microprogramming software is related to the failure to take measures to neutralize special elements used in the operating system command. Exploiting this vulnerability allows a remote attacker to execute...
DEBIAN-CVE-2012-1115
A Cross-Site Scripting XSS vulnerability exists in LDAP Account Manager LAM Pro 3.6 in the export, addvalueform, and dn parameters to cmd.php...
DEBIAN-CVE-2006-6799
SQL injection vulnerability in Cacti 0.8.6i and earlier, when registerargcargv is enabled, allows remote attackers to execute arbitrary SQL commands via the 1 second or 2 third arguments to cmd.php. NOTE: this issue can be leveraged to execute arbitrary commands since the SQL query results are...