1885 matches found
CVE-2023-29802
TOTOLINK X18 V9.1.0cu.2024B20220329 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function...
CVE-2023-50989
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the pingSet function...
CVE-2023-49226
An issue was discovered in Peplink Balance Two before 8.4.0. Command injection in the traceroute feature of the administration console allows users with admin privileges to execute arbitrary commands as root...
CVE-2023-45498
VinChin Backup & Recovery v5.0., v6.0., v6.7., and v7.0. was discovered to contain a command injection vulnerability...
CVE-2023-31528
Motorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the staticroutelist parameter...
CVE-2023-31986
A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NSv4 allows attacker to execute arbitrary code via the setWAN function in /bin/webs without any limitations...
CVE-2018-19031
A command injection vulnerability exists when the authorized user passes crafted parameter to background process in the router. This affects 360 router series products 360 Safe Router P0,P1,P2,P3,P4, the affected version is V2.0.61.58897...
CVE-2021-41744
All versions of yongyou PLM are affected by a command injection issue. UFIDA PLM Product Life Cycle Management is a strategic management method. It applies a series of enterprise application systems to support the entire process from conceptual design to the end of product life, and the...
CVE-2022-42221
Netgear R6220 v1.1.0.1141.0.1 suffers from Incorrect Access Control, resulting in a command injection vulnerability...
CVE-2022-31702
vRealize Network Insight vRNI contains a command injection vulnerability present in the vRNI REST API. A malicious actor with network access to the vRNI REST API can execute commands without authentication...
CVE-2022-26993
Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the pppoe function via the pppoeUserName, pppoePassword, and pppoeService parameters. This vulnerability allows attackers to execute arbitrary...
CVE-2022-26212
Totolink A830R V5.9c.4729B20191112, A3100R V4.1.2cu.5050B20200504, A950RG V4.1.2cu.5161B20200903, A800R V4.1.2cu.5137B20200730, A3000RU V5.9c.5185B20201128, and A810R V4.1.2cu.5182B20201026 were discovered to contain a command injection vulnerability in the function setDeviceName, via the deviceM...
CVE-2022-26186
TOTOLINK N600R V4.3.0cu.7570B20200620 was discovered to contain a command injection vulnerability via the exportOvpn interface at cstecgi.cgi...
CVE-2017-18370
The ZyXEL P660HN-T1A v2 TCLinux Fw 7.3.37.6 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is only accessible by an authenticated user. The vulnerability is in the logSet.asp page and can be exploited through the ServerIP...
CVE-2019-18188
Trend Micro Apex One could be exploited by an attacker utilizing a command injection vulnerability to extract files from an arbitrary zip file to a specific folder on the Apex One server, which could potentially lead to remote code execution RCE. The remote process execution is bound to the IUSR...
CVE-2024-34205
TOTOLINK CP450 v4.1.0cu.747B20191224 was discovered to contain a command injection vulnerability in the downloadfirmware function...
CVE-2024-34218
TOTOLINK outdoor CPE CP450 v4.1.0cu.747B20191224 was discovered to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter...
CVE-2024-41314
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the iface parameter in the vifdisable function...
CVE-2024-41318
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcliwpsgenpincode function...
CVE-2024-41320
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the getapcliconninfo function...