CVE-2022-26007

An OS command injection vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability...

CVE-2022-29539

resi-calltrace in RESI Gemini-Net 4.2 is affected by OS Command Injection. It does not properly check the parameters sent as input before they are processed on the server. Due to the lack of validation of user input, an unauthenticated attacker can bypass the syntax intended by the software e.g.,...

Command injection

resi-calltrace in RESI Gemini-Net 4.2 is affected by OS Command Injection. It does not properly check the parameters sent as input before they are processed on the server. Due to the lack of validation of user input, an unauthenticated attacker can bypass the syntax intended by the software e.g.,...

CVE-2022-29539

RESI Gemini-Net 4.2 is affected by an OS command injection in the resi-calltrace component caused by insufficient input validation. An unauthenticated attacker can bypass the software’s input parsing and inject arbitrary system commands with the privileges of the application user, by manipulating...

EUVD-2022-33875

resi-calltrace in RESI Gemini-Net 4.2 is affected by OS Command Injection. It does not properly check the parameters sent as input before they are processed on the server. Due to the lack of validation of user input, an unauthenticated attacker can bypass the syntax intended by the software e.g.,...

CVE-2022-30525

A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100W firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1,...

CVE-2022-30525

A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100W firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1,...

CVE-2022-30525

CVE-2022-30525 is an OS command injection in Zyxel firewall CGI (Zero Touch Provisioning) that allows remote, unauthenticated code execution via /ztp/cgi-bin/handler (nobody user). Affected: USG FLEX series (5.00–5.21 Patch 1), USG FLEX 50W/USG20(W)-VPN (5.10–5.21 Patch 1), ATP series (5.10–5.21 ...

CVE-2022-30525

A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100W firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1,...

Cambium Networks cnMaestro

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Cambium Networks Equipment: cnMaestro Vulnerabilities: OS Command Injection, SQL Injection, Path Traversal, Use of Potentially Dangerous Function 2. RISK EVALUATION Successful exploitation of these...

Tenda HG6 v3.3.0 - Remote Command Injection

Exploit Title: Tenda HG6 v3.3.0 - Remote Command Injection Exploit Author: LiquidWorm Tenda HG6 v3.3.0 Remote Command Injection Vulnerability Vendor: Tenda Technology Co.,Ltd. Product web page: https://www.tendacn.com https://www.tendacn.com/product/HG6.html Affected version: Firmware version:...

InHand Networks InRouter302 console infactory_port OS command injection vulnerability

Summary An OS command injection vulnerability exists in the console infactoryport functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. Test...

InHand Networks InRouter302 httpd wlscan_ASP OS command injection vulnerability

Summary An OS command injection vulnerability exists in the httpd wlscanASP functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested...

InHand Networks InRouter302 console factory OS command injection vulnerability

Summary An OS command injection vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability. Tested Versions InHand...

AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere

1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: AVEVA Equipment: AVEVA InTouch Access Anywhere and AVEVA Plant SCADA Access Anywhere Vulnerability: Exposure of Resource to Wrong Sphere 2. RISK EVALUATION Successful exploitation of this vulnerability...

Security Bulletin: IBM InfoSphere Information Server is vulnerable to OS command injection (CVE-2022-22454)

Summary An OS command injection vulnerability in InfoSphere Information Server was addressed. Vulnerability Details CVEID: CVE-2022-22454 DESCRIPTION: IBM InfoSphere Information Server could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially...

JVN#96561229: Multiple vulnerabilities in Operation management interface of FUJITSU Network IPCOM

FUJITSU Network IPCOM provided by FUJITSU LIMITED is an integrated network appliance. Operation management interface used to operate FUJITSU Network IPCOM contains multiple vulnerabilities listed below. OS command injection in the web console CWE-78 - CVE-2022-29516 Version| Vector| Score...

Command injection

Tenda TX9 Pro 22.03.02.10 devices allow OS command injection via setroute called by doSystemCmdroute...

CVE-2022-29592

CVE-2022-29592 affects Tenda TX9 Pro firmware 22.03.02.10. The vulnerability is an OS command injection in the set_route call (triggered by doSystemCmd_route) that can be exploited by an attacker over the network with no authentication or user interaction. The CVSS data indicates a critical impac...

CVE-2022-29592

Tenda TX9 Pro 22.03.02.10 devices allow OS command injection via setroute called by doSystemCmdroute...