CVE-2019-6013

DBA-1510P firmware 1.70b009 and earlier allows authenticated attackers to execute arbitrary OS commands via Command Line Interface CLI...

CVE-2019-6014

DBA-1510P firmware 1.70b009 and earlier allows an attacker to execute arbitrary OS commands via Web User Interface...

Design/Logic Flaw

DBA-1510P firmware 1.70b009 and earlier allows an attacker to execute arbitrary OS commands via Web User Interface...

CVE-2019-6013

DBA-1510P firmware 1.70b009 and earlier allows authenticated attackers to execute arbitrary OS commands via Command Line Interface CLI...

CVE-2019-6014

The CVE-2019-6014 vulnerability affects the D-Link DBA-1510P, specifically in the Web User Interface. The root cause is an OS command injection flaw in the Web UI (and related CLI issue for CVE-2019-6013) that allows an attacker to execute arbitrary commands on the device. Impact is execution of ...

CVE-2019-6013

CVE-2019-6013 affects D-Link DBA-1510P firmware 1.70b009 and earlier. The vulnerability is an OS command injection in the Command Line Interface (CLI) that can be exploited by an authenticated user to execute arbitrary OS commands on the device. Exploitation would compromise confidentiality, inte...

Exploit for OS Command Injection in Webmin

webminex poc exploit for webmin...

DLINK DWL-2600 Authenticated Remote Command Injection

Some DLINK Access Points are vulnerable to an authenticated OS command injection. Default credentials for the web interface are admin/admin. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'DLIN...

Command injection

An issue was discovered on TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices. OS command injection occurs through the getset.ccp lanHostCfgHostName1.1.1.0.0 parameter...

CVE-2019-11399

The CVE-2019-11399 issue affects TRENDnet TEW-651BR (2.04B1), TEW-652BRP (3.04b01), and TEW-652BRU (1.00b12). It is an OS command injection in get_set.ccp via the lanHostCfg_HostName_1.1.1.0.0 parameter. Impact details in the provided metrics indicate high severity with potential confidentiality,...

CVE-2019-18830

Barco ClickShare Button R9861500D01 devices before 1.9.0 allow OS Command Injection. The embedded 'donglebridge' program used to expose the functionalities of the ClickShare Button to a USB host, is vulnerable to OS command injection vulnerabilities. These vulnerabilities could lead to code...

CVE-2019-18830

Barco ClickShare Button R9861500D01 devices before firmware 1.9.0 are affected by an OS command injection in the embedded dongle_bridge component that exposes ClickShare Button functionality to a USB host. This vulnerability can lead to code execution with the privileges of user 'nobody'. Remedia...

CVE-2019-18830

Barco ClickShare Button R9861500D01 devices before 1.9.0 allow OS Command Injection. The embedded 'donglebridge' program used to expose the functionalities of the ClickShare Button to a USB host, is vulnerable to OS command injection vulnerabilities. These vulnerabilities could lead to code...

VulnCheck KEV: CVE-2019-16072

An OS command injection vulnerability in the discoverandmanage CGI script in NETSAS Enigma NMS 65.0.0 and prior allows an attacker to execute arbitrary code because of improper neutralization of shell metacharacters in the ipaddress variable within an snmpbrowser action...

Exploit for OS Command Injection in Netis-Systems Wf2419_Firmware

NETIS router WF2419 RCE CVE-2019-19356 Context The vul...

Amazon Blink XT2 Sync Module OS Command Injection Vulnerability (CNVD-2020-09703)

Blink XT2 Sync Module is a camera synchronization device. Amazon Blink XT2 Sync Module suffers from an operating system command injection vulnerability. The vulnerability arises from a network system or product not properly filtering special characters, commands, etc. from external input data...

Inim Electronics Smartliving SmartLAN 6.x - Remote Command Execution Exploit

Exploit for hardware platform in category web applications Exploit Title: Inim Electronics Smartliving SmartLAN 6.x - Remote Command Execution Author: LiquidWorm Product web page: https://www.inim.biz Link:...

CVE-2019-17270

Yachtcontrol through 2019-10-06: It's possible to perform direct Operating System commands as an unauthenticated user via the "/pages/systemcall.php?command=COMMAND" page and parameter, where COMMAND will be executed and returning the results to the client. Affects Yachtcontrol webservers disclos...

CVE-2019-17270

CVE-2019-17270 affects Yachtcontrol Webapplication 1.0. It enables unauthenticated remote command execution via /pages/systemcall.php?command={COMMAND}, allowing arbitrary OS commands and exposure of command output on affected Yachtcontrol webservers exposed to Dutch GPRS/4G ranges. The issue ari...

Inim Electronics Smartliving SmartLAN 6.x - Remote Command Execution

Exploit Title: Inim Electronics Smartliving SmartLAN 6.x - Remote Command Execution Author: LiquidWorm Date: 2019-12-09 Product web page: https://www.inim.biz Link: https://www.inim.biz/en/antintrusion-control-panels/home-automation/control-panel-smartliving? Version: 6.x Advisory ID: ZSL-2019-55...