CVE-2024-31977

Adtran 834-5 11.1.0.101-202106231430, and fixed as of SmartOS Version 12.6.3.1, devices allow OS Command Injection via shell metacharacters to the Ping or Traceroute utility...

CVE-2024-36061

EnGenius EWS356-FIT devices through 1.1.30 allow blind OS command injection. This allows an attacker to execute arbitrary OS commands via shell metacharacters to the Ping and Speed Test utilities...

CVE-2024-36060

EnGenius EnStation5-AC A8J-ENS500AC 1.0.0 devices allow blind OS command injection via shell metacharacters in the Ping and Speed Test parameters...

CVE-2024-22065

There is a command injection vulnerability in ZTE MF258 Pro product. Due to insufficient validation of Ping Diagnosis interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands...

CVE-2023-5789

A vulnerability classified as problematic has been found in Dragon Path 707GR1 up to 20231022. Affected is an unknown function of the component Ping Diagnostics. The manipulation of the argument Host Address with the input leads to cross site scripting. It is possible to launch the attack remotel...

CVE-2023-3958

The WP Remote Users Sync plugin for WordPress is vulnerable to Server Side Request Forgery via the 'notifypingremote' AJAX function in versions up to, and including, 1.2.12. This can allow authenticated attackers with subscriber-level permissions or above to make web requests to arbitrary locatio...

CVE-2023-33735

D-Link DIR-846 v1.00A52 was discovered to contain a remote command execution RCE vulnerability via the tomographypingaddress parameter in the /HNAP1 interface...

CVE-2023-31531

Motorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the tomographypingnumber parameter...

CVE-2023-30065

MitraStar GPT-2741GNAC-N2 with firmware BRg5.91.11WVK.0b32 was discovered to contain a remote code execution RCE vulnerability in the ping function...

CVE-2023-3606

A vulnerability was found in TamronOS up to 20230703. It has been classified as critical. This affects an unknown part of the file /api/ping. The manipulation of the argument host leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

CVE-2023-24046

An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to run arbitrary commands via use of a crafted string in the ping utility...

CVE-2023-24519

Two OS command injection vulnerability exist in the vtyshubus toolshexcute.constprop.1 functionality of Milesight UR32L v32.3.0.5. A specially-crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is i...

CVE-2023-32632

A command execution vulnerability exists in the validate.so diagpingstart functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability...

CVE-2023-3380

A vulnerability classified as critical has been found in Wavlink WN579X3 up to 20230615. Affected is an unknown function of the file /cgi-bin/adm.cgi of the component Ping Test. The manipulation of the argument pingIp leads to injection. It is possible to launch the attack remotely. The exploit h...

CVE-2023-33381

A command injection vulnerability was found in the ping functionality of the MitraStar GPT-2741GNAC router firmware version ARg5.8110WVN0b72. The vulnerability allows an authenticated user to execute arbitrary OS commands by sending specially crafted input to the router via the ping function...

CVE-2023-33272

An issue was discovered in DTS Monitoring 3.57.0. The parameter ip within the Ping check function is vulnerable to OS command injection blind...

CVE-2023-2520

A vulnerability was found in Caton Prime 2.1.2.51.e8d7225049202303031001 and classified as critical. This issue affects some unknown processing of the file cgi-bin/toolsping.cgi?action=Command of the component Ping Handler. The manipulation of the argument Destination leads to command injection...

CVE-2022-40005

Intelbras WiFiber 120AC inMesh before 1-1-220826 allows command injection by authenticated users, as demonstrated by the /boaform/formPing6 and /boaform/formTracert URIs for ping and traceroute...

CVE-2022-45701

Arris TG2482A firmware through 9.1.103GEM9 allow Remote Code Execution RCE via the ping utility feature...

CVE-2022-1591

The WordPress Ping Optimizer WordPress plugin before 2.35.1.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...