CVE-2022-36559

Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain a command injection vulnerability via the Ping parameter at pingexec.cgi...

CVE-2022-37779

Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1.17 were discovered to contain a remote command execution RCE vulnerability via the sendnum parameter of the ping function...

CVE-2022-30705

Cross-Site Request Forgery CSRF vulnerability in Pankaj Jha WordPress Ping Optimizer plugin = 2.35.1.2.3 versions...

CVE-2022-27373

Shanghai Feixun Data Communication Technology Co., Ltd router fir302b A2 was discovered to contain a remote command execution RCE vulnerability via the Ping function...

CVE-2021-43319

Zoho ManageEngine Network Configuration Manager before 125488 is vulnerable to command injection due to improper validation in the Ping functionality...

CVE-2021-37388

A buffer overflow in D-Link DIR-615 C2 3.03WW. The pingipaddr parameter in pingresponse.cgi POST request allows an attacker to crash the webserver and might even gain remote code execution...

CVE-2021-28143

/jsonrpc on D-Link DIR-841 3.03 and 3.04 devices allows authenticated command injection via ping, ping6, or traceroute under System Tools...

CVE-2021-39474

Vulnerability in the product Docsis 3.0 UBC1319BA00 Router supported affected version 1319010201r009. The vulnerability allows an attacker with privileges and network access through the ping.cmd component to execute commands on the device...

CVE-2021-39270

In Ping Identity RSA SecurID Integration Kit before 3.2, user impersonation can occur...

CVE-2021-31923

Ping Identity PingAccess before 5.3.3 allows HTTP request smuggling via header manipulation...

CVE-2020-5179

Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to execute arbitrary OS commands by navigating to the Diagnostics Ping page and entering shell metacharacters in the Target IP address field. In some cases, authentication can be achieved with the comtech password fo...

CVE-2020-9026

ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection via the PING field of the resource ping.cmd. The NTP-2 device is also affected...

CVE-2020-8949

Gocloud S2AWL 4.2.7.16471, S2A 4.2.7.17278, S2A 4.3.0.15815, S2A 4.3.0.17193, S3A K2P MTK 4.2.7.16528, S3A 4.3.0.16572, and ISP3000 4.3.0.17190 devices allows remote attackers to execute arbitrary OS commands via shell metacharacters in a ping operation, as demonstrated by the...

CVE-2020-10173

Comtrend VR-3033 DE11-416SSG-C01R02.A2pvI042j1.d26m devices have Multiple Authenticated Command Injection vulnerabilities via the ping and traceroute diagnostic pages, as demonstrated by shell metacharacters in the pingIpAddress parameter to ping.cgi...

CVE-2020-36056

Beetel 777VR1-DI Hardware Version REV.1.01 Firmware Version V01.00.0955 was discovered to contain a cross-site scripting XSS vulnerability via the Ping diagnostic option...

CVE-2019-13564

XSS exists in Ping Identity Agentless Integration Kit before 1.5...

CVE-2019-13562

D-Link DIR-655 C devices before 3.02B05 BETA03 allow XSS, as demonstrated by the /www/pingresponse.cgi pingipaddr parameter, the /www/ping6response.cgi ping6ipaddr parameter, and the /www/applysec.cgi htmlresponsereturnpage parameter...

CVE-2019-10969

Moxa EDR 810, all versions 5.1 and prior, allows an authenticated attacker to abuse the ping feature to execute unauthorized commands on the router, which may allow an attacker to perform remote code execution...

CVE-2016-10760

On Seowon Intech routers, there is a Command Injection vulnerability in diagnostic.cgi via shell metacharacters in the pingipaddr parameter...

CVE-2018-25084

A vulnerability, which was classified as problematic, has been found in Ping Identity Self-Service Account Manager 1.1.2. Affected by this issue is some unknown functionality of the file src/main/java/com/unboundid/webapp/ssam/SSAMController.java. The manipulation leads to cross site scripting. T...