The vulnerability of the QuRouter operating system for QNAP network devices lies in the lack of measures taken to neutralize special elements used in the operating system’s commands. This allows attackers to execute arbitrary commands.

The vulnerability of the QuRouter operating system for QNAP network devices is related to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the formWriteFacMac() function (/goform/WriteFacMac) in the Tenda AC6 router software allows a hacker to execute arbitrary commands.

The vulnerability of the formWriteFacMac function /goform/WriteFacMac of the Tenda AC6 router software lies in the lack of data cleaning at the control level when processing the mac parameter. Exploiting this vulnerability allows an attacker to execute arbitrary commands remotely...

The vulnerability of the industrial process visualization and control system mySCADA myPRO Runtime and the mySCADA myPRO Manager lies in the failure to take measures to neutralize special elements used in the operating system’s commands, allowing attackers to execute arbitrary operating system commands.

The vulnerability of the industrial process visualization and control systems mySCADA myPRO and mySCADA myPRO Manager lies in the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrar...

Malicious code in codeql-extractor-iac-action (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a3f77f847f2c7d09571ef2516734c1d483d434e0980f32c21967900b8d28dd4c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Exploit for OS Command Injection in Zimbra Collaboration

CVE-2024-45519 CVE-2024-45519 is a high-risk vulnerability in...

D-LINK DI-8400 Remote Command Execution Vulnerability

The D-LINK DI-8400 is an American D-Link router device for home and small business network connectivity. Multiple remote command execution vulnerabilities exist in the mspinfohtm function in the D-LINK DI-8400 version v16.07.26A1 via the flag and cmd parameters. A remote attacker can exploit this...

The vulnerability in the ether.cgi script of NETGEAR R8500 router software allows a hacker to execute arbitrary commands.

The vulnerability of the ether.cgi script in NETGEAR R8500 router microprogramming software relates to the failure to take measures to neutralize special elements used in the operating system’s processing of the wangateway parameter. Exploiting this vulnerability allows a remote attacker to execu...

The vulnerability in the operation_mode.cgi script of NETGEAR R7000P microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability in the operationmode.cgi script of NETGEAR R7000P router microprogramming software is related to buffer overflow during the processing of the devicename2 parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the msp_info_htm function in D-Link DI-8400 router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the mspinfohtm function in D-Link DI-8400 router microprogramming software is related to the lack of measures taken to neutralize special elements used in commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands when processing the flag a...

The vulnerability in the wiz_dyn.cgi script of NETGEAR XR300 microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability in the wizdyn.cgi script of NETGEAR XR300 router microprogramming software relates to the failure to take measures to neutralize special elements used in operating system commands when processing the parameter systemname. Exploiting this vulnerability allows a malicious actor to...

CVE-2024-8525

An unrestricted upload of file with dangerous type in Automated Logic WebCTRL 7.0 could allow an unauthenticated user to perform remote command execution via a crafted HTTP POST request which could lead to uploading a malicious file...

CVE-2024-8525 Automated Logic WebCTRL and Carrier i-Vu Unrestricted File Upload

An unrestricted upload of file with dangerous type in Automated Logic WebCTRL 7.0 could allow an unauthenticated user to perform remote command execution via a crafted HTTP POST request which could lead to uploading a malicious file...

CVE-2024-8525

CVE-2024-8525 affects Automated Logic WebCTRL 7.0 (Premium Server). The issue is an unrestricted upload of a file with a dangerous type that an unauthenticated attacker can exploit via a crafted HTTP POST to achieve remote command execution and upload of a malicious file. Multiple connected sourc...

CVE-2024-8525 Automated Logic WebCTRL and Carrier i-Vu Unrestricted File Upload

An unrestricted upload of file with dangerous type in Automated Logic WebCTRL 7.0 could allow an unauthenticated user to perform remote command execution via a crafted HTTP POST request which could lead to uploading a malicious file...

CVE-2024-51151

D-Link DI-8200 16.07.26A1 is vulnerable to remote command execution in the mspinfohtm function via the flag parameter and cmd parameter...

TOTOLINK EX200 安全漏洞

TOTOLINK EX200 is a 2.4G wireless N range extender from China's Gion Electronics TOTOLINK. A security vulnerability exists in the TOTOLINK EX200 ssd parameter handling, which can be exploited by remote attackers to submit a special request that can be used to execute arbitrary commands in the...

PT-2024-39075 · Automated Logic · Automated Logic Webctrl

Name of the Vulnerable Software and Affected Versions: Automated Logic WebCTRL version 7.0 Description: The issue allows an unauthenticated user to perform remote command execution via a crafted HTTP POST request, which could lead to uploading a malicious file due to an unrestricted upload of fil...

D-Link DI-8200 安全漏洞

The D-Link DI-8200 is an enterprise router from China-based AUO D-Link. The D-Link DI-8200 suffers from a command injection vulnerability that stems from a remote command execution vulnerability in the flag parameter and cmd parameter of the mspinfohtm function. No details of the vulnerability ar...

CVE-2024-52739

D-LINK DI-8400 v16.07.26A1 was discovered to contain multiple remote command execution RCE vulnerabilities in the mspinfohtm function via the flag and cmd parameters...

KASDA KW6512 安全漏洞

KASDA KW6512 is a wireless router from KASDA. A security vulnerability exists in the KASDA KW6512 version V1.0. A remote attacker can exploit this vulnerability to execute arbitrary operating system commands via the quick setup and page parameters passed to internet.cgi...