CVE-2024-2707

A vulnerability has been found in Tenda AC10U 15.03.06.49 and classified as critical. This vulnerability affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to os command injection. The attack can be initiated remotely. The exploit has...

CVE-2024-2642

CVE-2024-2642 concerns Ruijie RG-NBS2009G-P devices (up to 20240305). Affected component: the /EXCU_SHELL file, where improper handling of the Command1 argument enables remote command injection. Sources across multiple documents confirm this vulnerability and indicate that the exploit has been pu...

PT-2024-2496 · Tenda · Tenda Ac7

Name of the Vulnerable Software and Affected Versions: Tenda AC7 version 15.03.06.44 Description: A critical issue is present in the Tenda AC7 router's software, related to the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the mac argument leads to os command...

PT-2024-2394 · Tenda · Tenda Ac10

Name of the Vulnerable Software and Affected Versions: Tenda AC10U versions 15.03.06.48 through 15.03.06.49 Description: A critical issue affects the function formSetSambaConf of the file /goform/setsambacfg. The manipulation of the argument usbName leads to os command injection. The attack may b...

CVE-2024-25998

An unauthenticated remote attacker can perform a command injection in the OCPP Service with limited privileges due to improper input validation...

CVE-2024-2352

1Panel up to 1.10.1-lts is affected by CVE-2024-2352 via command injection in the function baseApi.UpdateDeviceSwap (file /api/v1/toolbox/device/update/swap). The issue arises from untrusted input in the Path argument (example: 123123123\nopen -a Calculator), which can be exploited remotely. Publ...

PT-2024-2010 · Totolink · Totolink X6000R

Name of the Vulnerable Software and Affected Versions: Totolink X6000R version 9.4.0cu.852 20230719 Description: A critical issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation of the argument ip leads to os command injection. The...

Exploit for OS Command Injection in Zyxel Usg_Flex_100W_Firmware

CVE-2022-30525 Zyxel Firewall Remote Command Injection A py...

PT-2024-9318 · NetGear · Netgear R7000

Name of the Vulnerable Software and Affected Versions: Netgear R7000 version 1.0.11.136 Description: The issue is related to a Command Injection vulnerability in the RMT invite.cgi script, specifically via the device name2 parameter. This vulnerability can be exploited by a remote attacker to...

CVE-2023-32462

Dell OS10 Networking Switches running 10.5.2.x and above contain an OS command injection vulnerability when using remote user authentication. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands and possible system...

CVE-2024-22093

The CVE-2024-22093 issue affects BIG-IP in Appliance mode where an authenticated attacker can exploit an undisclosed iControl REST endpoint to perform remote command injection and cross the security boundary. Affected versions include BIG-IP Next/BIG-IP (all modules) on 17.x with fixes in 17.1.1,...

F5 BIG-IP Security Vulnerabilities

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, and load balancing. A security vulnerability exists in the F5 BIG-IP that stems from a remote command injection vulnerability in the iControl REST endpoint on a...

PT-2024-19202 · Icontrol · Icontrol

The issue is related to an authenticated remote command injection in an undisclosed iControl REST endpoint on multi-bladed systems when running in appliance mode. A successful exploit can allow the attacker to cross a security boundary. The affected software is iControl, but the specific versions...

VulnCheck KEV: CVE-2016-10108

Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/googleanalytics.php URL via a modified arg parameter in the POST data...

CVE-2023-46359

An OS command injection vulnerability in Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier, may allow an unauthenticated remote attacker to execute arbitrary commands on the system via a specifically crafted arguments passed to the connectivity check feature...

CVE-2024-1115

A vulnerability was found in openBI up to 1.0.8 and classified as critical. This issue affects the function dlfile of the file /application/websocket/controller/Setting.php. The manipulation of the argument phpPath leads to os command injection. The attack may be initiated remotely. The exploit h...

Buffalo LS210D Security Vulnerability

Buffalo LS210D is a hard disk drive from Buffalo Japan. A security vulnerability exists in the Buffalo LS210D version 1.78-0.03. A remote attacker can exploit this vulnerability to inject arbitrary commands into the NAS as root...

PT-2024-15962 · Unknown · Asterisk-Cli +1

Name of the Vulnerable Software and Affected Versions: Issabel PBX version 4.0.0 Description: A critical issue affects the processing of the file /index.php?menu=asterisk cli of the component Asterisk-Cli. The manipulation of the argument Command leads to os command injection. The attack may be...

CVE-2024-0919

A vulnerability was found in TRENDnet TEW-815DAP 1.0.2.0. It has been classified as critical. This affects the function dosetNTP of the component POST Request Handler. The manipulation of the argument NtpDstStart/NtpDstEnd leads to command injection. It is possible to initiate the attack remotely...

CVE-2024-0918

A vulnerability was found in TRENDnet TEW-800MB 1.0.1.0 and classified as critical. Affected by this issue is some unknown functionality of the component POST Request Handler. The manipulation of the argument DeviceURL leads to os command injection. The attack may be launched remotely. The exploi...