1224 matches found
CVE-2018-13338
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "username" parameter during user creation...
CVE-2018-13306
CVE-2018-13306 corresponds to a command injection vulnerability in TOTOLINK A3002RU (firmware version 1.0.8) exploitable via the ftpUser POST parameter in the formDlna component. Multiple sources (NVD, CVE List, CNVD) confirm that an attacker can cause system command execution, with the NVD CVSS ...
CVE-2018-13023
The connected CNVD entry confirms a concrete vulnerability in Xiaomi Mi Router 3, affecting version 2.22.15, via the wifi_access endpoint. The root cause is a system command injection exploitable through the timeout URL parameter, enabling an attacker to execute arbitrary commands. CVSS info from...
CVE-2018-13330
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands during group creation via the "groupname" parameter...
CVE-2018-13418
System command injection in ajaxdata.php in TerraMaster TOS 3.1.03 allows attackers to execute system commands via the "newname" parameter...
CVE-2018-13330
TerraMaster TOS 3.1.03 is affected by a system command injection in ajaxdata.php during group creation via the groupname parameter. The vulnerability allows an attacker to execute system commands on the device. Connected advisories (CNVD-2019-00661, NVD CVE-2018-13330, PRION-CVE-2018-13330, OpenV...
CVE-2018-16130
System command injection in requestmitv in Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute arbitrary system commands via the "payload" URL parameter...
CVE-2018-13316
System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "subnet" POST parameter...
CVE-2018-13353
TerraMaster TOS 3.1.03 contains a command injection vulnerability in ajaxdata.php via the checkport parameter. The issue allows an attacker to execute arbitrary commands, as indicated by CVE-2018-13353 with high severity (CVSS v3.0 base 8.8). The connected documents confirm the affected endpoint ...
CVE-2018-13336
CVE-2018-13336 : TerraMaster TOS 3.1.03 contains a system command injection in the Ajax request path ajaxdata.php used during user creation. The vulnerability is exploitable via the pwd parameter, enabling an attacker to execute arbitrary system commands. According to NVD metrics, the issue has a...
CVE-2018-13338
TerraMaster TOS 3.1.03 is affected by a remote command injection in ajaxdata.php during user creation. The vulnerability enables an attacker to execute arbitrary system commands by manipulating the username parameter. This is documented in CVE-2018-13338 and reiterated in multiple checks (NVD ent...
CVE-2018-13306
System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ftpUser" POST parameter...
CVE-2018-13354
System command injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "Event" parameter...
CVE-2018-13358
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "checkName" parameter...
CVE-2018-16130
Affected product: Xiaomi Mi Router 3, firmware 2.22.15. Vulnerability: system command injection in the /request_mitv endpoint via the payload URL parameter, allowing an attacker to execute arbitrary commands. Root cause: unsanitized “payload” parameter leading to command execution. Impact: high (...
CVE-2018-13307
TOTOLINK A3002RU (firmware 1.0.8) suffers a system command injection in the fromNtp handler, exploitable via the ntpServerIp2 POST parameter. The vulnerability allows an attacker to execute system commands, with the potential to render the device permanently inoperable. The provided documents do ...
CVE-2018-13353
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute commands via the "checkport" parameter...
CVE-2018-13314
The connected documents identify a concrete vulnerability: TOTOLINK A3002RU (firmware version 1.0.8) is affected by a system command injection in the formAliasIp function, exploitable via the ipAddr POST parameter. This allows an attacker to execute system commands on the device. The CNVD-2018-26...
CVE-2018-14893
A system command injection vulnerability in zyshclient in ZyXEL NSA325 V2 version 4.81 allows attackers to execute system commands via the web application API...
CVE-2018-13354
TerraMaster TOS 3.1.03 is affected by a system command injection in logtable.php exposed via the Event parameter, enabling an attacker to execute arbitrary commands. Multiple sources (NVD, CNVD, OpenVAS, PRION, CVELIST) corroborate that the flaw is reachable remotely (network) with high/critical ...