1224 matches found
CVE-2018-13023
System command injection vulnerability in wifiaccess in Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute system commands via the "timeout" URL parameter...
CVE-2018-14893
CVE-2018-14893 concerns ZyXEL NSA325 V2 (firmware version 4.81) with a command injection vulnerability in the zyshclient component. The flaw permits an attacker to execute system commands via the web application API. Multiple sources (NVD, CVE records, CNVD) describe the same issue, identifying z...
CVE-2018-13316
CVE-2018-13316 describes a System command injection in the TOTOLINK A3002RU router (version 1.0.8) via the formAliasIp function, where an attacker can trigger command execution through the POST parameter subnet. The connected CNVD/CVE sources corroborate the model: TOTOLINK A3002RU is affected by...
CVE-2018-13314
System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ipAddr" POST parameter...
CVE-2018-13023
System command injection vulnerability in wifiaccess in Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute system commands via the "timeout" URL parameter...
CVE-2018-14893
A system command injection vulnerability in zyshclient in ZyXEL NSA325 V2 version 4.81 allows attackers to execute system commands via the web application API...
CVE-2018-16130
System command injection in requestmitv in Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute arbitrary system commands via the "payload" URL parameter...
CVE-2018-13314
System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ipAddr" POST parameter...
Command injection
System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ipAddr" POST parameter...
CVE-2018-16130
System command injection in requestmitv in Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute arbitrary system commands via the "payload" URL parameter...
Command injection
System command injection in fromNtp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ntpServerIp2" POST parameter. Certain payloads cause the device to become permanently inoperable...
CVE-2018-14893
A system command injection vulnerability in zyshclient in ZyXEL NSA325 V2 version 4.81 allows attackers to execute system commands via the web application API...
CVE-2018-13316
System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "subnet" POST parameter...
CVE-2018-13318
System command injection in User.create method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute system commands via the "name" parameter...
CVE-2018-13318
System command injection in User.create method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute system commands via the "name" parameter...
CVE-2018-13311
System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "sambaUser" POST parameter...
CVE-2018-13311
System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "sambaUser" POST parameter...
CVE-2018-13320
System Command Injection in network.setauthsettings in Buffalo TS5600D1206 version 3.70-0.10 allows attackers to execute system commands via the adminUsername and adminPassword parameters...
CVE-2018-13311
System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "sambaUser" POST parameter...
CVE-2018-13311
CVE-2018-13311 affects TOTOLINK A3002RU (firmware v1.0.8) in the formDlna component. An attacker can inject system commands via the sambaUser POST parameter, enabling remote code execution. Public references from NVD/CNVD describe a system command injection vulnerability with high severities (CVS...