Lucene search
K

1224 matches found

Cvelist
Cvelist
added 2018/11/27 9:0 p.m.12 views

CVE-2018-13023

System command injection vulnerability in wifiaccess in Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute system commands via the "timeout" URL parameter...

9.1AI score0.23955EPSS
Exploits1References1
CVE
CVE
added 2018/11/27 9:0 p.m.52 views

CVE-2018-14893

CVE-2018-14893 concerns ZyXEL NSA325 V2 (firmware version 4.81) with a command injection vulnerability in the zyshclient component. The flaw permits an attacker to execute system commands via the web application API. Multiple sources (NVD, CVE records, CNVD) describe the same issue, identifying z...

9CVSS9AI score0.03443EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2018/11/27 9:0 p.m.44 views

CVE-2018-13316

CVE-2018-13316 describes a System command injection in the TOTOLINK A3002RU router (version 1.0.8) via the formAliasIp function, where an attacker can trigger command execution through the POST parameter subnet. The connected CNVD/CVE sources corroborate the model: TOTOLINK A3002RU is affected by...

10CVSS9.8AI score0.03195EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2018/11/27 8:29 p.m.3 views

CVE-2018-13314

System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ipAddr" POST parameter...

9.8CVSS5.9AI score0.03195EPSS
Exploits1References1
OSV
OSV
added 2018/11/27 8:29 p.m.1 views

CVE-2018-13023

System command injection vulnerability in wifiaccess in Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute system commands via the "timeout" URL parameter...

8.8CVSS5.9AI score0.23955EPSS
Exploits1References1
NVD
NVD
added 2018/11/27 8:29 p.m.14 views

CVE-2018-14893

A system command injection vulnerability in zyshclient in ZyXEL NSA325 V2 version 4.81 allows attackers to execute system commands via the web application API...

9CVSS9.1AI score0.03443EPSS
Exploits1References1
NVD
NVD
added 2018/11/27 8:29 p.m.13 views

CVE-2018-16130

System command injection in requestmitv in Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute arbitrary system commands via the "payload" URL parameter...

9CVSS9.2AI score0.23955EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2018/11/27 8:29 p.m.2 views

CVE-2018-13314

System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ipAddr" POST parameter...

10CVSS5.8AI score0.03195EPSS
Exploits1References2
Prion
Prion
added 2018/11/27 8:29 p.m.16 views

Command injection

System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ipAddr" POST parameter...

10CVSS9.8AI score0.03195EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2018/11/27 8:29 p.m.3 views

CVE-2018-16130

System command injection in requestmitv in Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute arbitrary system commands via the "payload" URL parameter...

8.8CVSS6AI score0.23955EPSS
Exploits1References1
Prion
Prion
added 2018/11/27 8:29 p.m.19 views

Command injection

System command injection in fromNtp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ntpServerIp2" POST parameter. Certain payloads cause the device to become permanently inoperable...

10CVSS9.8AI score0.03195EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2018/11/27 8:29 p.m.4 views

CVE-2018-14893

A system command injection vulnerability in zyshclient in ZyXEL NSA325 V2 version 4.81 allows attackers to execute system commands via the web application API...

8.8CVSS5.9AI score0.03443EPSS
Exploits1References1
OSV
OSV
added 2018/11/27 8:29 p.m.3 views

CVE-2018-13316

System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "subnet" POST parameter...

9.8CVSS5.9AI score0.03195EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2018/11/26 11:29 p.m.2 views

CVE-2018-13318

System command injection in User.create method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute system commands via the "name" parameter...

7.2CVSS5.7AI score0.02776EPSS
Exploits1References2
OSV
OSV
added 2018/11/26 11:29 p.m.3 views

CVE-2018-13318

System command injection in User.create method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute system commands via the "name" parameter...

7.2CVSS5.9AI score0.02776EPSS
Exploits1References1
OSV
OSV
added 2018/11/26 11:29 p.m.1 views

CVE-2018-13311

System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "sambaUser" POST parameter...

9.8CVSS5.9AI score0.02495EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2018/11/26 11:29 p.m.2 views

CVE-2018-13311

System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "sambaUser" POST parameter...

10CVSS5.8AI score0.02495EPSS
Exploits0References2
NVD
NVD
added 2018/11/26 11:29 p.m.17 views

CVE-2018-13320

System Command Injection in network.setauthsettings in Buffalo TS5600D1206 version 3.70-0.10 allows attackers to execute system commands via the adminUsername and adminPassword parameters...

7.2CVSS7.4AI score0.02776EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/11/26 10:0 p.m.26 views

CVE-2018-13311

System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "sambaUser" POST parameter...

9.9AI score0.02495EPSS
Exploits0References1
CVE
CVE
added 2018/11/26 10:0 p.m.44 views

CVE-2018-13311

CVE-2018-13311 affects TOTOLINK A3002RU (firmware v1.0.8) in the formDlna component. An attacker can inject system commands via the sambaUser POST parameter, enabling remote code execution. Public references from NVD/CNVD describe a system command injection vulnerability with high severities (CVS...

10CVSS9.8AI score0.02495EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder