CVE-2021-20142

An unauthenticated command injection vulnerability exists in the parameters of operation 41 in the controllerserver service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet t...

CVE-2021-20138

An unauthenticated command injection vulnerability exists in multiple parameters in the Gryphon Tower router’s web interface at /cgi-bin/luci/rc. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to th...

CVE-2019-6288

Edgecore ECS2020 Firmware 1.0.0.0 devices allow Unauthenticated Command Injection via the command1 HTTP header to the /EXCUSHELL URI...

CVE-2024-46506

NetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated command injection via settings update because function=savesettings lacks an authentication requirement, as exploited in the wild in May 2025. This is related to settings.php and util.php...

NetAlertX 安全漏洞

NetAlertX is a network intruder and presence detector from the jokob-sk individual developer. A security vulnerability exists in NetAlertX versions prior to 23.01.14 through 24.10.12, which stems from unauthenticated command injection and could lead to arbitrary command execution...

CVE-2024-46506

NetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated command injection via settings update because function=savesettings lacks an authentication requirement, as exploited in the wild in May 2025. This is related to settings.php and util.php...

PT-2025-31839

Name of the Vulnerable Software and Affected Versions: Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02 Description: An unauthenticated OS command injection vulnerability exists in the device. When configuring the device in Extender mode via its captive portal, the extap2g SSID field is...

MySCADA MyPRO Manager 1.2 Command Injection

MySCADA MyPRO Manager versions 1.2 and below suffer from an unauthenticated command injection vulnerability. The vulnerability can be exploited by a remote attacker to inject arbitrary operating system commands which will get executed in the context of the myscada9 administrative user that is...

ABB Cylon Aspect 4.00.00 factorySetSerialNum.php Remote Code Execution Vulnerability

ABB Cylon Aspect version 4.00.00 suffers from an unauthenticated blind command injection vulnerability. Input passed to the serial and ManufactureDate POST parameters is not properly sanitized, allowing attackers to execute arbitrary shell commands on the system. While factory test scripts includ...

CVE-2024-12356

A critical vulnerability has been discovered in Privileged Remote Access PRA and Remote Support RS products which can allow an unauthenticated attacker to inject commands that are run as a site user...

PT-2024-7780

Name of the Vulnerable Software and Affected Versions Junos Space version 24.1R1 Description A Command Injection issue in Juniper Networks Junos Space allows an unauthenticated, network-based attacker to execute arbitrary shell commands on the Junos Space Appliance by sending a specially crafted...

CVE-2024-5035

The affected device expose a network service called "rftest" that is vulnerable to unauthenticated command injection on ports TCP/8888, TCP/8889, and TCP/8890. By successfully exploiting this flaw, remote unauthenticated attacker can gain arbitrary command execution on the device with elevated...

CVE-2024-5035 TP-Link Archer C5400X - RFTest Unauthenticated Command Injection

The affected device expose a network service called "rftest" that is vulnerable to unauthenticated command injection on ports TCP/8888, TCP/8889, and TCP/8890. By successfully exploiting this flaw, remote unauthenticated attacker can gain arbitrary command execution on the device with elevated...

TP-LINK Archer C4500X 安全漏洞

The TP-LINK Archer C4500X is a wireless router from China P&L TP-LINK. A security vulnerability exists in the TP-LINK Archer C4500X that stems from the rftest web service being vulnerable to unauthenticated command injection on ports TCP/8888, TCP/8889, and TCP/8890, which can be exploited by a...

Aruba Networks ArubaOS 和 InstantOS 安全漏洞

Aruba Networks ArubaOS and Aruba Networks InstantOS are both products of Aruba Networks, Inc.Aruba Networks ArubaOS is an operating system for Aruba Mobility-Defined Networks, including Mobility Controllers and Mobility Access Switches. Aruba Networks InstantOS is an Arch Linux-based distribution...

Kemp LoadMaster Unauthenticated Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Kemp LoadMaster Unauthenticated Command Injection', 'Description' = %q This module exploits an unauthenticated command injection vulnerability in...

Kemp LoadMaster Unauthenticated Command Injection

This module exploits an unauthenticated command injection vulnerability in Progress Kemp LoadMaster in the authorization header after vversion 7.2.48.1. The following versions are patched: 7.2.59.2 GA, 7.2.54.8 LTSF and 7.2.48.10 LTS. Module Options msf use...

PT-2024-2561 · Vmware · Vmware Sd-Wan Edge

Name of the Vulnerable Software and Affected Versions: VMware SD-WAN Edge affected versions not specified Description: The issue is related to an unauthenticated command injection vulnerability in the VMware SD-WAN Edge, potentially leading to remote code execution. A malicious actor with local...

CVE-2023-47218: QNAP QTS and QuTS Hero Unauthenticated Command Injection (FIXED)

Rapid7 has identified an unauthenticated command injection vulnerability in the QNAP operating system known as QTS and QuTS hero. QTS is a core part of the firmware for numerous QNAP entry- and mid-level Network Attached Storage NAS devices, and QuTS hero is a core part of the firmware for numero...

CVE-2023-47218: QNAP QTS and QuTS Hero Unauthenticated Command Injection (FIXED)

Rapid7 has identified an unauthenticated command injection vulnerability in the QNAP operating system known as QTS and QuTS hero. QTS is a core part of the firmware for numerous QNAP entry- and mid-level Network Attached Storage NAS devices, and QuTS hero is a core part of the firmware for numero...