Total
1813 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-24146 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the minute parameter in the setRebootScheCfg function. | |||||
| CVE-2023-24145 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the plugin_version parameter in the setUnloadUserData function. | |||||
| CVE-2023-24144 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the hour parameter in the setRebootScheCfg function. | |||||
| CVE-2023-24143 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagTracertHop parameter in the setNetworkDiag function. | |||||
| CVE-2023-24142 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingSize parameter in the setNetworkDiag function. | |||||
| CVE-2023-24141 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingTimeOut parameter in the setNetworkDiag function. | |||||
| CVE-2023-24140 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingNum parameter in the setNetworkDiag function. | |||||
| CVE-2023-24139 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagHost parameter in the setNetworkDiag function. | |||||
| CVE-2023-24138 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the host_time parameter in the NTPSyncWithHost function. | |||||
| CVE-2023-24135 | 1 Jensenofscandinavia | 2 Eagle 1200ac, Eagle 1200ac Firmware | 2024-11-21 | N/A | 7.8 HIGH |
| Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a command injection vulnerability in the function formWriteFacMac. This vulnerability allows attackers to execute arbitrary commands via manipulation of the mac parameter. | |||||
| CVE-2023-24046 | 2024-11-21 | N/A | 6.8 MEDIUM | ||
| An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to run arbitrary commands via use of a crafted string in the ping utility. | |||||
| CVE-2023-24032 | 1 Zimbra | 1 Collaboration | 2024-11-21 | N/A | 7.8 HIGH |
| In Zimbra Collaboration Suite through 9.0 and 8.8.15, an attacker (who has initial user access to a Zimbra server instance) can execute commands as root by passing one of JVM arguments, leading to local privilege escalation (LPE). | |||||
| CVE-2023-23952 | 1 Broadcom | 2 Advanced Secure Gateway, Content Analysis | 2024-11-21 | N/A | 9.8 CRITICAL |
| Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Command Injection vulnerability. | |||||
| CVE-2023-23564 | 1 Geomatika | 1 Isigeo Web | 2024-11-21 | N/A | 8.8 HIGH |
| An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to execute commands. | |||||
| CVE-2023-23355 | 1 Qnap | 18 Qts, Quts Hero, Qutscloud and 15 more | 2024-11-21 | N/A | 6.6 MEDIUM |
| An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote authenticated administrators to execute commands via unspecified vectors. QES is not affected. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2346 build 20230322 and later QTS 4.5.4.2374 build 20230416 and later QuTS hero h5.0.1.2348 build 20230324 and later QuTS hero h4.5.4.2374 build 20230417 and later QuTScloud c5.0.1.2374 and later | |||||
| CVE-2023-23333 | 1 Contec | 2 Solarview Compact, Solarview Compact Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions through downloader.php. | |||||
| CVE-2023-23295 | 1 Korenix | 29 Jetwave 2111, Jetwave 2111 Firmware, Jetwave 2111l and 26 more | 2024-11-21 | N/A | 8.8 HIGH |
| Korenix Jetwave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection via /goform/formSysCmd. An attacker an modify the sysCmd parameter in order to execute commands as root. | |||||
| CVE-2023-23294 | 1 Korenix | 29 Jetwave 2111, Jetwave 2111 Firmware, Jetwave 2111l and 26 more | 2024-11-21 | N/A | 8.8 HIGH |
| Korenix JetWave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection. An attacker can modify the file_name parameter to execute commands as root. | |||||
| CVE-2023-23149 | 1 Dek-1705 Project | 2 Dek-1705, Dek-1705 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| DEK-1705 <=Firmware:34.23.1 device was discovered to have a command execution vulnerability. | |||||
| CVE-2023-23080 | 1 Tenda | 10 Cp3, Cp3 Firmware, Cp7 and 7 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| Certain Tenda products are vulnerable to command injection. This affects Tenda CP7 Tenda CP7<=V11.10.00.2211041403 and Tenda CP3 v.10 Tenda CP3 v.10<=V20220906024_2025 and Tenda IT7-PCS Tenda IT7-PCS<=V2209020914 and Tenda IT7-LCS Tenda IT7-LCS<=V2209020914 and Tenda IT7-PRS Tenda IT7-PRS<=V2209020908. | |||||