Total
3666 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-21108 | 1 Netgear | 2 R7800, R7800 Firmware | 2024-02-28 | 5.2 MEDIUM | 6.8 MEDIUM |
| NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. | |||||
| CVE-2020-3275 | 1 Cisco | 12 Rv016, Rv016 Firmware, Rv042 and 9 more | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
| Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system. | |||||
| CVE-2020-6651 | 1 Eaton | 1 Intelligent Power Manager | 2024-02-28 | 6.0 MEDIUM | 7.3 HIGH |
| Improper Input Validation in Eaton's Intelligent Power Manager (IPM) v 1.67 & prior on file name during configuration file import functionality allows attackers to perform command injection or code execution via specially crafted file names while uploading the configuration file in the application. | |||||
| CVE-2018-21126 | 1 Netgear | 4 Wac505, Wac505 Firmware, Wac510 and 1 more | 2024-02-28 | 5.8 MEDIUM | 8.8 HIGH |
| Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17. | |||||
| CVE-2020-3277 | 1 Cisco | 12 Rv016, Rv016 Firmware, Rv042 and 9 more | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
| Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system. | |||||
| CVE-2020-7636 | 1 Adb-driver Project | 1 Adb-driver | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| adb-driver through 0.1.8 is vulnerable to Command Injection.It allows execution of arbitrary commands via the command function. | |||||
| CVE-2020-5561 | 1 Keijiban Tsumiki Project | 1 Keijiban Tsumiki | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| Keijiban Tsumiki v1.15 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2018-21162 | 1 Netgear | 32 D6400, D6400 Firmware, Ex6200 and 29 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D6400 before 1.0.0.78, EX6200 before 1.0.3.86, EX7000 before 1.0.0.64, R6250 before 1.0.4.8, R6300v2 before 1.0.4.6, R6400 before 1.0.1.12, R6700 before 1.0.1.16, R7000 before 1.0.7.10, R7100LG before 1.0.0.42, R7300DST before 1.0.0.44, R7900 before 1.0.1.12, R8000 before 1.0.3.36, R8300 before 1.0.2.74, R8500 before 1.0.2.74, WNDR3400v3 before 1.0.1.14, and WNR3500Lv2 before 1.2.0.48. | |||||
| CVE-2020-7632 | 1 Node-mpv Project | 1 Node-mpv | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| node-mpv through 1.4.3 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument. | |||||
| CVE-2020-14950 | 1 Aapanel | 1 Aapanel | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a modified /system?action=ServiceAdmin request (start, stop, or restart) to the setting menu of Sotfware Store. | |||||
| CVE-2020-7350 | 1 Rapid7 | 1 Metasploit | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
| Rapid7 Metasploit Framework versions before 5.0.85 suffers from an instance of CWE-78: OS Command Injection, wherein the libnotify plugin accepts untrusted user-supplied data via a remote computer's hostname or service name. An attacker can create a specially-crafted hostname or service name to be imported by Metasploit from a variety of sources and trigger a command injection on the operator's terminal. Note, only the Metasploit Framework and products that expose the plugin system is susceptible to this issue -- notably, this does not include Rapid7 Metasploit Pro. Also note, this vulnerability cannot be triggered through a normal scan operation -- the attacker would have to supply a file that is processed with the db_import command. | |||||
| CVE-2020-7640 | 1 Pixlcore | 1 Pixl-class | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| pixl-class prior to 1.0.3 allows execution of arbitrary commands. The members argument of the create function can be controlled by users without any sanitization. | |||||
| CVE-2020-3454 | 1 Cisco | 83 Mds 9000, Mds 9100, Mds 9134 and 80 more | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
| A vulnerability in the Call Home feature of Cisco NX-OS Software could allow an authenticated, remote attacker to inject arbitrary commands that could be executed with root privileges on the underlying operating system (OS). The vulnerability is due to insufficient input validation of specific Call Home configuration parameters when the software is configured for transport method HTTP. An attacker could exploit this vulnerability by modifying parameters within the Call Home configuration on an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying OS. | |||||
| CVE-2018-21101 | 1 Netgear | 2 R7800, R7800 Firmware | 2024-02-28 | 5.2 MEDIUM | 8.0 HIGH |
| NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. | |||||
| CVE-2020-10987 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter. | |||||
| CVE-2020-7627 | 1 Node-key-sender Project | 1 Node-key-sender | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| node-key-sender through 1.0.11 is vulnerable to Command Injection. It allows execution of arbitrary commands via the 'arrParams' argument in the 'execute()' function. | |||||
| CVE-2020-9436 | 1 Phoenixcontact | 12 Tc Cloud Client 1002-4g, Tc Cloud Client 1002-4g Firmware, Tc Cloud Client 1002-txtx and 9 more | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17 devices allow authenticated users to inject system commands through a modified POST request to a specific URL. | |||||
| CVE-2020-3224 | 1 Cisco | 1 Ios Xe | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to inject IOS commands to an affected device. The injected commands should require a higher privilege level in order to be executed. The vulnerability is due to insufficient input validation of specific HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to a specific web UI endpoint on an affected device. A successful exploit could allow the attacker to inject IOS commands to the affected device, which could allow the attacker to alter the configuration of the device or cause a denial of service (DoS) condition. | |||||
| CVE-2020-5760 | 1 Grandstream | 12 Ht801, Ht801 Firmware, Ht802 and 9 more | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
| Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to an OS command injection vulnerability. Unauthenticated remote attackers can execute arbitrary commands as root by crafting a special configuration file and sending a crafted SIP message. | |||||
| CVE-2020-8233 | 2 Opensuse, Ui | 14 Backports Sle, Leap, Edgeswitch Firmware and 11 more | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| A command injection vulnerability exists in EdgeSwitch firmware <v1.9.0 that allowed an authenticated read-only user to execute arbitrary shell commands over the HTTP interface, allowing them to escalate privileges. | |||||