Total
3851 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8007 | 2024-11-08 | N/A | 9.8 CRITICAL | ||
| The pwrstudio web application of EV Charger (in the server in Circontrol Raption through 5.6.2) is vulnerable to OS command injection via three fields of the configuration menu for ntpserver0, ntpserver1, and pingip. | |||||
| CVE-2024-10966 | 2024-11-08 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability, which was classified as critical, has been found in TOTOLINK X18 9.1.0cu.2024_B20220329. Affected by this issue is some unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-48954 | 2024-11-08 | N/A | 6.4 MEDIUM | ||
| An issue was discovered in Logpoint before 7.5.0. Unvalidated input during the EventHub Collector setup by an authenticated user leads to Remote Code execution. | |||||
| CVE-2023-29120 | 1 Enelx | 2 Waybox Pro, Waybox Pro Firmware | 2024-11-08 | N/A | 8.8 HIGH |
| Waybox Enel X web management application could be used to execute arbitrary OS commands and provide administrator’s privileges over the Waybox system. | |||||
| CVE-2024-51661 | 1 Davidlingren | 1 Media Library Assistant | 2024-11-08 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in David Lingren Media Library Assistant allows Command Injection.This issue affects Media Library Assistant: from n/a through 3.19. | |||||
| CVE-2024-51023 | 2024-11-05 | N/A | 8.8 HIGH | ||
| D-Link DIR_823G 1.0.2B05 was discovered to contain a command injection vulnerability via the Address parameter in the SetNetworkTomographySettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. | |||||
| CVE-2024-51252 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2024-11-05 | N/A | 9.8 CRITICAL |
| In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the restore function. | |||||
| CVE-2024-51024 | 2024-11-05 | N/A | 8.0 HIGH | ||
| D-Link DIR_823G 1.0.2B05 was discovered to contain a command injection vulnerability via the HostName parameter in the SetWanSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. | |||||
| CVE-2024-51248 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2024-11-05 | N/A | 8.8 HIGH |
| In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the modifyrow function. | |||||
| CVE-2024-51247 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2024-11-05 | N/A | 8.8 HIGH |
| In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doPPPo function. | |||||
| CVE-2024-51245 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2024-11-05 | N/A | 8.8 HIGH |
| In DrayTek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the rename_table function. | |||||
| CVE-2024-51244 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2024-11-05 | N/A | 8.8 HIGH |
| In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doIPSec function. | |||||
| CVE-2024-52019 | 2024-11-05 | N/A | 8.0 HIGH | ||
| Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at genie_fix2.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. | |||||
| CVE-2024-52018 | 2024-11-05 | N/A | 8.0 HIGH | ||
| Netgear XR300 v1.0.3.78 was discovered to contain a command injection vulnerability in the system_name parameter at genie_dyn.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. | |||||
| CVE-2024-50993 | 2024-11-05 | N/A | 8.0 HIGH | ||
| Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the sysNewPasswd parameter at admin_account.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. | |||||
| CVE-2024-52021 | 2024-11-05 | N/A | 8.0 HIGH | ||
| Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at bsw_fix.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. | |||||
| CVE-2024-52020 | 2024-11-05 | N/A | 8.0 HIGH | ||
| Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at wiz_fix2.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. | |||||
| CVE-2024-51021 | 2024-11-05 | N/A | 8.0 HIGH | ||
| Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a command injection vulnerability via the wan_gateway parameter at genie_fix2.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. | |||||
| CVE-2024-51010 | 2024-11-05 | N/A | 8.0 HIGH | ||
| Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a command injection vulnerability in the component ap_mode.cgi via the apmode_gateway parameter. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. | |||||
| CVE-2024-51009 | 2024-11-05 | N/A | 8.0 HIGH | ||
| Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at ether.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. | |||||