Command Injection
Monthly
CVE-2025-23049 is an OS Command Injection vulnerability in Meridian Technique Materialise OrthoView through version 7.5.1 that allows unauthenticated remote attackers to execute arbitrary operating system commands when servlet sharing is enabled. The vulnerability has a CVSS score of 8.4 (High) and affects healthcare/dental imaging software used by medical professionals. Attackers can achieve high confidentiality impact and high availability impact, making this a significant threat to healthcare organizations relying on OrthoView for patient imaging workflows.
A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been classified as critical. This affects the function formWlSiteSurvey of the file /boafrm/formWlSiteSurvey. The manipulation of the argument wlanif leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-34030 is a critical OS command injection vulnerability in sar2html versions 3.2.2 and earlier that allows unauthenticated remote attackers to execute arbitrary shell commands through unsanitized input in the 'plot' parameter of index.php. The vulnerability has a perfect CVSS score of 10.0 and requires no authentication, user interaction, or special privileges to exploit. Active exploitation was observed by the Shadowserver Foundation as of February 4, 2025, indicating this is not a theoretical threat.
CVE-2025-34029 is an OS command injection vulnerability in Edimax EW-7438RPn Mini wireless router firmware version 1.13 and prior that allows authenticated remote attackers to execute arbitrary shell commands as root through the /goform/formSysCmd endpoint. The vulnerability has a CVSS score of 8.8 (High) and was observed being exploited in the wild by the Shadowserver Foundation on 2024-09-14 UTC, indicating active real-world attack activity against this widely-deployed consumer networking device.
CVE-2025-34024 is an OS command injection vulnerability in Edimax EW-7438RPn wireless range extender firmware versions 1.13 and prior, allowing authenticated attackers to execute arbitrary commands as root via the /goform/mp endpoint. The vulnerability results from improper input validation on the 'command' parameter in the mp.asp form handler, enabling shell metacharacter injection. Active exploitation was observed by the Shadowserver Foundation on 2024-09-14 UTC, indicating real-world threat activity against this device.
MiniDVBLinux version 5.4 and earlier contains an unauthenticated OS command injection in the web-based management interface. The DVB streaming platform fails to sanitize user input before passing it to operating system commands, enabling remote attackers to execute arbitrary commands on the media server.
A command injection vulnerability was discovered in the TrustyAI Explainability toolkit.
A vulnerability was found in DedeCMS up to 5.7.2 and classified as critical. This issue affects some unknown processing of the file /include/dedetag.class.php of the component Template Handler. The manipulation of the argument notes leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
A vulnerability classified as critical has been found in TOTOLINK N150RT 3.4.0-B20190525. This affects an unknown part of the file /boa/formWSC. The manipulation of the argument targetAPSsid leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Critical OS Command Injection vulnerability in WeGIA (a web management system for charitable institutions) versions prior to 3.4.2, affecting the /html/configuracao/debug_info.php endpoint. An unauthenticated attacker can inject arbitrary operating system commands via the unsanitized 'branch' parameter, achieving remote code execution (RCE) with www-data user privileges. With a CVSS score of 9.8 and network-based attack vector requiring no authentication or user interaction, this represents an immediate and severe threat to all unpatched WeGIA deployments.
The Versa Director SD-WAN orchestration platform includes functionality to initiate SSH sessions to remote CPEs and the Director shell via Shell-In-A-Box. The underlying Python script, shell-connect.py, is vulnerable to command injection through the user argument. This allows an attacker to execute arbitrary commands on the system. Exploitation Status: Versa Networks is not aware of any reported instance where this vulnerability was exploited. Proof of concept for this vulnerability has been disclosed by third party security researchers. Workarounds or Mitigation: There are no workarounds to disable the GUI option. Versa recommends that Director be upgraded to one of the remediated software versions.
(conda) Constructor is a tool which allows constructing an installer for a collection of conda packages. Prior to version 3.11.3, shell installer scripts process the installation prefix (user_prefix) using an eval statement, which executes unsanitized user input as shell code. Although the script runs with user privileges (not root), an attacker could exploit this by injecting arbitrary commands through a malicious path during installation. Exploitation requires explicit user action. This issue has been patched in version 3.11.3.
Critical OS command injection vulnerability in Wifi-soft UniBox Controller affecting versions up to 20250506. An authenticated attacker can remotely execute arbitrary operating system commands via the 'ipaddress' parameter in /billing/pms_check.php, achieving complete system compromise. Public exploit code exists, the vendor has not responded to early disclosure, and this vulnerability meets criteria for immediate exploitation in real-world environments.
A critical OS command injection vulnerability exists in Wifi-soft UniBox Controller versions up to 20250506 within the /billing/test_accesscodelogin.php file's Password parameter, allowing authenticated remote attackers to execute arbitrary system commands with high impact on confidentiality, integrity, and availability. Public exploit code has been disclosed and the vendor has not responded to early disclosure notifications, indicating active exploitation risk and lack of official patches.
Critical OS command injection vulnerability in Wifi-soft UniBox Controller affecting versions up to 20250506, exploitable through the mac_address parameter in /authentication/logout.php. An authenticated attacker can remotely execute arbitrary OS commands with high impact on confidentiality, integrity, and availability. The vulnerability has been publicly disclosed with exploit code available, and the vendor has not responded to early disclosure attempts, significantly elevating real-world risk.
A command injection vulnerability (CVSS 9.8). Risk factors: public PoC available.
Multiple Blink router models (8 distinct firmware versions across product lines) contain unauthenticated command injection vulnerabilities in the DNS configuration function (bs_SetDNSInfo), allowing remote attackers to execute arbitrary system commands with no authentication required. The CVSS 9.8 rating reflects the critical nature: network-exploitable, no privilege escalation needed, and complete compromise of confidentiality, integrity, and availability. While no KEV or public POC is documented in standard vulnerability databases as of this analysis, the combination of network accessibility and lack of authentication requirements makes this a high-priority threat for all affected Blink router owners.
A critical unauthenticated remote command injection vulnerability exists in multiple Blink router models through the 'mac' parameter in the bs_SetMacBlack function, allowing attackers to execute arbitrary commands with full system privileges. Affected models include BL-WR9000 V2.4.9, BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5, BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0, and BL-X26_DA3 v1.2.7. With a CVSS score of 9.8 and network-based attack vector requiring no authentication or user interaction, this vulnerability poses severe risk to any exposed router on the network.
Critical remote command injection vulnerability affecting multiple Blink router models through the bs_SetSSIDHide function, allowing unauthenticated attackers to execute arbitrary commands with full system compromise. The vulnerability impacts 8 distinct product lines across versions ranging from v1.0.0 to v4.0.0, with a CVSS score of 9.8 indicating severe severity due to network accessibility, low attack complexity, and no privilege requirements. This represents an actively exploitable flaw affecting home and small business network infrastructure with potential for widespread compromise.
A command injection vulnerability (CVSS 9.8). Risk factors: public PoC available.
CVE-2025-39240 is an authenticated remote command execution vulnerability in Hikvision Wireless Access Points caused by insufficient input validation in packet handling. Attackers with valid credentials can send crafted packets to execute arbitrary commands on affected devices, potentially achieving full system compromise. The vulnerability has a CVSS 7.2 score reflecting high confidentiality, integrity, and availability impact, though it requires valid authentication credentials to exploit.
An attacker with access to a minion key can exploit the 'on demand' pillar functionality with a specially crafted git url which could cause and arbitrary command to be run on the master with the same privileges as the master process.
Command injection vulnerability in Visual Studio that allows an authenticated attacker with local user interaction to execute arbitrary code over a network with high impact on confidentiality, integrity, and availability. While the vulnerability requires prior authorization and user interaction, successful exploitation could lead to complete system compromise. No public indication of active exploitation or widespread POC availability is currently documented, but the CVSS 7.1 score reflects significant risk in collaborative development environments where multiple authorized users access shared Visual Studio instances.
Command injection vulnerability in Palo Alto Networks PAN-OS that allows an authenticated administrative user to execute arbitrary commands with root privileges. The vulnerability requires network access to the management web interface and successful authentication, making it a post-authentication remote code execution flaw. While the CVSS score of 7.2 is moderately high, the requirement for administrative credentials significantly limits its practical exploitability in most environments.
Command injection vulnerability in Palo Alto Networks PAN-OS that allows authenticated administrators with CLI access to bypass system restrictions and execute arbitrary commands with root privileges. The vulnerability affects on-premises PAN-OS deployments with CVSS 8.4, but risk is significantly reduced in environments where CLI access is restricted to a limited administrative group. Cloud NGFW and Prisma Access are not affected.
CVE-2025-32711 is an AI command injection vulnerability in Microsoft 365 Copilot that enables unauthenticated network-based attacks to disclose sensitive information without user interaction. The vulnerability affects M365 Copilot deployments and allows attackers to inject malicious commands that bypass normal authorization controls. With a critical CVSS score of 9.3 and no authentication requirement, this poses an immediate risk to organizations using Copilot features; exploitation status and POC availability require confirmation through Microsoft security advisories.
Critical command injection vulnerability in u-link Management API that allows unauthenticated remote attackers positioned as man-in-the-middle (MITM) to inject arbitrary commands into WWH server responses, which are then executed with elevated privileges. The vulnerability requires clients to use insecure proxy configurations to exploit, resulting in complete system compromise (CVSS 9.8). While no public POC or KEV listing is available at publication, the attack vector is network-based with low complexity, making this a significant priority for organizations using u-link with proxy infrastructure.
FortiADC versions 6.1 through 7.6.1 contain an OS command injection vulnerability (CWE-78) that allows authenticated attackers with high privileges to execute arbitrary code through crafted HTTP requests. The vulnerability affects multiple product versions across several release branches, with a CVSS score of 7.2 indicating high severity. While the attack requires authentication and high-level privileges, successful exploitation results in complete system compromise with confidentiality, integrity, and availability impact.
CVE-2025-4678 is an OS command injection vulnerability in Pandora ITSM 5.0.105 where the chromium_path variable fails to properly neutralize special elements, allowing authenticated attackers with high privileges to execute arbitrary system commands. With a CVSS score of 7.0 and network-accessible attack vector, this vulnerability poses a significant risk to affected deployments, particularly if the system is exposed to untrusted administrative users or if privilege escalation chains exist.
OS command injection vulnerability in the backup name field of Pandora ITSM 5.0.105 that results from improper neutralization of special elements (CWE-77). An authenticated attacker with high privileges can inject arbitrary OS commands through the backup name parameter, potentially achieving code execution with high confidentiality impact. The CVSS 7.0 score reflects the requirement for privileged access (PR:H), but the network-accessible attack vector (AV:N) and low attack complexity (AC:L) indicate this is a practical threat in enterprise environments where administrative accounts may be compromised or abused.
A security vulnerability in A vulnerability (CVSS 7.7). High severity vulnerability requiring prompt remediation.
CVE-2024-13089 is an OS command injection vulnerability in the update functionality of Nozomi Networks Guardian and CMC appliances that allows authenticated administrators to bypass signature validation and execute arbitrary OS commands. While the vulnerability requires high-privilege administrative access, the improper cryptographic signature validation on update packages creates a critical integrity bypass that could lead to complete system compromise. The attack is network-accessible with no user interaction required once an administrator initiates an update.
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote control over the charging station when an authenticated user modifies configuration parameters on the web server.
A critical OS command injection vulnerability exists in Zend.To versions up to 6.10-6 Beta, where unsanitized user input in the 'file_1' parameter of NSSDropoff.php's exec function allows remote, unauthenticated attackers to execute arbitrary system commands with application-level privileges. The vulnerability has been publicly disclosed with working exploits available, making active exploitation probable, though it affects an older software version that has been superseded by newer releases with additional security controls.
HAX CMS PHP versions prior to 11.0.3 contain an OS command injection vulnerability in the `gitImportSite` functionality where insufficient input validation on user-supplied URL parameters allows authenticated attackers to bypass `filter_var` and `strpos` checks and execute arbitrary OS commands via the `set_remote` function's `proc_open` call. An authenticated attacker can leverage this to execute arbitrary commands and exfiltrate output, representing a critical post-authentication code execution risk with high real-world impact due to full OS command execution capability.
Command injection vulnerability in Quantenna Wi-Fi chipset control scripts (specifically the set_tx_pow utility) that allows local, unauthenticated attackers to execute arbitrary commands with elevated privileges. The vulnerability affects Quantenna Wi-Fi chipset SDK through version 8.0.0.28 and remains unpatched at the time of disclosure, though the vendor has issued a best practices guide. An attacker with local access can leverage CWE-88 (argument injection) to compromise system integrity and confidentiality.
A command injection vulnerability (CVSS 7.7). High severity vulnerability requiring prompt remediation.
Post-authentication command injection vulnerability in the AT+MNPINGTM command affecting Microhard BulletLTE-NA2 and IPn4Gii-NA2 products. An authenticated local attacker can exploit this CWE-88 argument injection flaw to achieve privilege escalation, gaining high-confidentiality and high-integrity impact. The vulnerability remains generally unfixed at the time of CVE publication, indicating active exposure in deployed systems.
Post-authentication command injection vulnerability in the AT+MNNETSP command affecting Microhard BulletLTE-NA2 and IPn4Gii-NA2 products, allowing authenticated local users to achieve privilege escalation through improper argument delimiter neutralization. With a CVSS 7.1 score, high confidentiality and integrity impact, and no widespread patch availability at disclosure, this vulnerability poses a moderate-to-significant risk to organizations deploying these industrial LTE modems. The post-authentication requirement limits immediate exposure but represents a critical internal threat vector for privilege escalation once system access is obtained.
Post-authentication command injection vulnerability in the AT+MMNAME command affecting Microhard BulletLTE-NA2 and IPn4Gii-NA2 products, allowing authenticated local attackers to escalate privileges through argument delimiter manipulation (CWE-88). With a CVSS score of 7.1 and no general fix available at publication, this vulnerability represents a moderate-to-high risk for organizations deploying these industrial/embedded LTE communication devices. The post-authentication requirement and local attack vector limit exposure, but privilege escalation impact is significant.
Post-authentication command injection vulnerability in the AT+MFRULE command affecting Microhard BulletLTE-NA2 and IPn4Gii-NA2 products, allowing authenticated local attackers to achieve privilege escalation through improper argument delimiter neutralization (CWE-88). With a CVSS score of 7.1 and no general fix available at publication, this vulnerability presents a moderate-to-high risk for systems where local authentication access can be obtained. The vulnerability has not been reported as actively exploited in public KEV catalogs, but the lack of available patches and the privilege escalation potential warrant immediate assessment and mitigation planning.
Post-authentication command injection vulnerability in the AT+MFPORTFWD command affecting Microhard BulletLTE-NA2 and IPn4Gii-NA2 products. An authenticated local attacker can exploit improper argument delimiter neutralization (CWE-88) to achieve privilege escalation, potentially gaining unauthorized access to system resources. As of the CVE publication date, no general fix has been released, and the vulnerability carries a CVSS score of 7.1 with high confidentiality and integrity impact.
Post-authentication command injection vulnerability in the AT+MFMAC command affecting Microhard BulletLTE-NA2 and IPn4Gii-NA2 products. An authenticated local attacker can exploit improper argument delimiter neutralization (CWE-88) to achieve privilege escalation, gaining high-confidence access to sensitive system functions and data. As of the CVE publication date, no general fix has been released, and the vulnerability remains unpatched across affected product lines.
Post-authentication command injection vulnerability in the AT+MFIP command affecting Microhard BulletLTE-NA2 and IPn4Gii-NA2 products, enabling authenticated local attackers to achieve privilege escalation through improper argument delimiter neutralization (CWE-88). With a CVSS 7.1 score and no indication of general fixes at publication, this vulnerability presents a moderate-to-high risk for systems using affected modem/gateway products; exploitation requires local access and valid credentials but no user interaction.
A command injection vulnerability exists in the Quantenna Wi-Fi chipset's router_command.sh script, specifically in the sync_time argument handler, allowing unauthenticated local attackers to execute arbitrary commands with high impact on confidentiality and integrity. The vulnerability affects Quantenna Wi-Fi chipset SDK versions through 8.0.0.28 and remains unpatched as of the CVE publication date, though the vendor has released implementation best practices rather than a direct patch. The CVSS 7.7 score reflects the local attack vector but high-impact consequences; exploitation requires local access but no privileges or user interaction.
Command injection vulnerability in Quantenna Wi-Fi chipset control scripts (router_command.sh) that allows local, unauthenticated attackers to execute arbitrary commands with high impact to confidentiality and integrity. The vulnerability affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the SDK and remains unpatched at disclosure, though the vendor has issued a best practices guide rather than a direct security patch. With a CVSS score of 7.7 and local attack vector requirements, this represents a significant risk to deployed routers and wireless access points using this chipset.
A command injection vulnerability (CVSS 7.7). High severity vulnerability requiring prompt remediation.
A command injection vulnerability exists in the Quantenna Wi-Fi chipset's router_command.sh script affecting versions through 8.0.0.28 of the SDK. The flaw allows unauthenticated local attackers to inject arbitrary commands via improper argument handling in the put_file_to_qtn parameter, potentially leading to confidentiality and integrity compromise. No official patch is available as of the CVE publication date, though the vendor has released mitigation guidance; this vulnerability is not currently tracked as actively exploited in CISA's Known Exploited Vulnerabilities catalog.
A command injection vulnerability exists in the Quantenna Wi-Fi chipset's router_command.sh local control script, allowing unauthenticated local attackers to execute arbitrary commands with high impact on confidentiality and integrity. The vulnerability affects Quantenna Wi-Fi chipset versions through 8.0.0.28 of the latest SDK and remains unpatched as of the CVE publication date, though the vendor has provided best practices guidance rather than a direct patch. With a CVSS score of 7.7 and local attack vector requirements, this poses significant risk to routers and access points using affected Quantenna chipsets, particularly in multi-user or compromised-local-network scenarios.
A vulnerability was found in Tenda AC9 15.03.02.13. It has been rated as critical. This issue affects the function formSetIptv of the file /goform/SetIPTVCfg of the component POST Request Handler. The manipulation of the argument list leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Command injection vulnerability affecting QNAP NAS operating systems (QTS and QuTS hero) that allows authenticated remote attackers to execute arbitrary commands with high severity (CVSS 8.8). The vulnerability requires valid user credentials but no user interaction, making it exploitable by compromised accounts or insider threats. QNAP has released patches as of March 21, 2025, and exploitation details are limited in public disclosures at this time.
A command injection vulnerability has been reported to affect QHora. If an attacker gains local network access who have also gained an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuRouter 2.4.6.028 and later
A vulnerability has been found in Tenda CP3 11.10.00.2311090948 and classified as critical. Affected by this vulnerability is the function sub_F3C8C of the file apollo. The manipulation leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
A vulnerability has been found in Teledyne FLIR AX8 up to 1.46.16. This impacts the function subscribe_to_spot/subscribe_to_delta/subscribe_to_alarm of the file /usr/www/application/models/subscriptions.php of the component Backend. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.49.16 will fix this issue. It is suggested to upgrade the affected component. The vendor points out: "FLIR AX8 internal web site has been refactored to be able to handle the reported vulnerabilities."
A command injection vulnerability in A vulnerability (CVSS 7.3). Risk factors: public PoC available.
A critical remote code execution vulnerability exists in D-Link DIR-816 firmware version 1.10CNB05, allowing unauthenticated attackers to execute arbitrary OS commands via the /goform/setipsec_config endpoint by manipulating localIP or remoteIP parameters. The vulnerability has a publicly disclosed proof-of-concept exploit and affects end-of-life hardware no longer receiving security updates from D-Link, creating significant risk for deployed instances.
A vulnerability was found in Tenda AC18 15.03.05.05. It has been declared as critical. This vulnerability affects the function formSetIptv of the file /goform/SetIPTVCfg. The manipulation of the argument list leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. This vulnerability is due to improper validation of user-supplied command arguments. An attacker could exploit this vulnerability by executing crafted commands on the CLI of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. To exploit this vulnerability, the attacker must have valid administrative credentials.
A vulnerability was found in D-Link DCS-932L 2.18.01. It has been rated as critical. Affected by this issue is the function setSystemWizard/setSystemControl of the file /setSystemWizard. The manipulation of the argument AdminID leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
A vulnerability was found in D-Link DCS-932L 2.18.01. It has been classified as critical. Affected is the function setSystemAdmin of the file /setSystemAdmin. The manipulation of the argument AdminID leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
A vulnerability was found in Jrohy trojan up to 2.15.3. It has been declared as critical. This vulnerability affects the function LogChan of the file trojan/util/linux.go. The manipulation of the argument c leads to os command injection. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
A vulnerability, which was classified as critical, has been found in TOTOLINK X2000R 1.0.0-B20230726.1108. Affected by this issue is some unknown functionality of the file /boafrm/formMapDel. The manipulation of the argument devicemac1 leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability has been found in TOTOLINK X2000R 1.0.0-B20230726.1108 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formWsc. The manipulation of the argument peerRptPin leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability, which was classified as critical, has been found in TOTOLINK X15 1.0.0-B20230714.1105. Affected by this issue is the function formMapReboot of the file /boafrm/formMapReboot. The manipulation of the argument deviceMacAddr leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability has been found in D-Link DI-500WF-WT up to 20250511 and classified as critical. Affected by this vulnerability is the function sub_456DE8 of the file /msp_info.htm?flag=cmd of the component /usr/sbin/jhttpd. The manipulation of the argument cmd leads to command injection. The attack can be launched remotely.
A second Qualcomm GPU micronode memory corruption vulnerability (CVE-2025-21479, CVSS 8.6) exists in the unauthorized command execution path during specific GPU command sequences. KEV-listed alongside CVE-2025-21480, this indicates a systemic issue in Qualcomm's GPU micronode command validation that is being actively exploited in mobile attack chains.
In engineermode service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed.
Qualcomm GPU micronode contains a memory corruption vulnerability (CVE-2025-21480, CVSS 8.6) caused by unauthorized command execution during specific GPU command sequences. KEV-listed, this vulnerability enables privilege escalation from the GPU context, potentially allowing app-level attackers to gain kernel access through the GPU driver on Qualcomm-based Android devices.
An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the usertoken function of default.aspx.
An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the session management component.
Command Injection Rce (3Rd) in HPE StoreOnce backup storage software. One of 6 critical CVEs.
A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been declared as critical. This vulnerability affects the function ssid1MACFilter of the file /goform/ssid1MACFilter. The manipulation of the argument apselect_%d/newap_text_%d leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Command Injection Rce (2Nd) in HPE StoreOnce backup storage software. One of 6 critical CVEs.
Command injection remote code execution vulnerability in HPE StoreOnce Software that allows authenticated attackers with high privileges to execute arbitrary commands on affected systems. The vulnerability has a CVSS score of 7.2 (high severity) and requires authenticated access but no user interaction. Given the command injection nature (CWE-77) and network attack vector, this poses significant risk to organizations running vulnerable HPE StoreOnce deployments, particularly if KEV status or active exploitation is confirmed.
Command Injection Rce in HPE StoreOnce backup storage software. One of 6 critical CVEs.
A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been classified as critical. This affects the function RP_checkCredentialsByBBS of the file /goform/RP_checkCredentialsByBBS. The manipulation of the argument pwd leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 and classified as critical. Affected by this issue is the function RP_checkFWByBBS of the file /goform/RP_checkFWByBBS. The manipulation of the argument type/ch/ssidhex/security/extch/pwd/mode/ip/nm/gw leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 and classified as critical. Affected by this vulnerability is the function RP_UpgradeFWByBBS of the file /goform/RP_UpgradeFWByBBS. The manipulation of the argument type/ch/ssidhex/security/extch/pwd/mode/ip/nm/gw leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability, which was classified as critical, was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected is the function wirelessAdvancedHidden of the file /goform/wirelessAdvancedHidden. The manipulation of the argument ExtChSelector/24GSelector/5GSelector leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability, which was classified as critical, has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This issue affects the function RP_pingGatewayByBBS of the file /goform/RP_pingGatewayByBBS. The manipulation of the argument ip/nm/gw leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability classified as critical was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function setDeviceURL of the file /goform/setDeviceURL. The manipulation of the argument DeviceURL leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability classified as critical has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function NTP of the file /goform/NTP. The manipulation of the argument manual_year_select/manual_month_select/manual_day_select/manual_hour_select/manual_min_select/manual_sec_select leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been rated as critical. Affected by this issue is the function verifyFacebookLike of the file /goform/verifyFacebookLike. The manipulation of the argument uid/accessToken leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been declared as critical. Affected by this vulnerability is the function WPS of the file /goform/WPS. The manipulation of the argument PIN leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Critical vulnerability in Diviotec professional series devices that combines arbitrary command injection via a web interface endpoint with hardcoded credentials, allowing authenticated attackers to execute arbitrary commands with high impact on confidentiality, integrity, and availability. The CVSS 8.6 score reflects the severity of command injection paired with hardcoded passwords that eliminate authentication barriers. This vulnerability affects network-accessible professional series devices and represents an immediate risk in environments where these devices are deployed, particularly where adjacent network access is possible.
Critical remote code execution vulnerability affecting Netcom NTC 6200 and NWL 222 series network devices. The vulnerability stems from multiple command injection flaws in the web interface combined with hardcoded credentials, allowing authenticated remote attackers to execute arbitrary commands with elevated privileges. With a CVSS score of 8.6 and an attack vector requiring only adjacent network access and low privileges, this vulnerability poses significant risk to organizations deploying these devices in networked environments.
GetSimple CMS is a content management system. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
An OS Command Injection issue exists in wivia 5 all versions. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An authenticated user can perform command injection via unsanitized input to the NetFax Server’s ping functionality via the /test.php endpoint. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An arbitrary file upload vulnerability in M2Soft CROWNIX Report & ERS v5.x to v5.5.14.1070, v7.x to v7.4.3.960, and v8.x to v8.2.0.345 allows attackers to execute arbitrary code via supplying a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
CVE-2025-23049 is an OS Command Injection vulnerability in Meridian Technique Materialise OrthoView through version 7.5.1 that allows unauthenticated remote attackers to execute arbitrary operating system commands when servlet sharing is enabled. The vulnerability has a CVSS score of 8.4 (High) and affects healthcare/dental imaging software used by medical professionals. Attackers can achieve high confidentiality impact and high availability impact, making this a significant threat to healthcare organizations relying on OrthoView for patient imaging workflows.
A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been classified as critical. This affects the function formWlSiteSurvey of the file /boafrm/formWlSiteSurvey. The manipulation of the argument wlanif leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-34030 is a critical OS command injection vulnerability in sar2html versions 3.2.2 and earlier that allows unauthenticated remote attackers to execute arbitrary shell commands through unsanitized input in the 'plot' parameter of index.php. The vulnerability has a perfect CVSS score of 10.0 and requires no authentication, user interaction, or special privileges to exploit. Active exploitation was observed by the Shadowserver Foundation as of February 4, 2025, indicating this is not a theoretical threat.
CVE-2025-34029 is an OS command injection vulnerability in Edimax EW-7438RPn Mini wireless router firmware version 1.13 and prior that allows authenticated remote attackers to execute arbitrary shell commands as root through the /goform/formSysCmd endpoint. The vulnerability has a CVSS score of 8.8 (High) and was observed being exploited in the wild by the Shadowserver Foundation on 2024-09-14 UTC, indicating active real-world attack activity against this widely-deployed consumer networking device.
CVE-2025-34024 is an OS command injection vulnerability in Edimax EW-7438RPn wireless range extender firmware versions 1.13 and prior, allowing authenticated attackers to execute arbitrary commands as root via the /goform/mp endpoint. The vulnerability results from improper input validation on the 'command' parameter in the mp.asp form handler, enabling shell metacharacter injection. Active exploitation was observed by the Shadowserver Foundation on 2024-09-14 UTC, indicating real-world threat activity against this device.
MiniDVBLinux version 5.4 and earlier contains an unauthenticated OS command injection in the web-based management interface. The DVB streaming platform fails to sanitize user input before passing it to operating system commands, enabling remote attackers to execute arbitrary commands on the media server.
A command injection vulnerability was discovered in the TrustyAI Explainability toolkit.
A vulnerability was found in DedeCMS up to 5.7.2 and classified as critical. This issue affects some unknown processing of the file /include/dedetag.class.php of the component Template Handler. The manipulation of the argument notes leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
A vulnerability classified as critical has been found in TOTOLINK N150RT 3.4.0-B20190525. This affects an unknown part of the file /boa/formWSC. The manipulation of the argument targetAPSsid leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Critical OS Command Injection vulnerability in WeGIA (a web management system for charitable institutions) versions prior to 3.4.2, affecting the /html/configuracao/debug_info.php endpoint. An unauthenticated attacker can inject arbitrary operating system commands via the unsanitized 'branch' parameter, achieving remote code execution (RCE) with www-data user privileges. With a CVSS score of 9.8 and network-based attack vector requiring no authentication or user interaction, this represents an immediate and severe threat to all unpatched WeGIA deployments.
The Versa Director SD-WAN orchestration platform includes functionality to initiate SSH sessions to remote CPEs and the Director shell via Shell-In-A-Box. The underlying Python script, shell-connect.py, is vulnerable to command injection through the user argument. This allows an attacker to execute arbitrary commands on the system. Exploitation Status: Versa Networks is not aware of any reported instance where this vulnerability was exploited. Proof of concept for this vulnerability has been disclosed by third party security researchers. Workarounds or Mitigation: There are no workarounds to disable the GUI option. Versa recommends that Director be upgraded to one of the remediated software versions.
(conda) Constructor is a tool which allows constructing an installer for a collection of conda packages. Prior to version 3.11.3, shell installer scripts process the installation prefix (user_prefix) using an eval statement, which executes unsanitized user input as shell code. Although the script runs with user privileges (not root), an attacker could exploit this by injecting arbitrary commands through a malicious path during installation. Exploitation requires explicit user action. This issue has been patched in version 3.11.3.
Critical OS command injection vulnerability in Wifi-soft UniBox Controller affecting versions up to 20250506. An authenticated attacker can remotely execute arbitrary operating system commands via the 'ipaddress' parameter in /billing/pms_check.php, achieving complete system compromise. Public exploit code exists, the vendor has not responded to early disclosure, and this vulnerability meets criteria for immediate exploitation in real-world environments.
A critical OS command injection vulnerability exists in Wifi-soft UniBox Controller versions up to 20250506 within the /billing/test_accesscodelogin.php file's Password parameter, allowing authenticated remote attackers to execute arbitrary system commands with high impact on confidentiality, integrity, and availability. Public exploit code has been disclosed and the vendor has not responded to early disclosure notifications, indicating active exploitation risk and lack of official patches.
Critical OS command injection vulnerability in Wifi-soft UniBox Controller affecting versions up to 20250506, exploitable through the mac_address parameter in /authentication/logout.php. An authenticated attacker can remotely execute arbitrary OS commands with high impact on confidentiality, integrity, and availability. The vulnerability has been publicly disclosed with exploit code available, and the vendor has not responded to early disclosure attempts, significantly elevating real-world risk.
A command injection vulnerability (CVSS 9.8). Risk factors: public PoC available.
Multiple Blink router models (8 distinct firmware versions across product lines) contain unauthenticated command injection vulnerabilities in the DNS configuration function (bs_SetDNSInfo), allowing remote attackers to execute arbitrary system commands with no authentication required. The CVSS 9.8 rating reflects the critical nature: network-exploitable, no privilege escalation needed, and complete compromise of confidentiality, integrity, and availability. While no KEV or public POC is documented in standard vulnerability databases as of this analysis, the combination of network accessibility and lack of authentication requirements makes this a high-priority threat for all affected Blink router owners.
A critical unauthenticated remote command injection vulnerability exists in multiple Blink router models through the 'mac' parameter in the bs_SetMacBlack function, allowing attackers to execute arbitrary commands with full system privileges. Affected models include BL-WR9000 V2.4.9, BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5, BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0, and BL-X26_DA3 v1.2.7. With a CVSS score of 9.8 and network-based attack vector requiring no authentication or user interaction, this vulnerability poses severe risk to any exposed router on the network.
Critical remote command injection vulnerability affecting multiple Blink router models through the bs_SetSSIDHide function, allowing unauthenticated attackers to execute arbitrary commands with full system compromise. The vulnerability impacts 8 distinct product lines across versions ranging from v1.0.0 to v4.0.0, with a CVSS score of 9.8 indicating severe severity due to network accessibility, low attack complexity, and no privilege requirements. This represents an actively exploitable flaw affecting home and small business network infrastructure with potential for widespread compromise.
A command injection vulnerability (CVSS 9.8). Risk factors: public PoC available.
CVE-2025-39240 is an authenticated remote command execution vulnerability in Hikvision Wireless Access Points caused by insufficient input validation in packet handling. Attackers with valid credentials can send crafted packets to execute arbitrary commands on affected devices, potentially achieving full system compromise. The vulnerability has a CVSS 7.2 score reflecting high confidentiality, integrity, and availability impact, though it requires valid authentication credentials to exploit.
An attacker with access to a minion key can exploit the 'on demand' pillar functionality with a specially crafted git url which could cause and arbitrary command to be run on the master with the same privileges as the master process.
Command injection vulnerability in Visual Studio that allows an authenticated attacker with local user interaction to execute arbitrary code over a network with high impact on confidentiality, integrity, and availability. While the vulnerability requires prior authorization and user interaction, successful exploitation could lead to complete system compromise. No public indication of active exploitation or widespread POC availability is currently documented, but the CVSS 7.1 score reflects significant risk in collaborative development environments where multiple authorized users access shared Visual Studio instances.
Command injection vulnerability in Palo Alto Networks PAN-OS that allows an authenticated administrative user to execute arbitrary commands with root privileges. The vulnerability requires network access to the management web interface and successful authentication, making it a post-authentication remote code execution flaw. While the CVSS score of 7.2 is moderately high, the requirement for administrative credentials significantly limits its practical exploitability in most environments.
Command injection vulnerability in Palo Alto Networks PAN-OS that allows authenticated administrators with CLI access to bypass system restrictions and execute arbitrary commands with root privileges. The vulnerability affects on-premises PAN-OS deployments with CVSS 8.4, but risk is significantly reduced in environments where CLI access is restricted to a limited administrative group. Cloud NGFW and Prisma Access are not affected.
CVE-2025-32711 is an AI command injection vulnerability in Microsoft 365 Copilot that enables unauthenticated network-based attacks to disclose sensitive information without user interaction. The vulnerability affects M365 Copilot deployments and allows attackers to inject malicious commands that bypass normal authorization controls. With a critical CVSS score of 9.3 and no authentication requirement, this poses an immediate risk to organizations using Copilot features; exploitation status and POC availability require confirmation through Microsoft security advisories.
Critical command injection vulnerability in u-link Management API that allows unauthenticated remote attackers positioned as man-in-the-middle (MITM) to inject arbitrary commands into WWH server responses, which are then executed with elevated privileges. The vulnerability requires clients to use insecure proxy configurations to exploit, resulting in complete system compromise (CVSS 9.8). While no public POC or KEV listing is available at publication, the attack vector is network-based with low complexity, making this a significant priority for organizations using u-link with proxy infrastructure.
FortiADC versions 6.1 through 7.6.1 contain an OS command injection vulnerability (CWE-78) that allows authenticated attackers with high privileges to execute arbitrary code through crafted HTTP requests. The vulnerability affects multiple product versions across several release branches, with a CVSS score of 7.2 indicating high severity. While the attack requires authentication and high-level privileges, successful exploitation results in complete system compromise with confidentiality, integrity, and availability impact.
CVE-2025-4678 is an OS command injection vulnerability in Pandora ITSM 5.0.105 where the chromium_path variable fails to properly neutralize special elements, allowing authenticated attackers with high privileges to execute arbitrary system commands. With a CVSS score of 7.0 and network-accessible attack vector, this vulnerability poses a significant risk to affected deployments, particularly if the system is exposed to untrusted administrative users or if privilege escalation chains exist.
OS command injection vulnerability in the backup name field of Pandora ITSM 5.0.105 that results from improper neutralization of special elements (CWE-77). An authenticated attacker with high privileges can inject arbitrary OS commands through the backup name parameter, potentially achieving code execution with high confidentiality impact. The CVSS 7.0 score reflects the requirement for privileged access (PR:H), but the network-accessible attack vector (AV:N) and low attack complexity (AC:L) indicate this is a practical threat in enterprise environments where administrative accounts may be compromised or abused.
A security vulnerability in A vulnerability (CVSS 7.7). High severity vulnerability requiring prompt remediation.
CVE-2024-13089 is an OS command injection vulnerability in the update functionality of Nozomi Networks Guardian and CMC appliances that allows authenticated administrators to bypass signature validation and execute arbitrary OS commands. While the vulnerability requires high-privilege administrative access, the improper cryptographic signature validation on update packages creates a critical integrity bypass that could lead to complete system compromise. The attack is network-accessible with no user interaction required once an administrator initiates an update.
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote control over the charging station when an authenticated user modifies configuration parameters on the web server.
A critical OS command injection vulnerability exists in Zend.To versions up to 6.10-6 Beta, where unsanitized user input in the 'file_1' parameter of NSSDropoff.php's exec function allows remote, unauthenticated attackers to execute arbitrary system commands with application-level privileges. The vulnerability has been publicly disclosed with working exploits available, making active exploitation probable, though it affects an older software version that has been superseded by newer releases with additional security controls.
HAX CMS PHP versions prior to 11.0.3 contain an OS command injection vulnerability in the `gitImportSite` functionality where insufficient input validation on user-supplied URL parameters allows authenticated attackers to bypass `filter_var` and `strpos` checks and execute arbitrary OS commands via the `set_remote` function's `proc_open` call. An authenticated attacker can leverage this to execute arbitrary commands and exfiltrate output, representing a critical post-authentication code execution risk with high real-world impact due to full OS command execution capability.
Command injection vulnerability in Quantenna Wi-Fi chipset control scripts (specifically the set_tx_pow utility) that allows local, unauthenticated attackers to execute arbitrary commands with elevated privileges. The vulnerability affects Quantenna Wi-Fi chipset SDK through version 8.0.0.28 and remains unpatched at the time of disclosure, though the vendor has issued a best practices guide. An attacker with local access can leverage CWE-88 (argument injection) to compromise system integrity and confidentiality.
A command injection vulnerability (CVSS 7.7). High severity vulnerability requiring prompt remediation.
Post-authentication command injection vulnerability in the AT+MNPINGTM command affecting Microhard BulletLTE-NA2 and IPn4Gii-NA2 products. An authenticated local attacker can exploit this CWE-88 argument injection flaw to achieve privilege escalation, gaining high-confidentiality and high-integrity impact. The vulnerability remains generally unfixed at the time of CVE publication, indicating active exposure in deployed systems.
Post-authentication command injection vulnerability in the AT+MNNETSP command affecting Microhard BulletLTE-NA2 and IPn4Gii-NA2 products, allowing authenticated local users to achieve privilege escalation through improper argument delimiter neutralization. With a CVSS 7.1 score, high confidentiality and integrity impact, and no widespread patch availability at disclosure, this vulnerability poses a moderate-to-significant risk to organizations deploying these industrial LTE modems. The post-authentication requirement limits immediate exposure but represents a critical internal threat vector for privilege escalation once system access is obtained.
Post-authentication command injection vulnerability in the AT+MMNAME command affecting Microhard BulletLTE-NA2 and IPn4Gii-NA2 products, allowing authenticated local attackers to escalate privileges through argument delimiter manipulation (CWE-88). With a CVSS score of 7.1 and no general fix available at publication, this vulnerability represents a moderate-to-high risk for organizations deploying these industrial/embedded LTE communication devices. The post-authentication requirement and local attack vector limit exposure, but privilege escalation impact is significant.
Post-authentication command injection vulnerability in the AT+MFRULE command affecting Microhard BulletLTE-NA2 and IPn4Gii-NA2 products, allowing authenticated local attackers to achieve privilege escalation through improper argument delimiter neutralization (CWE-88). With a CVSS score of 7.1 and no general fix available at publication, this vulnerability presents a moderate-to-high risk for systems where local authentication access can be obtained. The vulnerability has not been reported as actively exploited in public KEV catalogs, but the lack of available patches and the privilege escalation potential warrant immediate assessment and mitigation planning.
Post-authentication command injection vulnerability in the AT+MFPORTFWD command affecting Microhard BulletLTE-NA2 and IPn4Gii-NA2 products. An authenticated local attacker can exploit improper argument delimiter neutralization (CWE-88) to achieve privilege escalation, potentially gaining unauthorized access to system resources. As of the CVE publication date, no general fix has been released, and the vulnerability carries a CVSS score of 7.1 with high confidentiality and integrity impact.
Post-authentication command injection vulnerability in the AT+MFMAC command affecting Microhard BulletLTE-NA2 and IPn4Gii-NA2 products. An authenticated local attacker can exploit improper argument delimiter neutralization (CWE-88) to achieve privilege escalation, gaining high-confidence access to sensitive system functions and data. As of the CVE publication date, no general fix has been released, and the vulnerability remains unpatched across affected product lines.
Post-authentication command injection vulnerability in the AT+MFIP command affecting Microhard BulletLTE-NA2 and IPn4Gii-NA2 products, enabling authenticated local attackers to achieve privilege escalation through improper argument delimiter neutralization (CWE-88). With a CVSS 7.1 score and no indication of general fixes at publication, this vulnerability presents a moderate-to-high risk for systems using affected modem/gateway products; exploitation requires local access and valid credentials but no user interaction.
A command injection vulnerability exists in the Quantenna Wi-Fi chipset's router_command.sh script, specifically in the sync_time argument handler, allowing unauthenticated local attackers to execute arbitrary commands with high impact on confidentiality and integrity. The vulnerability affects Quantenna Wi-Fi chipset SDK versions through 8.0.0.28 and remains unpatched as of the CVE publication date, though the vendor has released implementation best practices rather than a direct patch. The CVSS 7.7 score reflects the local attack vector but high-impact consequences; exploitation requires local access but no privileges or user interaction.
Command injection vulnerability in Quantenna Wi-Fi chipset control scripts (router_command.sh) that allows local, unauthenticated attackers to execute arbitrary commands with high impact to confidentiality and integrity. The vulnerability affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the SDK and remains unpatched at disclosure, though the vendor has issued a best practices guide rather than a direct security patch. With a CVSS score of 7.7 and local attack vector requirements, this represents a significant risk to deployed routers and wireless access points using this chipset.
A command injection vulnerability (CVSS 7.7). High severity vulnerability requiring prompt remediation.
A command injection vulnerability exists in the Quantenna Wi-Fi chipset's router_command.sh script affecting versions through 8.0.0.28 of the SDK. The flaw allows unauthenticated local attackers to inject arbitrary commands via improper argument handling in the put_file_to_qtn parameter, potentially leading to confidentiality and integrity compromise. No official patch is available as of the CVE publication date, though the vendor has released mitigation guidance; this vulnerability is not currently tracked as actively exploited in CISA's Known Exploited Vulnerabilities catalog.
A command injection vulnerability exists in the Quantenna Wi-Fi chipset's router_command.sh local control script, allowing unauthenticated local attackers to execute arbitrary commands with high impact on confidentiality and integrity. The vulnerability affects Quantenna Wi-Fi chipset versions through 8.0.0.28 of the latest SDK and remains unpatched as of the CVE publication date, though the vendor has provided best practices guidance rather than a direct patch. With a CVSS score of 7.7 and local attack vector requirements, this poses significant risk to routers and access points using affected Quantenna chipsets, particularly in multi-user or compromised-local-network scenarios.
A vulnerability was found in Tenda AC9 15.03.02.13. It has been rated as critical. This issue affects the function formSetIptv of the file /goform/SetIPTVCfg of the component POST Request Handler. The manipulation of the argument list leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Command injection vulnerability affecting QNAP NAS operating systems (QTS and QuTS hero) that allows authenticated remote attackers to execute arbitrary commands with high severity (CVSS 8.8). The vulnerability requires valid user credentials but no user interaction, making it exploitable by compromised accounts or insider threats. QNAP has released patches as of March 21, 2025, and exploitation details are limited in public disclosures at this time.
A command injection vulnerability has been reported to affect QHora. If an attacker gains local network access who have also gained an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuRouter 2.4.6.028 and later
A vulnerability has been found in Tenda CP3 11.10.00.2311090948 and classified as critical. Affected by this vulnerability is the function sub_F3C8C of the file apollo. The manipulation leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
A vulnerability has been found in Teledyne FLIR AX8 up to 1.46.16. This impacts the function subscribe_to_spot/subscribe_to_delta/subscribe_to_alarm of the file /usr/www/application/models/subscriptions.php of the component Backend. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.49.16 will fix this issue. It is suggested to upgrade the affected component. The vendor points out: "FLIR AX8 internal web site has been refactored to be able to handle the reported vulnerabilities."
A command injection vulnerability in A vulnerability (CVSS 7.3). Risk factors: public PoC available.
A critical remote code execution vulnerability exists in D-Link DIR-816 firmware version 1.10CNB05, allowing unauthenticated attackers to execute arbitrary OS commands via the /goform/setipsec_config endpoint by manipulating localIP or remoteIP parameters. The vulnerability has a publicly disclosed proof-of-concept exploit and affects end-of-life hardware no longer receiving security updates from D-Link, creating significant risk for deployed instances.
A vulnerability was found in Tenda AC18 15.03.05.05. It has been declared as critical. This vulnerability affects the function formSetIptv of the file /goform/SetIPTVCfg. The manipulation of the argument list leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. This vulnerability is due to improper validation of user-supplied command arguments. An attacker could exploit this vulnerability by executing crafted commands on the CLI of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. To exploit this vulnerability, the attacker must have valid administrative credentials.
A vulnerability was found in D-Link DCS-932L 2.18.01. It has been rated as critical. Affected by this issue is the function setSystemWizard/setSystemControl of the file /setSystemWizard. The manipulation of the argument AdminID leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
A vulnerability was found in D-Link DCS-932L 2.18.01. It has been classified as critical. Affected is the function setSystemAdmin of the file /setSystemAdmin. The manipulation of the argument AdminID leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
A vulnerability was found in Jrohy trojan up to 2.15.3. It has been declared as critical. This vulnerability affects the function LogChan of the file trojan/util/linux.go. The manipulation of the argument c leads to os command injection. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
A vulnerability, which was classified as critical, has been found in TOTOLINK X2000R 1.0.0-B20230726.1108. Affected by this issue is some unknown functionality of the file /boafrm/formMapDel. The manipulation of the argument devicemac1 leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability has been found in TOTOLINK X2000R 1.0.0-B20230726.1108 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formWsc. The manipulation of the argument peerRptPin leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability, which was classified as critical, has been found in TOTOLINK X15 1.0.0-B20230714.1105. Affected by this issue is the function formMapReboot of the file /boafrm/formMapReboot. The manipulation of the argument deviceMacAddr leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability has been found in D-Link DI-500WF-WT up to 20250511 and classified as critical. Affected by this vulnerability is the function sub_456DE8 of the file /msp_info.htm?flag=cmd of the component /usr/sbin/jhttpd. The manipulation of the argument cmd leads to command injection. The attack can be launched remotely.
A second Qualcomm GPU micronode memory corruption vulnerability (CVE-2025-21479, CVSS 8.6) exists in the unauthorized command execution path during specific GPU command sequences. KEV-listed alongside CVE-2025-21480, this indicates a systemic issue in Qualcomm's GPU micronode command validation that is being actively exploited in mobile attack chains.
In engineermode service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed.
Qualcomm GPU micronode contains a memory corruption vulnerability (CVE-2025-21480, CVSS 8.6) caused by unauthorized command execution during specific GPU command sequences. KEV-listed, this vulnerability enables privilege escalation from the GPU context, potentially allowing app-level attackers to gain kernel access through the GPU driver on Qualcomm-based Android devices.
An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the usertoken function of default.aspx.
An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the session management component.
Command Injection Rce (3Rd) in HPE StoreOnce backup storage software. One of 6 critical CVEs.
A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been declared as critical. This vulnerability affects the function ssid1MACFilter of the file /goform/ssid1MACFilter. The manipulation of the argument apselect_%d/newap_text_%d leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Command Injection Rce (2Nd) in HPE StoreOnce backup storage software. One of 6 critical CVEs.
Command injection remote code execution vulnerability in HPE StoreOnce Software that allows authenticated attackers with high privileges to execute arbitrary commands on affected systems. The vulnerability has a CVSS score of 7.2 (high severity) and requires authenticated access but no user interaction. Given the command injection nature (CWE-77) and network attack vector, this poses significant risk to organizations running vulnerable HPE StoreOnce deployments, particularly if KEV status or active exploitation is confirmed.
Command Injection Rce in HPE StoreOnce backup storage software. One of 6 critical CVEs.
A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been classified as critical. This affects the function RP_checkCredentialsByBBS of the file /goform/RP_checkCredentialsByBBS. The manipulation of the argument pwd leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 and classified as critical. Affected by this issue is the function RP_checkFWByBBS of the file /goform/RP_checkFWByBBS. The manipulation of the argument type/ch/ssidhex/security/extch/pwd/mode/ip/nm/gw leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 and classified as critical. Affected by this vulnerability is the function RP_UpgradeFWByBBS of the file /goform/RP_UpgradeFWByBBS. The manipulation of the argument type/ch/ssidhex/security/extch/pwd/mode/ip/nm/gw leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability, which was classified as critical, was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected is the function wirelessAdvancedHidden of the file /goform/wirelessAdvancedHidden. The manipulation of the argument ExtChSelector/24GSelector/5GSelector leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability, which was classified as critical, has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This issue affects the function RP_pingGatewayByBBS of the file /goform/RP_pingGatewayByBBS. The manipulation of the argument ip/nm/gw leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability classified as critical was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function setDeviceURL of the file /goform/setDeviceURL. The manipulation of the argument DeviceURL leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability classified as critical has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function NTP of the file /goform/NTP. The manipulation of the argument manual_year_select/manual_month_select/manual_day_select/manual_hour_select/manual_min_select/manual_sec_select leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been rated as critical. Affected by this issue is the function verifyFacebookLike of the file /goform/verifyFacebookLike. The manipulation of the argument uid/accessToken leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been declared as critical. Affected by this vulnerability is the function WPS of the file /goform/WPS. The manipulation of the argument PIN leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Critical vulnerability in Diviotec professional series devices that combines arbitrary command injection via a web interface endpoint with hardcoded credentials, allowing authenticated attackers to execute arbitrary commands with high impact on confidentiality, integrity, and availability. The CVSS 8.6 score reflects the severity of command injection paired with hardcoded passwords that eliminate authentication barriers. This vulnerability affects network-accessible professional series devices and represents an immediate risk in environments where these devices are deployed, particularly where adjacent network access is possible.
Critical remote code execution vulnerability affecting Netcom NTC 6200 and NWL 222 series network devices. The vulnerability stems from multiple command injection flaws in the web interface combined with hardcoded credentials, allowing authenticated remote attackers to execute arbitrary commands with elevated privileges. With a CVSS score of 8.6 and an attack vector requiring only adjacent network access and low privileges, this vulnerability poses significant risk to organizations deploying these devices in networked environments.
GetSimple CMS is a content management system. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
An OS Command Injection issue exists in wivia 5 all versions. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An authenticated user can perform command injection via unsanitized input to the NetFax Server’s ping functionality via the /test.php endpoint. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An arbitrary file upload vulnerability in M2Soft CROWNIX Report & ERS v5.x to v5.5.14.1070, v7.x to v7.4.3.960, and v8.x to v8.2.0.345 allows attackers to execute arbitrary code via supplying a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.