Skip to main content

Command Injection

7747 CVEs technique

Monthly

CVE-2024-48073 CRITICAL Act Now

sunniwell HT3300 before 1.0.0.B022.2 is vulnerable to Insecure Permissions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Command Injection
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-50809 HIGH This Week

The theme.php file in SDCMS 2.8 has a command execution vulnerability that allows for the execution of system commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Command Injection
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-45763 HIGH This Week

Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Dell Enterprise Sonic Distribution
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2024-45765 HIGH This Week

Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Dell Enterprise Sonic Distribution
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2024-50591 HIGH This Week

An attacker with local access the to medical office computer can escalate his Windows user privileges to "NT AUTHORITY\SYSTEM" by exploiting a command injection vulnerability in the Elefant Update. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Microsoft
NVD
CVSS 3.1
7.8
EPSS
2.0%
CVE-2024-10966 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in TOTOLINK X18 9.1.0cu.2024_B20220329. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X18 Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
3.1%
CVE-2024-48954 MEDIUM This Month

An issue was discovered in Logpoint before 7.5.0. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. No vendor patch available.

RCE Command Injection Siem
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-51736 PHP CRITICAL PATCH Act Now

Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Command Injection Microsoft Symfony
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-20418 CRITICAL Act Now

A vulnerability in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points could allow an unauthenticated,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Command Injection
NVD
CVSS 3.1
10.0
EPSS
3.1%
CVE-2024-10919 MEDIUM POC This Month

A vulnerability has been found in didi Super-Jacoco 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Super Jacoco
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
4.9%
CVE-2024-10915 CRITICAL POC THREAT Act Now

A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

D-Link Command Injection Dns 320 Firmware Dns 320Lw Firmware Dns 325 Firmware +1
NVD VulDB
CVSS 4.0
9.2
EPSS
79.1%
CVE-2024-10914 CRITICAL POC THREAT Act Now

A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

D-Link Command Injection Dns 320 Firmware Dns 320Lw Firmware Dns 325 Firmware +1
NVD VulDB
CVSS 4.0
9.2
EPSS
97.4%
CVE-2024-51115 CRITICAL POC Act Now

DCME-320 v7.4.12.90 was discovered to contain a command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Dcme 320 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2024-48746 CRITICAL Act Now

An issue in Lens Visual integration with Power BI v.4.0.0.3 allows a remote attacker to execute arbitrary code via the Natural language processing component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-47461 HIGH This Week

An authenticated command injection vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2024-47460 CRITICAL Act Now

Command injection vulnerability in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Command Injection Aruba
NVD
CVSS 3.1
9.0
EPSS
1.4%
CVE-2024-42509 CRITICAL Act Now

Command injection vulnerability in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Aruba
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2024-9579 HIGH This Week

A potential vulnerability was discovered in certain Poly video conferencing devices. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Command Injection Poly Tc8 Firmware Poly Tc10 Firmware Poly Studio G7500 Firmware Poly Studio X30 Firmware +4
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-52022 HIGH This Week

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a command injection vulnerability in the component wlg_adv.cgi via the apmode_gateway. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear R8500 Firmware Xr300 Firmware R7000P Firmware +1
NVD GitHub
CVSS 3.1
8.0
EPSS
1.0%
CVE-2024-52021 HIGH This Week

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at bsw_fix.cgi. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear R8500 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
1.0%
CVE-2024-52020 HIGH This Week

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at wiz_fix2.cgi. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear R8500 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
1.0%
CVE-2024-52019 HIGH This Week

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at genie_fix2.cgi. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear R8500 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
1.6%
CVE-2024-52018 HIGH This Week

Netgear XR300 v1.0.3.78 was discovered to contain a command injection vulnerability in the system_name parameter at genie_dyn.cgi. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear Xr300 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
1.6%
CVE-2024-51024 HIGH This Week

D-Link DIR_823G 1.0.2B05 was discovered to contain a command injection vulnerability via the HostName parameter in the SetWanSettings function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

D-Link Command Injection Dir 823G Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
1.4%
CVE-2024-51023 HIGH This Week

D-Link DIR_823G 1.0.2B05 was discovered to contain a command injection vulnerability via the Address parameter in the SetNetworkTomographySettings function. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

D-Link Command Injection Dir 823G Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2024-51021 HIGH This Week

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a command injection vulnerability via the wan_gateway parameter at genie_fix2.cgi. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear Xr300 Firmware R7000P Firmware R6400V2 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.8%
CVE-2024-51015 MEDIUM This Month

Netgear R7000P v1.3.3.154 was discovered to contain a command injection vulnerability via the device_name2 parameter at operation_mode.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Command Injection Netgear R7000P Firmware
NVD GitHub
CVSS 3.1
5.7
EPSS
0.6%
CVE-2024-51010 HIGH This Week

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a command injection vulnerability in the component ap_mode.cgi via the apmode_gateway. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear R8500 Firmware Xr300 Firmware R7000P Firmware +1
NVD GitHub
CVSS 3.1
8.0
EPSS
0.9%
CVE-2024-51009 HIGH This Week

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at ether.cgi. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear R8500 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.9%
CVE-2024-51008 HIGH This Week

Netgear XR300 v1.0.3.78 was discovered to contain a command injection vulnerability in the system_name parameter at wiz_dyn.cgi. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear Xr300 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.9%
CVE-2024-51005 HIGH This Week

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the share_name parameter at usb_remote_smb_conf.cgi. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear R8500 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.8%
CVE-2024-50999 MEDIUM This Month

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the sysNewPasswd parameter at password.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Command Injection Netgear R8500 Firmware
NVD GitHub
CVSS 3.1
5.7
EPSS
0.7%
CVE-2024-50993 HIGH This Week

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the sysNewPasswd parameter at admin_account.cgi. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear R8500 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.9%
CVE-2024-45893 HIGH This Week

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
1.6%
CVE-2024-45891 HIGH This Week

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
1.3%
CVE-2024-45890 HIGH This Week

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `download_ovpn.`. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
2.1%
CVE-2024-45889 HIGH This Week

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
1.6%
CVE-2024-45888 HIGH This Week

DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
2.0%
CVE-2024-45887 HIGH This Week

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
2.1%
CVE-2024-45885 HIGH This Week

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
1.3%
CVE-2024-45884 HIGH This Week

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
2.1%
CVE-2024-45882 HIGH This Week

DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
1.5%
CVE-2024-51253 HIGH This Week

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doL2TP function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.7%
CVE-2024-51251 HIGH This Week

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the backup function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.7%
CVE-2024-51249 HIGH This Week

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the reboot function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.7%
CVE-2024-51246 HIGH This Week

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doPPTP function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.4%
CVE-2024-10035 CRITICAL Act Now

Improper Control of Generation of Code ('Code Injection'), Improper Neutralization of Special Elements used in a Command ('Command Injection'), Improper Neutralization of Special Elements used in an. Rated critical severity (CVSS 9.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Command Injection Coslat
NVD VulDB
CVSS 4.0
9.2
EPSS
1.1%
CVE-2024-51661 CRITICAL Act Now

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in David Lingren Media LIbrary Assistant media-library-assistant allows Command Injection.19. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
9.1
EPSS
2.8%
CVE-2024-10697 MEDIUM POC THREAT This Month

A vulnerability has been found in Tenda AC6 15.03.05.19 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tenda Ac6 Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
25.5%
CVE-2024-51252 CRITICAL POC Act Now

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the restore function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-51248 HIGH POC This Week

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the modifyrow function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-51247 HIGH POC This Week

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doPPPo function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-51245 HIGH POC This Week

In DrayTek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the rename_table function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-51244 HIGH POC This Week

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doIPSec function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-10653 HIGH This Week

IDExpert from CHANGING Information Technology does not properly validate a specific parameter in the administrator interface, allowing remote attackers with administrative privileges to inject and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-51260 CRITICAL Act Now

DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the acme_process function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-51255 CRITICAL Act Now

DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the ruequest_certificate function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-51259 CRITICAL Act Now

DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the setup_cacertificate function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-51254 HIGH This Week

DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the sign_cacertificate function. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-8934 MEDIUM This Month

A local user with administrative access rights can enter specialy crafted values for settings at the user interface (UI) of the TwinCAT Package Manager which then causes arbitrary OS commands to be. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-48214 HIGH This Week

KERUI HD 3MP 1080P Tuya Camera 1.0.4 has a command injection vulnerability in the module that connects to the local network via a QR code. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection
NVD
CVSS 3.1
8.4
EPSS
1.0%
CVE-2024-36060 HIGH This Week

EnGenius EnStation5-AC A8J-ENS500AC 1.0.0 devices allow blind OS command injection via shell metacharacters in the Ping and Speed Test parameters. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2024-51258 HIGH This Week

DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doSSLTunnel function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-51301 HIGH This Week

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the packet_monitor function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-51300 HIGH This Week

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_rrd function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-51299 HIGH This Week

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the dumpSyslog function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-51296 HIGH This Week

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the pingtrace function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-51257 HIGH This Week

DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doCertificate function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-51304 HIGH This Week

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the ldap_search_dn function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-51568 CRITICAL POC THREAT Emergency

CyberPanel (aka Cyber Panel) before 2.3.5 allows Command Injection via completePath in the ProcessUtilities.outputExecutioner() sink. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Cyberpanel
NVD
CVSS 3.1
9.8
EPSS
45.7%
CVE-2024-51378 CRITICAL POC KEV PATCH THREAT Act Now

getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Cyberpanel
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
94.8%
CVE-2024-41153 HIGH This Week

Command injection vulnerability in the Edge Computing UI for the TRO600 series radios that allows for the execution of arbitrary system commands. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Tro610 Firmware Tro620 Firmware Tro670 Firmware
NVD
CVSS 3.1
7.2
EPSS
1.6%
CVE-2024-22065 HIGH This Week

There is a command injection vulnerability in ZTE MF258 Pro product. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zte Command Injection Mf258k Pro Firmware
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-48826 HIGH POC This Week

Tenda AC7 v.15.03.06.44 ate_iwpriv_set has pre-authentication command injection allowing remote attackers to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Tenda Command Injection Ac7 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-48825 HIGH POC This Week

Tenda AC7 v.15.03.06.44 ate_ifconfig_set has pre-authentication command injection allowing remote attackers to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Tenda Command Injection Ac7 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-48074 HIGH POC This Week

An authorized RCE vulnerability exists in the DrayTek Vigor2960 router version 1.4.4, where an attacker can place a malicious command into the table parameter of the doPPPoE function in the. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Vigor2960 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.7%
CVE-2024-10435 MEDIUM This Month

A vulnerability was found in didi Super-Jacoco 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
1.2%
CVE-2024-10429 HIGH POC THREAT This Week

A vulnerability classified as critical has been found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Wn530H4 Firmware Wn530Hg4 Firmware Wn572Hg3 Firmware
NVD VulDB
CVSS 4.0
8.6
EPSS
17.2%
CVE-2024-10428 HIGH POC THREAT This Week

A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Wn530H4 Firmware Wn530Hg4 Firmware Wn572Hg3 Firmware
NVD VulDB
CVSS 4.0
8.6
EPSS
14.1%
CVE-2024-47821 PyPI LOW POC PATCH Monitor

pyLoad is a free and open-source Download Manager. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Pyload
NVD GitHub
CVSS 3.1
2.3
EPSS
0.7%
CVE-2024-37845 HIGH This Week

MangoOS before 5.2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the Active Process Command feature. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Mango
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-48459 HIGH This Week

A command execution vulnerability exists in the AX2 Pro home router produced by Shenzhen Tenda Technology Co., Ltd. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Tenda Command Injection
NVD GitHub
CVSS 3.1
7.3
EPSS
8.2%
CVE-2024-45242 HIGH This Week

EnGenius ENH1350EXT A8J-ENH1350EXT devices through 3.9.3.2_c1.9.51 allow (blind) OS Command Injection via shell metacharacters to the Ping or Speed Test utility. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
7.8
EPSS
34.7%
CVE-2024-48145 CRITICAL Act Now

A prompt injection vulnerability in the chatbox of Netangular Technologies ChatNet AI Version v1.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-48144 CRITICAL Act Now

A prompt injection vulnerability in the chatbox of Fusion Chat Chat AI Assistant Ask Me Anything v1.2.4.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-48142 HIGH This Week

A prompt injection vulnerability in the chatbox of Butterfly Effect Limited Monica ChatGPT AI Assistant v2.4.0 allows attackers to access and exfiltrate all previous and subsequent chat data between. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-48141 HIGH This Week

A prompt injection vulnerability in the chatbox of Zhipu AI CodeGeeX v2.17.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-48140 HIGH This Week

A prompt injection vulnerability in the chatbox of Butterfly Effect Limited Monica Your AI Copilot powered by ChatGPT4 v6.3.0 allows attackers to access and exfiltrate all previous and subsequent. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-48139 HIGH This Week

A prompt injection vulnerability in the chatbox of Blackbox AI v1.3.95 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-48441 HIGH This Week

Wuhan Tianyu Information Industry Co., Ltd Tianyu CPE Router CommonCPExCPETS_v3.2.468.11.04_P4 was discovered to contain a command injection vulnerability via the component at_command.asp. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
8.8
EPSS
1.6%
EPSS 1% CVSS 9.8
CRITICAL Act Now

sunniwell HT3300 before 1.0.0.B022.2 is vulnerable to Insecure Permissions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Command Injection
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

The theme.php file in SDCMS 2.8 has a command execution vulnerability that allows for the execution of system commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Command Injection
NVD GitHub
EPSS 1% CVSS 7.2
HIGH This Week

Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Dell Enterprise Sonic Distribution
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Dell Enterprise Sonic Distribution
NVD
EPSS 2% CVSS 7.8
HIGH This Week

An attacker with local access the to medical office computer can escalate his Windows user privileges to "NT AUTHORITY\SYSTEM" by exploiting a command injection vulnerability in the Elefant Update. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Microsoft
NVD
EPSS 3% CVSS 5.3
MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in TOTOLINK X18 9.1.0cu.2024_B20220329. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X18 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 6.4
MEDIUM This Month

An issue was discovered in Logpoint before 7.5.0. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. No vendor patch available.

RCE Command Injection Siem
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Command Injection Microsoft +1
NVD GitHub
EPSS 3% CVSS 10.0
CRITICAL Act Now

A vulnerability in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points could allow an unauthenticated,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Command Injection
NVD
EPSS 5% CVSS 5.3
MEDIUM POC This Month

A vulnerability has been found in didi Super-Jacoco 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Super Jacoco
NVD GitHub VulDB
EPSS 79% CVSS 9.2
CRITICAL POC THREAT Act Now

A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

D-Link Command Injection Dns 320 Firmware +3
NVD VulDB
EPSS 97% CVSS 9.2
CRITICAL POC THREAT Act Now

A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

D-Link Command Injection Dns 320 Firmware +3
NVD VulDB
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

DCME-320 v7.4.12.90 was discovered to contain a command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Dcme 320 Firmware
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

An issue in Lens Visual integration with Power BI v.4.0.0.3 allows a remote attacker to execute arbitrary code via the Natural language processing component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection
NVD GitHub
EPSS 2% CVSS 7.2
HIGH This Week

An authenticated command injection vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 1% CVSS 9.0
CRITICAL Act Now

Command injection vulnerability in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Command Injection Aruba
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Command injection vulnerability in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Aruba
NVD
EPSS 0% CVSS 7.5
HIGH This Week

A potential vulnerability was discovered in certain Poly video conferencing devices. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Command Injection Poly Tc8 Firmware Poly Tc10 Firmware +6
NVD
EPSS 1% CVSS 8.0
HIGH This Week

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a command injection vulnerability in the component wlg_adv.cgi via the apmode_gateway. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear R8500 Firmware +3
NVD GitHub
EPSS 1% CVSS 8.0
HIGH This Week

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at bsw_fix.cgi. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear R8500 Firmware
NVD GitHub
EPSS 1% CVSS 8.0
HIGH This Week

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at wiz_fix2.cgi. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear R8500 Firmware
NVD GitHub
EPSS 2% CVSS 8.0
HIGH This Week

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at genie_fix2.cgi. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear R8500 Firmware
NVD GitHub
EPSS 2% CVSS 8.0
HIGH This Week

Netgear XR300 v1.0.3.78 was discovered to contain a command injection vulnerability in the system_name parameter at genie_dyn.cgi. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear Xr300 Firmware
NVD GitHub
EPSS 1% CVSS 8.0
HIGH This Week

D-Link DIR_823G 1.0.2B05 was discovered to contain a command injection vulnerability via the HostName parameter in the SetWanSettings function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

D-Link Command Injection Dir 823G Firmware
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

D-Link DIR_823G 1.0.2B05 was discovered to contain a command injection vulnerability via the Address parameter in the SetNetworkTomographySettings function. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

D-Link Command Injection Dir 823G Firmware
NVD GitHub
EPSS 1% CVSS 8.0
HIGH This Week

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a command injection vulnerability via the wan_gateway parameter at genie_fix2.cgi. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear Xr300 Firmware +2
NVD GitHub
EPSS 1% CVSS 5.7
MEDIUM This Month

Netgear R7000P v1.3.3.154 was discovered to contain a command injection vulnerability via the device_name2 parameter at operation_mode.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Command Injection Netgear +1
NVD GitHub
EPSS 1% CVSS 8.0
HIGH This Week

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a command injection vulnerability in the component ap_mode.cgi via the apmode_gateway. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear R8500 Firmware +3
NVD GitHub
EPSS 1% CVSS 8.0
HIGH This Week

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at ether.cgi. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear R8500 Firmware
NVD GitHub
EPSS 1% CVSS 8.0
HIGH This Week

Netgear XR300 v1.0.3.78 was discovered to contain a command injection vulnerability in the system_name parameter at wiz_dyn.cgi. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear Xr300 Firmware
NVD GitHub
EPSS 1% CVSS 8.0
HIGH This Week

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the share_name parameter at usb_remote_smb_conf.cgi. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear R8500 Firmware
NVD GitHub
EPSS 1% CVSS 5.7
MEDIUM This Month

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the sysNewPasswd parameter at password.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Command Injection Netgear +1
NVD GitHub
EPSS 1% CVSS 8.0
HIGH This Week

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the sysNewPasswd parameter at admin_account.cgi. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear R8500 Firmware
NVD GitHub
EPSS 2% CVSS 8.0
HIGH This Week

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
EPSS 1% CVSS 8.0
HIGH This Week

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
EPSS 2% CVSS 8.0
HIGH This Week

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `download_ovpn.`. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
EPSS 2% CVSS 8.0
HIGH This Week

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
EPSS 2% CVSS 8.0
HIGH This Week

DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
EPSS 2% CVSS 8.0
HIGH This Week

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
EPSS 1% CVSS 8.0
HIGH This Week

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
EPSS 2% CVSS 8.0
HIGH This Week

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
EPSS 2% CVSS 8.0
HIGH This Week

DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
EPSS 1% CVSS 8.0
HIGH This Week

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doL2TP function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
EPSS 1% CVSS 8.0
HIGH This Week

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the backup function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
EPSS 1% CVSS 8.0
HIGH This Week

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the reboot function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
EPSS 0% CVSS 8.0
HIGH This Week

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doPPTP function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
EPSS 1% CVSS 9.2
CRITICAL Act Now

Improper Control of Generation of Code ('Code Injection'), Improper Neutralization of Special Elements used in a Command ('Command Injection'), Improper Neutralization of Special Elements used in an. Rated critical severity (CVSS 9.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Command Injection Coslat
NVD VulDB
EPSS 3% CVSS 9.1
CRITICAL Act Now

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in David Lingren Media LIbrary Assistant media-library-assistant allows Command Injection.19. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 26% CVSS 5.3
MEDIUM POC THREAT This Month

A vulnerability has been found in Tenda AC6 15.03.05.19 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tenda Ac6 Firmware
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the restore function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the modifyrow function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doPPPo function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

In DrayTek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the rename_table function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doIPSec function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
EPSS 1% CVSS 7.2
HIGH This Week

IDExpert from CHANGING Information Technology does not properly validate a specific parameter in the administrator interface, allowing remote attackers with administrative privileges to inject and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the acme_process function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the ruequest_certificate function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the setup_cacertificate function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the sign_cacertificate function. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

A local user with administrative access rights can enter specialy crafted values for settings at the user interface (UI) of the TwinCAT Package Manager which then causes arbitrary OS commands to be. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 1% CVSS 8.4
HIGH This Week

KERUI HD 3MP 1080P Tuya Camera 1.0.4 has a command injection vulnerability in the module that connects to the local network via a QR code. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection
NVD
EPSS 1% CVSS 8.8
HIGH This Week

EnGenius EnStation5-AC A8J-ENS500AC 1.0.0 devices allow blind OS command injection via shell metacharacters in the Ping and Speed Test parameters. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doSSLTunnel function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the packet_monitor function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_rrd function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the dumpSyslog function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the pingtrace function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doCertificate function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the ldap_search_dn function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
EPSS 46% CVSS 9.8
CRITICAL POC THREAT Emergency

CyberPanel (aka Cyber Panel) before 2.3.5 allows Command Injection via completePath in the ProcessUtilities.outputExecutioner() sink. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Cyberpanel
NVD
EPSS 95% CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Cyberpanel
NVD GitHub Exploit-DB
EPSS 2% CVSS 7.2
HIGH This Week

Command injection vulnerability in the Edge Computing UI for the TRO600 series radios that allows for the execution of arbitrary system commands. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Tro610 Firmware Tro620 Firmware +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

There is a command injection vulnerability in ZTE MF258 Pro product. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zte Command Injection Mf258k Pro Firmware
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

Tenda AC7 v.15.03.06.44 ate_iwpriv_set has pre-authentication command injection allowing remote attackers to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Tenda Command Injection +1
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

Tenda AC7 v.15.03.06.44 ate_ifconfig_set has pre-authentication command injection allowing remote attackers to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Tenda Command Injection +1
NVD GitHub
EPSS 1% CVSS 8.0
HIGH POC This Week

An authorized RCE vulnerability exists in the DrayTek Vigor2960 router version 1.4.4, where an attacker can place a malicious command into the table parameter of the doPPPoE function in the. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Vigor2960 Firmware
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM This Month

A vulnerability was found in didi Super-Jacoco 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub VulDB
EPSS 17% CVSS 8.6
HIGH POC THREAT This Week

A vulnerability classified as critical has been found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Wn530H4 Firmware Wn530Hg4 Firmware +1
NVD VulDB
EPSS 14% CVSS 8.6
HIGH POC THREAT This Week

A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Wn530H4 Firmware Wn530Hg4 Firmware +1
NVD VulDB
EPSS 1% CVSS 2.3
LOW POC PATCH Monitor

pyLoad is a free and open-source Download Manager. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Pyload
NVD GitHub
EPSS 1% CVSS 7.2
HIGH This Week

MangoOS before 5.2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the Active Process Command feature. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Mango
NVD GitHub
EPSS 8% CVSS 7.3
HIGH This Week

A command execution vulnerability exists in the AX2 Pro home router produced by Shenzhen Tenda Technology Co., Ltd. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Tenda Command Injection
NVD GitHub
EPSS 35% CVSS 7.8
HIGH This Week

EnGenius ENH1350EXT A8J-ENH1350EXT devices through 3.9.3.2_c1.9.51 allow (blind) OS Command Injection via shell metacharacters to the Ping or Speed Test utility. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL Act Now

A prompt injection vulnerability in the chatbox of Netangular Technologies ChatNet AI Version v1.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL Act Now

A prompt injection vulnerability in the chatbox of Fusion Chat Chat AI Assistant Ask Me Anything v1.2.4.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

A prompt injection vulnerability in the chatbox of Butterfly Effect Limited Monica ChatGPT AI Assistant v2.4.0 allows attackers to access and exfiltrate all previous and subsequent chat data between. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

A prompt injection vulnerability in the chatbox of Zhipu AI CodeGeeX v2.17.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

A prompt injection vulnerability in the chatbox of Butterfly Effect Limited Monica Your AI Copilot powered by ChatGPT4 v6.3.0 allows attackers to access and exfiltrate all previous and subsequent. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

A prompt injection vulnerability in the chatbox of Blackbox AI v1.3.95 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
EPSS 2% CVSS 8.8
HIGH This Week

Wuhan Tianyu Information Industry Co., Ltd Tianyu CPE Router CommonCPExCPETS_v3.2.468.11.04_P4 was discovered to contain a command injection vulnerability via the component at_command.asp. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
Prev Page 35 of 87 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy