Total
1755 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-43207 | 1 Dlink | 2 Dwl-6610ap, Dwl-6610ap Firmware | 2023-09-22 | N/A | 9.8 CRITICAL |
| D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function config_upload_handler. This vulnerability allows attackers to execute arbitrary commands via the configRestore parameter. | |||||
| CVE-2023-43202 | 1 Dlink | 2 Dwl-6610ap, Dwl-6610ap Firmware | 2023-09-22 | N/A | 9.8 CRITICAL |
| D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function pcap_download_handler. This vulnerability allows attackers to execute arbitrary commands via the update.device.packet-capture.tftp-file-name parameter. | |||||
| CVE-2023-43138 | 1 Tp-link | 2 Tl-er5120g, Tl-er5120g Firmware | 2023-09-22 | N/A | 8.8 HIGH |
| TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds NAPT rules after authentication, and the rule name has an injection point. | |||||
| CVE-2023-43137 | 1 Tp-link | 2 Tl-er5120g, Tl-er5120g Firmware | 2023-09-22 | N/A | 8.8 HIGH |
| TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds ACL rules after authentication, and the rule name parameter has injection points. | |||||
| CVE-2023-39638 | 1 Dlink | 2 Dir-859 A1, Dir-859 A1 Firmware | 2023-09-20 | N/A | 9.8 CRITICAL |
| D-LINK DIR-859 A1 1.05 and A1 1.06B01 Beta01 was discovered to contain a command injection vulnerability via the lxmldbc_system function at /htdocs/cgibin. | |||||
| CVE-2023-33831 | 1 Frangoteam | 1 Fuxa | 2023-09-19 | N/A | 9.8 CRITICAL |
| A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request. | |||||
| CVE-2023-34999 | 1 Bosch | 1 Rts Vlink Virtual Matrix | 2023-09-19 | N/A | 7.2 HIGH |
| A command injection vulnerability exists in RTS VLink Virtual Matrix Software Versions v5 (< 5.7.6) and v6 (< 6.5.0) that allows an attacker to perform arbitrary code execution via the admin web interface. | |||||
| CVE-2023-3710 | 1 Honeywell | 2 Pm43, Pm43 Firmware | 2023-09-19 | N/A | 9.8 CRITICAL |
| Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injection.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006). | |||||
| CVE-2023-41011 | 1 Chinamobile | 2 Intelligent Home Gateway, Intelligent Home Gateway Firmware | 2023-09-19 | N/A | 9.8 CRITICAL |
| Command Execution vulnerability in China Mobile Communications China Mobile Intelligent Home Gateway v.HG6543C4 allows a remote attacker to execute arbitrary code via the shortcut_telnet.cg component. | |||||
| CVE-2023-39780 | 1 Asus | 2 Rt-ax55, Rt-ax55 Firmware | 2023-09-14 | N/A | 8.8 HIGH |
| ASUS RT-AX55 v3.0.0.4.386.51598 was discovered to contain an authenticated command injection vulnerability. | |||||
| CVE-2023-39637 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2023-09-13 | N/A | 9.8 CRITICAL |
| D-Link DIR-816 A2 1.10 B05 was discovered to contain a command injection vulnerability via the component /goform/Diagnosis. | |||||
| CVE-2023-38829 | 1 Netis-systems | 2 Wf2409e, Wf2409e Firmware | 2023-09-13 | N/A | 8.8 HIGH |
| An issue in NETIS SYSTEMS WF2409E v.3.6.42541 allows a remote attacker to execute arbitrary code via the ping and traceroute functions of the diagnostic tools component in the admin management interface. | |||||
| CVE-2023-23333 | 1 Contec | 2 Solarview Compact, Solarview Compact Firmware | 2023-09-06 | N/A | 9.8 CRITICAL |
| There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions through downloader.php. | |||||
| CVE-2023-23355 | 1 Qnap | 18 Qts, Quts Hero, Qutscloud and 15 more | 2023-09-01 | N/A | 7.2 HIGH |
| An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote authenticated administrators to execute commands via unspecified vectors. QES is not affected. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2346 build 20230322 and later QTS 4.5.4.2374 build 20230416 and later QuTS hero h5.0.1.2348 build 20230324 and later QuTS hero h4.5.4.2374 build 20230417 and later QuTScloud c5.0.1.2374 and later | |||||
| CVE-2023-25649 | 1 Zte | 2 Mf286r, Mf286r Firmware | 2023-08-31 | N/A | 8.8 HIGH |
| There is a command injection vulnerability in a mobile internet product of ZTE. Due to insufficient validation of SET_DEVICE_LED interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands. | |||||
| CVE-2023-39834 | 1 Pbootcms | 1 Pbootcms | 2023-08-29 | N/A | 9.8 CRITICAL |
| PbootCMS below v3.2.0 was discovered to contain a command injection vulnerability via create_function. | |||||
| CVE-2023-38027 | 1 Myspotcam | 2 Sense, Sense Firmware | 2023-08-29 | N/A | 9.8 CRITICAL |
| SpotCam Co., Ltd. SpotCam Sense’s hidden Telnet function has a vulnerability of OS command injection. An remote unauthenticated attacker can exploit this vulnerability to execute command injection attack to perform arbitrary system commands or disrupt service. | |||||
| CVE-2023-37469 | 1 Icewhale | 1 Casaos | 2023-08-29 | N/A | 8.8 HIGH |
| CasaOS is an open-source personal cloud system. Prior to version 0.4.4, if an authenticated user using CasaOS is able to successfully connect to a controlled SMB server, they are able to execute arbitrary commands. Version 0.4.4 contains a patch for the issue. | |||||
| CVE-2023-22815 | 1 Westerndigital | 11 My Cloud, My Cloud Dl2100, My Cloud Dl4100 and 8 more | 2023-08-28 | N/A | 6.7 MEDIUM |
| Post-authentication remote command injection vulnerability in Western Digital My Cloud OS 5 devices that could allow an attacker to execute code in the context of the root user on vulnerable CGI files. This vulnerability can only be exploited over the network and the attacker must already have admin/root privileges to carry out the exploit. An authentication bypass is required for this exploit, thereby making it more complex. The attack may not require user interaction. Since an attacker must already be authenticated, the confidentiality impact is low while the integrity and availability impact is high. This issue affects My Cloud OS 5 devices: before 5.26.300. | |||||
| CVE-2020-22570 | 1 Memcached | 1 Memcached | 2023-08-25 | N/A | 7.5 HIGH |
| Memcached 1.6.0 before 1.6.3 allows remote attackers to cause a denial of service (daemon crash) via a crafted meta command. | |||||