Total
3673 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-39935 | 1 Tp-link | 2 Archer C5400, Archer C5400 Firmware | 2023-09-11 | N/A | 8.0 HIGH |
| Archer C5400 firmware versions prior to 'Archer C5400(JP)_V2_230506' allows a network-adjacent authenticated attacker to execute arbitrary OS commands. | |||||
| CVE-2023-39224 | 1 Tp-link | 2 Archer C7, Archer C7 Firmware | 2023-09-11 | N/A | 8.0 HIGH |
| Archer C5 firmware all versions and Archer C7 firmware versions prior to 'Archer C7(JP)_V2_230602' allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Note that Archer C5 is no longer supported, therefore the update for this product is not provided. | |||||
| CVE-2023-38588 | 1 Tp-link | 2 Archer C3150, Archer C3150 Firmware | 2023-09-11 | N/A | 8.0 HIGH |
| Archer C3150 firmware versions prior to 'Archer C3150(JP)_V2_230511' allows a network-adjacent authenticated attacker to execute arbitrary OS commands. | |||||
| CVE-2023-38568 | 1 Tp-link | 2 Archer A10, Archer A10 Firmware | 2023-09-11 | N/A | 8.8 HIGH |
| Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504' allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands. | |||||
| CVE-2023-38563 | 1 Tp-link | 4 Archer C1200, Archer C1200 Firmware, Archer C9 and 1 more | 2023-09-11 | N/A | 8.8 HIGH |
| Archer C1200 firmware versions prior to 'Archer C1200(JP)_V2_230508' and Archer C9 firmware versions prior to 'Archer C9(JP)_V3_230508' allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. | |||||
| CVE-2023-36489 | 1 Tp-link | 6 Tl-wr802n, Tl-wr802n Firmware, Tl-wr841n and 3 more | 2023-09-11 | N/A | 8.8 HIGH |
| Multiple TP-LINK products allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: TL-WR802N firmware versions prior to 'TL-WR802N(JP)_V4_221008', TL-WR841N firmware versions prior to 'TL-WR841N(JP)_V14_230506', and TL-WR902AC firmware versions prior to 'TL-WR902AC(JP)_V3_230506'. | |||||
| CVE-2023-31188 | 1 Tp-link | 4 Archer C50 V3, Archer C50 V3 Firmware, Archer C55 and 1 more | 2023-09-11 | N/A | 8.0 HIGH |
| Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505', Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506', and Archer C20 firmware versions prior to 'Archer C20(JP)_V1_230616'. | |||||
| CVE-2023-34127 | 1 Sonicwall | 2 Analytics, Global Management System | 2023-09-08 | N/A | 8.8 HIGH |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SonicWall GMS, SonicWall Analytics enables an authenticated attacker to execute arbitrary code with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. | |||||
| CVE-2023-25826 | 1 Opentsdb | 1 Opentsdb | 2023-09-08 | N/A | 9.8 CRITICAL |
| Due to insufficient validation of parameters passed to the legacy HTTP query API, it is possible to inject crafted OS commands into multiple parameters and execute malicious code on the OpenTSDB host system. This exploit exists due to an incomplete fix that was made when this vulnerability was previously disclosed as CVE-2020-35476. Regex validation that was implemented to restrict allowed input to the query API does not work as intended, allowing crafted commands to bypass validation. | |||||
| CVE-2023-41149 | 1 F-revocrm | 1 F-revocrm | 2023-09-08 | N/A | 9.8 CRITICAL |
| F-RevoCRM version7.3.7 and version7.3.8 contains an OS command injection vulnerability. If this vulnerability is exploited, an attacker who can access the product may execute an arbitrary OS command on the server where the product is running. | |||||
| CVE-2015-2201 | 2 Arubanetworks, Hp | 2 Airwave, Airwave | 2023-09-08 | N/A | 7.2 HIGH |
| Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows VisualRF remote OS command execution and file disclosure by administrative users. | |||||
| CVE-2023-3572 | 1 Phoenixcontact | 12 Wp 6070-wvps, Wp 6070-wvps Firmware, Wp 6101-wxps and 9 more | 2023-09-08 | N/A | 10.0 CRITICAL |
| In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote, unauthenticated attacker may use an attribute of a specific HTTP POST request releated to date/time operations to gain full access to the device. | |||||
| CVE-2023-40839 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2023-09-07 | N/A | 9.8 CRITICAL |
| Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_ADF3C' contains a command execution vulnerability. In the "formSetIptv" function, obtaining the "list" and "vlanId" fields, unfiltered passing these two fields as parameters to the "sub_ADF3C" function to execute commands. | |||||
| CVE-2023-40582 | 1 Find-exec Project | 1 Find-exec | 2023-09-05 | N/A | 9.8 CRITICAL |
| find-exec is a utility to discover available shell commands. Versions prior to 1.0.3 did not properly escape user input and are vulnerable to Command Injection via an attacker controlled parameter. As a result, attackers may run malicious shell commands in the context of the running process. This issue has been addressed in version 1.0.3. users are advised to upgrade. Users unable to upgrade should ensure that all input passed to find-exec comes from a trusted source. | |||||
| CVE-2023-40837 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2023-09-01 | N/A | 9.8 CRITICAL |
| Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_ADD50' contains a command execution vulnerability. In the "formSetIptv" function, obtaining the "list" and "vlanId" fields, unfiltered passing these two fields as parameters to the "sub_ADD50" function to execute commands. | |||||
| CVE-2023-40838 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2023-09-01 | N/A | 9.8 CRITICAL |
| Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_3A1D0' contains a command execution vulnerability. | |||||
| CVE-2023-23355 | 1 Qnap | 18 Qts, Quts Hero, Qutscloud and 15 more | 2023-09-01 | N/A | 7.2 HIGH |
| An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote authenticated administrators to execute commands via unspecified vectors. QES is not affected. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2346 build 20230322 and later QTS 4.5.4.2374 build 20230416 and later QuTS hero h5.0.1.2348 build 20230324 and later QuTS hero h4.5.4.2374 build 20230417 and later QuTScloud c5.0.1.2374 and later | |||||
| CVE-2021-36100 | 1 Otrs | 3 Otrs, Otrs Itsm, Otrs Storm | 2023-08-31 | 9.0 HIGH | 8.8 HIGH |
| Specially crafted string in OTRS system configuration can allow the execution of any system command. | |||||
| CVE-2023-1997 | 1 3ds | 1 3dexperience | 2023-08-31 | N/A | 8.8 HIGH |
| An OS Command Injection vulnerability exists in SIMULIA 3DOrchestrate from Release 3DEXPERIENCE R2021x through Release 3DEXPERIENCE R2023x. A specially crafted HTTP request can lead to arbitrary command execution. | |||||
| CVE-2023-38025 | 1 Myspotcam | 2 Fhd 2, Fhd 2 Firmware | 2023-08-29 | N/A | 9.8 CRITICAL |
| SpotCam Co., Ltd. SpotCam FHD 2’s hidden Telnet function has a vulnerability of OS command injection. An remote unauthenticated attacker can exploit this vulnerability to execute command injection attack to arbitrary system commands or disrupt service. | |||||