Vulnerabilities (CVE)

Filtered by CWE-78
Total 3673 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-25555 1 Schneider-electric 1 Struxureware Data Center Expert 2023-04-27 N/A 8.1 HIGH
A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could allow a user that knows the credentials to execute unprivileged shell commands on the appliance over SSH. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)
CVE-2022-43548 2 Debian, Nodejs 2 Debian Linux, Node.js 2023-04-27 N/A 8.1 HIGH
A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.The fix for this issue in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212 was incomplete and this new CVE is to complete the fix.
CVE-2018-17066 1 Dlink 2 Dir-816 A2, Dir-816 A2 Firmware 2023-04-26 10.0 HIGH 9.8 CRITICAL
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/form2systime.cgi route. This could lead to command injection via shell metacharacters in the datetime parameter.
CVE-2018-19987 2 D-link, Dlink 13 Dir-818lw Firmware, Dir-822 Firmware, Dir-860l Firmware and 10 more 2023-04-26 10.0 HIGH 9.8 CRITICAL
D-Link DIR-822 Rev.B 202KRb06, DIR-822 Rev.C 3.10B06, DIR-860L Rev.B 2.03.B03, DIR-868L Rev.B 2.05B02, DIR-880L Rev.A 1.20B01_01_i3se_BETA, and DIR-890L Rev.A 1.21B02_BETA devices mishandle IsAccessPoint in /HNAP1/SetAccessPointMode. In the SetAccessPointMode.php source code, the IsAccessPoint parameter is saved in the ShellPath script file without any regex checking. After the script file is executed, the command injection occurs. A vulnerable /HNAP1/SetAccessPointMode XML message could have shell metacharacters in the IsAccessPoint element such as the `telnetd` string.
CVE-2013-5946 1 Dlink 16 Dsr-1000, Dsr-1000 Firmware, Dsr-1000n and 13 more 2023-04-26 10.0 HIGH N/A
The runShellCmd function in systemCheck.htm in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) "Ping or Trace an IP Address" or (2) "Perform a DNS Lookup" section.
CVE-2020-6841 1 Dlink 2 Dch-m225, Dch-m225 Firmware 2023-04-26 10.0 HIGH 9.8 CRITICAL
D-Link DCH-M225 1.05b01 and earlier devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the spotifyConnect.php userName parameter.
CVE-2020-6842 1 Dlink 2 Dch-m225, Dch-m225 Firmware 2023-04-26 9.0 HIGH 7.2 HIGH
D-Link DCH-M225 1.05b01 and earlier devices allow remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the media renderer name.
CVE-2019-20499 1 Dlink 2 Dwl-2600ap, Dwl-2600ap Firmware 2023-04-26 7.2 HIGH 7.8 HIGH
D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Restore Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_restore configRestore or configServerip parameter.
CVE-2020-24581 1 Dlink 2 Dsl2888a, Dsl2888a Firmware 2023-04-26 7.7 HIGH 8.0 HIGH
An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. It contains an execute_cmd.cgi feature (that is not reachable via the web user interface) that lets an authenticated user execute Operating System commands.
CVE-2017-17020 1 Dlink 6 Dcs-5009, Dcs-5009 Firmware, Dcs-5010 and 3 more 2023-04-26 6.5 MEDIUM 8.8 HIGH
On D-Link DCS-5009 devices with firmware 1.08.11 and earlier, DCS-5010 devices with firmware 1.14.09 and earlier, and DCS-5020L devices with firmware before 1.15.01, command injection in alphapd (binary responsible for running the camera's web server) allows remote authenticated attackers to execute code through sanitized /setSystemAdmin user input in the AdminID field being passed directly to a call to system.
CVE-2018-17068 1 Dlink 2 Dir-816 A2, Dir-816 A2 Firmware 2023-04-26 10.0 HIGH 9.8 CRITICAL
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/Diagnosis route. This could lead to command injection via shell metacharacters in the sendNum parameter.
CVE-2018-19989 2 D-link, Dlink 3 Dir-822 Firmware, Dir-822, Dir-822 Firmware 2023-04-26 10.0 HIGH 9.8 CRITICAL
In the /HNAP1/SetQoSSettings message, the uplink parameter is vulnerable, and the vulnerability affects D-Link DIR-822 Rev.B 202KRb06 and DIR-822 Rev.C 3.10B06 devices. In the SetQoSSettings.php source code, the uplink parameter is saved in the /bwc/entry:1/bandwidth and /bwc/entry:2/bandwidth internal configuration memory without any regex checking. And in the bwc_tc_spq_start, bwc_tc_wfq_start, and bwc_tc_adb_start functions of the bwcsvcs.php source code, the data in /bwc/entry:1/bandwidth and /bwc/entry:2/bandwidth is used with the tc command without any regex checking. A vulnerable /HNAP1/SetQoSSettings XML message could have shell metacharacters in the uplink element such as the `telnetd` string.
CVE-2019-20500 1 Dlink 2 Dwl-2600ap, Dwl-2600ap Firmware 2023-04-26 7.2 HIGH 7.8 HIGH
D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_save configBackup or downloadServerip parameter.
CVE-2018-17064 1 Dlink 2 Dir-816 A2, Dir-816 A2 Firmware 2023-04-26 10.0 HIGH 9.8 CRITICAL
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/sylogapply route. This could lead to command injection via the syslogIp parameter after /goform/clearlog is invoked.
CVE-2019-20501 1 Dlink 2 Dwl-2600ap, Dwl-2600ap Firmware 2023-04-26 7.2 HIGH 7.8 HIGH
D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Upgrade Firmware functionality in the Web interface, using shell metacharacters in the admin.cgi?action=upgrade firmwareRestore or firmwareServerip parameter.
CVE-2018-17063 1 Dlink 2 Dir-816 A2, Dir-816 A2 Firmware 2023-04-26 10.0 HIGH 9.8 CRITICAL
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/NTPSyncWithHost route. This could lead to command injection via shell metacharacters.
CVE-2018-20057 2 D-link, Dlink 4 Dir-605l Firmware, Dir-619l Firmware, Dir-605l and 1 more 2023-04-26 9.0 HIGH 8.8 HIGH
An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. goform/formSysCmd allows remote authenticated users to execute arbitrary OS commands via the sysCmd POST parameter.
CVE-2018-6211 2 D-link, Dlink 2 Dir-620 Firmware, Dir-620 2023-04-26 9.0 HIGH 7.2 HIGH
On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, OS command injection is possible as a result of incorrect processing of the res_buf parameter to index.cgi.
CVE-2019-7297 2 D-link, Dlink 2 Dir-823g Firmware, Dir-823g 2023-04-26 10.0 HIGH 9.8 CRITICAL
An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via shell metacharacters in a crafted /HNAP1 request. This occurs when the GetNetworkTomographyResult function calls the system function with an untrusted input parameter named Address. Consequently, an attacker can execute any command remotely when they control this input.
CVE-2018-19986 2 D-link, Dlink 4 Dir-818lw Firmware, Dir-822 Firmware, Dir-818lw and 1 more 2023-04-26 10.0 HIGH 9.8 CRITICAL
In the /HNAP1/SetRouterSettings message, the RemotePort parameter is vulnerable, and the vulnerability affects D-Link DIR-818LW Rev.A 2.05.B03 and DIR-822 B1 202KRb06 devices. In the SetRouterSettings.php source code, the RemotePort parameter is saved in the $path_inf_wan1."/web" internal configuration memory without any regex checking. And in the IPTWAN_build_command function of the iptwan.php source code, the data in $path_inf_wan1."/web" is used with the iptables command without any regex checking. A vulnerable /HNAP1/SetRouterSettings XML message could have shell metacharacters in the RemotePort element such as the `telnetd` string.