Total
3673 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-2849 | 1 Foscam | 2 C1 Indoor Hd Camera, C1 Indoor Hd Camera Firmware | 2022-06-07 | 6.5 MEDIUM | 8.8 HIGH |
| In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during NTP server configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability. | |||||
| CVE-2017-2848 | 1 Foscam | 2 C1 Indoor Hd Camera, C1 Indoor Hd Camera Firmware | 2022-06-07 | 6.5 MEDIUM | 8.8 HIGH |
| In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability. | |||||
| CVE-2017-2847 | 1 Foscam | 2 C1 Indoor Hd Camera, C1 Indoor Hd Camera Firmware | 2022-06-07 | 6.5 MEDIUM | 8.8 HIGH |
| In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability. | |||||
| CVE-2017-2846 | 1 Foscam | 2 C1 Indoor Hd Camera, C1 Indoor Hd Camera Firmware | 2022-06-07 | 6.5 MEDIUM | 8.8 HIGH |
| In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability. | |||||
| CVE-2017-2845 | 1 Foscam | 2 C1 Indoor Hd Camera, C1 Indoor Hd Camera Firmware | 2022-06-07 | 6.5 MEDIUM | 8.8 HIGH |
| An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during the SMTP configuration tests resulting in command execution | |||||
| CVE-2017-2844 | 1 Foscam | 2 C1 Indoor Hd Camera, C1 Indoor Hd Camera Firmware | 2022-06-07 | 6.5 MEDIUM | 8.8 HIGH |
| In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability. | |||||
| CVE-2017-2843 | 1 Foscam | 2 C1 Indoor Hd Camera, C1 Indoor Hd Camera Firmware | 2022-06-07 | 6.5 MEDIUM | 8.8 HIGH |
| In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability. | |||||
| CVE-2017-2842 | 1 Foscam | 2 C1 Indoor Hd Camera, C1 Indoor Hd Camera Firmware | 2022-06-07 | 6.5 MEDIUM | 8.8 HIGH |
| In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability. | |||||
| CVE-2017-2841 | 1 Foscam | 2 C1 Indoor Hd Camera, C1 Indoor Hd Camera Firmware | 2022-06-07 | 6.5 MEDIUM | 8.8 HIGH |
| An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability. | |||||
| CVE-2018-4021 | 1 Netgate | 1 Pfsense | 2022-06-07 | 6.5 MEDIUM | 7.2 HIGH |
| An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send authenticated POST requests to the administration web interface. Command injection is possible in the `powerd_battery_mode` POST parameter. | |||||
| CVE-2018-4020 | 1 Netgate | 1 Pfsense | 2022-06-07 | 6.5 MEDIUM | 7.2 HIGH |
| An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send authenticated POST requests to the administration web interface. Command injection is possible in the `powerd_ac_mode` POST parameter parameter. | |||||
| CVE-2018-4019 | 1 Netgate | 1 Pfsense | 2022-06-07 | 6.5 MEDIUM | 7.2 HIGH |
| An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send authenticated POST requests to the administration web interface. Command injection is possible in the `powerd_normal_mode` parameter. | |||||
| CVE-2017-2873 | 1 Foscam | 2 C1, C1 Firmware | 2022-06-07 | 6.5 MEDIUM | 7.2 HIGH |
| An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during the SoftAP configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability. | |||||
| CVE-2017-2828 | 1 Foscam | 2 C1 Indoor Hd Camera, C1 Indoor Hd Camera Firmware | 2022-06-07 | 6.5 MEDIUM | 8.8 HIGH |
| An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during account creation resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability. | |||||
| CVE-2022-1362 | 1 Cambiumnetworks | 1 Cnmaestro | 2022-06-06 | 9.3 HIGH | 7.3 HIGH |
| The affected On-Premise cnMaestro is vulnerable inside a specific route where a user can upload a crafted package to the system. An attacker could abuse this user-controlled data to execute arbitrary commands on the server. | |||||
| CVE-2022-1360 | 1 Cambiumnetworks | 1 Cnmaestro | 2022-06-06 | 7.5 HIGH | 9.8 CRITICAL |
| The affected On-Premise cnMaestro is vulnerable to execution of code on the cnMaestro hosting server. This could allow a remote attacker to change server configuration settings. | |||||
| CVE-2022-1359 | 1 Cambiumnetworks | 1 Cnmaestro | 2022-06-06 | 5.0 MEDIUM | 7.5 HIGH |
| The affected On-Premise cnMaestro is vulnerable to an arbitrary file-write through improper limitation of a pathname to a restricted directory inside a specific route. If an attacker supplied path traversal charters (../) as part of a filename, the server will save the file where the attacker chooses. This could allow an attacker to write any data to any file in the server. | |||||
| CVE-2022-1357 | 1 Cambiumnetworks | 1 Cnmaestro | 2022-06-06 | 7.5 HIGH | 9.8 CRITICAL |
| The affected On-Premise cnMaestro allows an unauthenticated attacker to access the cnMaestro server and execute arbitrary code in the privileges of the web server. This lack of validation could allow an attacker to append arbitrary data to the logger command. | |||||
| CVE-2022-1356 | 1 Cambiumnetworks | 1 Cnmaestro | 2022-06-06 | 7.2 HIGH | 7.8 HIGH |
| cnMaestro is vulnerable to a local privilege escalation. By default, a user does not have root privileges. However, a user can run scripts as sudo, which could allow an attacker to gain root privileges when running user scripts outside allowed commands. | |||||
| CVE-2017-2890 | 1 Meetcircle | 2 Circle With Disney, Circle With Disney Firmware | 2022-06-03 | 9.0 HIGH | 8.8 HIGH |
| An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request trigger this vulnerability. | |||||