Vulnerabilities (CVE)

Filtered by CWE-77
Total 2267 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-5126 2025-05-28 9.0 HIGH 8.8 HIGH
A vulnerability classified as critical was found in FLIR AX8 up to 1.46.16. This vulnerability affects the function setDataTime of the file \usr\www\application\models\settingsregional.php. The manipulation of the argument year/month/day/hour/minute leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-48419 1 Edimax 2 Br-6476ac, Br-6476ac Firmware 2025-05-28 N/A 8.8 HIGH
Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 suffers from Command Injection issues in /bin/goahead. Specifically, these issues can be triggered through /goform/tracerouteDiagnosis, /goform/pingDiagnosis, and /goform/fromSysToolPingCmd Each of these issues allows an attacker with access to the web interface to inject and execute arbitrary shell commands, with "root" privileges.
CVE-2024-46089 1 74cms 1 74cms 2025-05-28 N/A 6.3 MEDIUM
74cms <=3.33 is vulnerable to remote code execution (RCE) in the background interface apiadmin.
CVE-2025-1845 1 Esafenet 1 Dsm 2025-05-28 6.5 MEDIUM 6.3 MEDIUM
A vulnerability has been found in ESAFENET DSM 3.1.2 and classified as critical. Affected by this vulnerability is the function examExportPDF of the file /admin/plan/examExportPDF. The manipulation of the argument s leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-49437 1 Tenda 2 Ax12, Ax12 Firmware 2025-05-28 N/A 9.8 CRITICAL
Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'list' parameter at /goform/SetNetControlList.
CVE-2023-40301 1 Netscout 1 Ngeniuspulse 2025-05-28 N/A 9.8 CRITICAL
NETSCOUT nGeniusPULSE 3.8 has a Command Injection Vulnerability.
CVE-2022-37881 1 Arubanetworks 1 Clearpass Policy Manager 2025-05-28 N/A 7.2 HIGH
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities.
CVE-2022-37879 1 Arubanetworks 1 Clearpass Policy Manager 2025-05-28 N/A 7.2 HIGH
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities.
CVE-2025-44835 1 Dlink 2 Dir-816 A2, Dir-816 A2 Firmware 2025-05-28 N/A 6.3 MEDIUM
D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in iptablesWebsFilterRun, which allows remote attackers to execute arbitrary commands via shell.
CVE-2025-3249 1 Totolink 2 A6000r, A6000r Firmware 2025-05-28 6.5 MEDIUM 6.3 MEDIUM
A vulnerability classified as critical was found in TOTOLINK A6000R 1.0.1-B20201211.2000. Affected by this vulnerability is the function apcli_cancel_wps of the file /usr/lib/lua/luci/controller/mtkwifi.lua. The manipulation leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-4009 2025-05-28 N/A N/A
The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application. This device exposes a web management interface on port 80. This web management interface can be used by administrators to control product features, setup network switching, and register license among other features. The application has been developed in PHP with the webEASY SDK, also named ‘ewb’ by Evertz. This web interface has two endpoints that are vulnerable to arbitrary command injection and the authentication mechanism has a flaw leading to authentication bypass. Remote unauthenticated attackers can gain arbitrary command execution with elevated privileges ( root ) on affected devices. This level of access could lead to serious business impact such as the interruption of media streaming, modification of media being streamed, alteration of closed captions being generated, among others.
CVE-2025-5139 2025-05-28 7.5 HIGH 7.3 HIGH
A vulnerability was found in Qualitor 8.20. It has been rated as critical. Affected by this issue is some unknown functionality of the file /html/ad/adconexaooffice365/request/testaConexaoOffice365.php. The manipulation of the argument nmconexao leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-5145 2025-05-28 6.5 MEDIUM 6.3 MEDIUM
A vulnerability, which was classified as critical, was found in Netcore NBR1005GPEV2, B6V2, COVER5, NAP830, NAP930, NBR100V2, NBR200V2 and POWER13 up to 20250508. This affects an unknown part of the file /www/cgi-bin/ of the component Query String Handler. The manipulation leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-0528 1 Tenda 6 Ac10, Ac10 Firmware, Ac18 and 3 more 2025-05-28 8.3 HIGH 7.2 HIGH
A vulnerability, which was classified as critical, has been found in Tenda AC8, AC10 and AC18 16.03.10.20. Affected by this issue is some unknown functionality of the file /goform/telnet of the component HTTP Request Handler. The manipulation leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-44864 1 Tenda 2 W20e, W20e Firmware 2025-05-27 N/A 6.3 MEDIUM
Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the module parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2025-44865 1 Tenda 2 W20e, W20e Firmware 2025-05-27 N/A 6.3 MEDIUM
Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the enable parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2025-44866 1 Tenda 2 W20e, W20e Firmware 2025-05-27 N/A 6.3 MEDIUM
Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the level parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2025-44867 1 Tenda 2 W20e, W20e Firmware 2025-05-27 N/A 6.3 MEDIUM
Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetNetCheckTools function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2024-37642 1 Trendnet 2 Tew-814dap, Tew-814dap Firmware 2025-05-27 N/A 9.1 CRITICAL
TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a command injection vulnerability via the ipv4_ping, ipv6_ping parameter at /formSystemCheck .
CVE-2024-38903 1 H3c 2 Magic R230, Magic R230 Firmware 2025-05-27 N/A 4.1 MEDIUM
H3C Magic R230 V100R002's udpserver opens port 9034, allowing attackers to execute arbitrary commands.