Total
4663 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-12010 | 2025-03-11 | N/A | 7.2 HIGH | ||
| A post-authentication command injection vulnerability in the ”zyUtilMailSend” function of the Zyxel AX7501-B1 firmware version V5.17(ABPC.5.3)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device. | |||||
| CVE-2024-12009 | 2025-03-11 | N/A | 7.2 HIGH | ||
| A post-authentication command injection vulnerability in the "ZyEE" function of the Zyxel EX5601-T1 firmware version V5.70(ACDZ.3.6)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device. | |||||
| CVE-2024-11253 | 2025-03-11 | N/A | 7.2 HIGH | ||
| A post-authentication command injection vulnerability in the "DNSServer” parameter of the diagnostic function in the Zyxel VMG8825-T50K firmware version V5.50(ABOM.8.5)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device. | |||||
| CVE-2024-27772 | 1 Unitronics | 1 Unilogic | 2025-03-10 | N/A | 8.8 HIGH |
| Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-78: 'OS Command Injection' may allow RCE | |||||
| CVE-2023-50214 | 1 Dlink | 2 G416, G416 Firmware | 2025-03-10 | N/A | 8.8 HIGH |
| D-Link G416 nodered tar File Handling Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21808. | |||||
| CVE-2023-50217 | 1 Dlink | 2 G416, G416 Firmware | 2025-03-10 | N/A | 8.8 HIGH |
| D-Link G416 awsfile rm Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21811. | |||||
| CVE-2023-50203 | 1 Dlink | 2 G416, G416 Firmware | 2025-03-10 | N/A | 8.8 HIGH |
| D-Link G416 nodered chmod Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21296. | |||||
| CVE-2023-50198 | 1 Dlink | 2 G416, G416 Firmware | 2025-03-10 | N/A | 8.8 HIGH |
| D-Link G416 cfgsave Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 wireless routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21286. | |||||
| CVE-2023-50216 | 1 Dlink | 2 G416, G416 Firmware | 2025-03-10 | N/A | 8.8 HIGH |
| D-Link G416 awsfile tar File Handling Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21810. | |||||
| CVE-2023-50202 | 1 Dlink | 2 G416, G416 Firmware | 2025-03-10 | N/A | 8.8 HIGH |
| D-Link G416 flupl pythonmodules Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 wireless routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21295. | |||||
| CVE-2023-50204 | 1 Dlink | 2 G416, G416 Firmware | 2025-03-10 | N/A | 8.8 HIGH |
| D-Link G416 flupl pythonapp Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 wireless routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21297. | |||||
| CVE-2023-50200 | 1 Dlink | 2 G416, G416 Firmware | 2025-03-10 | N/A | 8.8 HIGH |
| D-Link G416 cfgsave backusb Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21288. | |||||
| CVE-2023-50213 | 1 Dlink | 2 G416, G416 Firmware | 2025-03-10 | N/A | 8.8 HIGH |
| D-Link G416 nodered File Handling Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21807. | |||||
| CVE-2023-50215 | 1 Dlink | 2 G416, G416 Firmware | 2025-03-10 | N/A | 8.8 HIGH |
| D-Link G416 nodered gz File Handling Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21809. | |||||
| CVE-2023-50206 | 1 Dlink | 2 G416, G416 Firmware | 2025-03-10 | N/A | 8.8 HIGH |
| D-Link G416 flupl query_type edit Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21299. | |||||
| CVE-2024-5295 | 1 Dlink | 2 G416, G416 Firmware | 2025-03-10 | N/A | 8.8 HIGH |
| D-Link G416 flupl self Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 wireless routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21294. | |||||
| CVE-2023-50205 | 1 Dlink | 2 G416, G416 Firmware | 2025-03-10 | N/A | 8.8 HIGH |
| D-Link G416 awsfile chmod Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21298. | |||||
| CVE-2023-50201 | 1 Dlink | 2 G416, G416 Firmware | 2025-03-10 | N/A | 8.8 HIGH |
| D-Link G416 cfgsave upusb Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21289. | |||||
| CVE-2023-50207 | 1 Dlink | 2 G416, G416 Firmware | 2025-03-10 | N/A | 8.8 HIGH |
| D-Link G416 flupl filename Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21300. | |||||
| CVE-2023-26213 | 1 Barracuda | 14 T100b, T100b Firmware, T193a and 11 more | 2025-03-07 | N/A | 7.2 HIGH |
| On Barracuda CloudGen WAN Private Edge Gateway devices before 8 webui-sdwan-1089-8.3.1-174141891, an OS command injection vulnerability exists in /ajax/update_certificate - a crafted HTTP request allows an authenticated attacker to execute arbitrary commands. For example, a name field can contain :password and a password field can contain shell metacharacters. | |||||