Filtered by CWE-77
Filtered by vendor Subscriptions
Total 2150 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-44844 1 Draytek 2 Vigor3900, Vigor3900 Firmware 2024-09-11 8 High
DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the name parameter in the run_command function.
CVE-2024-44845 1 Draytek 2 Vigor3900, Vigor3900 Firmware 2024-09-11 8 High
DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the value parameter in the filter_string function.
CVE-2024-7436 2 D-link, Dlink 3 Di-8100, Di-8100, Di-8100 Firmware 2024-09-11 6.3 Medium
A vulnerability, which was classified as critical, has been found in D-Link DI-8100 16.07. This issue affects the function msp_info_htm of the file msp_info.htm. The manipulation of the argument cmd leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273521 was assigned to this vulnerability.
CVE-2024-21903 1 Qnap 2 Qts, Quts Hero 2024-09-11 6.6 Medium
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later
CVE-2024-44410 2 D-link, Dlink 3 Di-8300, Di-8300, Di-8300 Firmware 2024-09-10 9.8 Critical
D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the upgrade_filter_asp function.
CVE-2024-44402 2 D-link, Dlink 3 Di-8100g, Di-8100g, Di-8100g Firmware 2024-09-10 9.8 Critical
D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via msp_info.htm.
CVE-2024-42348 1 Fogproject 1 Fogproject 2024-09-10 9.3 Critical
FOG is a cloning/imaging/rescue suite/inventory management system. FOG Server 1.5.10.41.2 can leak AD username and password when registering a computer. This vulnerability is fixed in 1.5.10.41.3 and 1.6.0-beta.1395.
CVE-2024-44335 1 Dlink 7 Di-7003g Firmware, Di-7003gv2 Firmware, Di-7100g\+v2 Firmware and 4 more 2024-09-09 8.8 High
D-Link DI-7003G v19.12.24A1, DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command Execution (RCE) via version_upgrade.asp.
CVE-2024-44334 1 Dlink 7 Di-7003g Firmware, Di-7003gv2 Firmware, Di-7100g\+v2 Firmware and 4 more 2024-09-09 8.8 High
D-Link DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command Execution due to insufficient parameter filtering in the CGI handling function of upgrade_filter.asp.
CVE-2024-42947 1 Tenda 2 Fh1201, Fh1201 Firmware 2024-09-06 9.8 Critical
An issue in the handler function in /goform/telnet of Tenda FH1201 v1.2.0.14 (408) allows attackers to execute arbitrary commands via a crafted HTTP request.
CVE-2024-44383 1 Wayos 2 Fbm-291w, Fbm-291w Firmware 2024-09-05 8 High
WAYOS FBM-291W v19.09.11 is vulnerable to Command Execution via msp_info_htm.
CVE-2024-7833 1 Dlink 2 Di-8100, Di-8100 Firmware 2024-09-03 6.3 Medium
A vulnerability was found in D-Link DI-8100 16.07. It has been classified as critical. This affects the function upgrade_filter_asp of the file upgrade_filter.asp. The manipulation of the argument path leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-44916 1 Seacms 1 Seacms 2024-09-03 7.2 High
Vulnerability in admin_ip.php in Seacms v13.1, when action=set, allows attackers to control IP parameters that are written to the data/admin/ip.php file and could result in arbitrary command execution.
CVE-2024-8210 1 Dlink 40 Dnr-202l, Dnr-202l Firmware, Dnr-322l and 37 more 2024-08-29 6.3 Medium
A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. It has been classified as critical. This affects the function sprintf of the file /cgi-bin/hd_config.cgi. The manipulation of the argument f_mount leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.
CVE-2024-8211 1 Dlink 40 Dnr-202l, Dnr-202l Firmware, Dnr-322l and 37 more 2024-08-29 6.3 Medium
A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. It has been declared as critical. This vulnerability affects the function cgi_FMT_Std2R1_DiskMGR of the file /cgi-bin/hd_config.cgi. The manipulation of the argument f_newly_dev leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.
CVE-2024-8212 1 Dlink 40 Dnr-202l, Dnr-202l Firmware, Dnr-322l and 37 more 2024-08-29 6.3 Medium
A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. It has been rated as critical. This issue affects the function cgi_FMT_R12R5_2nd_DiskMGR of the file /cgi-bin/hd_config.cgi. The manipulation of the argument f_source_dev leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.
CVE-2024-8213 1 Dlink 40 Dnr-202l, Dnr-202l Firmware, Dnr-322l and 37 more 2024-08-29 6.3 Medium
A vulnerability classified as critical has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. Affected is the function cgi_FMT_R12R5_1st_DiskMGR of the file /cgi-bin/hd_config.cgi. The manipulation of the argument f_source_dev leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.
CVE-2024-8214 1 Dlink 40 Dnr-202l, Dnr-202l Firmware, Dnr-322l and 37 more 2024-08-29 6.3 Medium
A vulnerability classified as critical was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. Affected by this vulnerability is the function cgi_FMT_Std2R5_2nd_DiskMGR of the file /cgi-bin/hd_config.cgi. The manipulation of the argument f_source_dev leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.
CVE-2024-42905 1 Beijing Digital China Cloud Technology 1 Dcme-320 2024-08-29 9.8 Critical
Beijing Digital China Cloud Technology Co., Ltd. DCME-320 v.7.4.12.60 has a command execution vulnerability, which can be exploited to obtain device administrator privileges via the getVar function in the code/function/system/tool/ping.php file.
CVE-2024-8134 1 Dlink 40 Dnr-202l, Dnr-202l Firmware, Dnr-322l and 37 more 2024-08-27 6.3 Medium
A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. It has been rated as critical. This issue affects the function cgi_FMT_Std2R5_1st_DiskMGR of the file /cgi-bin/hd_config.cgi of the component HTTP POST Request Handler. The manipulation of the argument f_source_dev leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.