Filtered by CWE-77
Filtered by vendor Subscriptions
Total 2150 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-48861 1 Qnap 1 Qurouter 2024-11-26 N/A
An OS command injection vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow local network attackers to execute commands. We have already fixed the vulnerability in the following versions: QuRouter 2.4.4.106 and later
CVE-2024-38831 1 Vmware 1 Aria Operations 2024-11-26 7.8 High
VMware Aria Operations contains a local privilege escalation vulnerability.  A malicious actor with local administrative privileges can insert malicious commands into the properties file to escalate privileges to  a root user on the appliance running VMware Aria Operations.
CVE-2023-50089 1 Netgear 2 Wnr2000, Wnr2000 Firmware 2024-11-26 9.8 Critical
A Command Injection vulnerability exists in NETGEAR WNR2000v4 version 1.0.0.70. When using HTTP for SOAP authentication, command execution occurs during the process after successful authentication.
CVE-2023-50989 1 Tenda 2 I29, I29 Firmware 2024-11-26 9.8 Critical
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the pingSet function.
CVE-2018-0427 1 Cisco 1 Application Policy Infrastructure Controller Enterprise Module 2024-11-26 8.8 High
A vulnerability in the CronJob scheduler API of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to incorrect input validation of user-supplied data. An attacker could exploit this vulnerability by sending a malicious packet. A successful exploit could allow the attacker to execute arbitrary commands with root privileges. Cisco Bug IDs: CSCvi42263.
CVE-2018-0424 1 Cisco 6 Rv110w Firmware, Rv110w Wireless-n Vpn Firewall, Rv130w and 3 more 2024-11-26 8.8 High
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an authenticated, remote attacker to execute arbitrary commands. The vulnerability is due to improper validation of user-supplied input to scripts by the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the root user.
CVE-2018-0430 1 Cisco 1 Unified Computing System 2024-11-26 N/A
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected device. The vulnerability is due to insufficient validation of command input by the affected software. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to inject and execute arbitrary, system-level commands with root privileges on an affected device.
CVE-2018-0431 1 Cisco 1 Unified Computing System 2024-11-26 N/A
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected device. The vulnerability is due to insufficient validation of command input by the affected software. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to inject and execute arbitrary, system-level commands with root privileges on an affected device.
CVE-2018-0433 1 Cisco 12 Vbond Orchestrator, Vedge 100, Vedge 1000 and 9 more 2024-11-26 7.8 High
A vulnerability in the command-line interface (CLI) in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI utility. The attacker must be authenticated to access the CLI utility. A successful exploit could allow the attacker to execute commands with root privileges.
CVE-2018-0454 1 Cisco 2 Cloud Services Platform 2100, Cloud Services Platform 2100 Firmware 2024-11-26 N/A
A vulnerability in the web-based management interface of Cisco Cloud Services Platform 2100 could allow an authenticated, remote attacker to perform command injection. The vulnerability is due to insufficient input validation of command input. An attacker could exploit this vulnerability by sending customized commands to the web-based management interface.
CVE-2018-0477 1 Cisco 1 Ios Xe 2024-11-26 6.7 Medium
A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected software improperly sanitizes command arguments, failing to prevent access to certain internal data structures on an affected device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit these vulnerabilities on the device by executing CLI commands that contain custom arguments. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected device.
CVE-2018-0481 1 Cisco 1 Ios Xe 2024-11-26 6.7 Medium
A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected software improperly sanitizes command arguments, failing to prevent access to certain internal data structures on an affected device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit these vulnerabilities on the device by executing CLI commands that contain custom arguments. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected device.
CVE-2023-49587 1 Sap 1 Solution Manager 2024-11-26 6.4 Medium
SAP Solution Manager - version 720, allows an authorized attacker to execute certain deprecated function modules which can read or modify data of same or other component without user interaction over the network.
CVE-2024-53333 1 Totolink 1 Ex200 Firmware 2024-11-26 6.3 Medium
TOTOLINK EX200 v4.0.3c.7646_B20201211 was found to contain a command insertion vulnerability in the setUssd function. This vulnerability allows an attacker to execute arbitrary commands via the "ussd" parameter.
CVE-2024-51027 1 Ruijienetworks 1 Rg-nbr Rgos Firmware 2024-11-25 6.5 Medium
Ruijie NBR800G gateway NBR_RGOS_11.1(6)B4P9 is vulnerable to command execution in /itbox_pi/networksafe.php via the province parameter.
CVE-2024-39577 1 Dell 1 Smartfabric Os10 2024-11-25 7.1 High
Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability leading to code execution.
CVE-2023-24467 1 Opentext 1 Imanager 2024-11-25 8.8 High
Possible Command Injection in iManager GET parameter has been discovered in OpenText™ iManager 3.2.6.0000.
CVE-2021-38116 1 Opentext 1 Imanager 2024-11-25 8.8 High
Possible Elevation of Privilege Vulnerability in iManager has been discovered in OpenText™ iManager. This impacts all versions before 3.2.5
CVE-2024-45348 1 Mi 2 Ax9000, Ax9000 Firmware 2024-11-25 6.4 Medium
Xiaomi Router AX9000 has a post-authorization command injection vulnerability. This vulnerability is caused by the lack of validation of user input, and an attacker can exploit this vulnerability to execute arbitrary code.
CVE-2023-0611 1 Trendnet 2 Tew-652brp, Tew-652brp Firmware 2024-11-25 8.8 High
A vulnerability, which was classified as critical, has been found in TRENDnet TEW-652BRP 3.04B01. This issue affects some unknown processing of the file get_set.ccp of the component Web Management Interface. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-219935.