Total
5156 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-1608 | 1 Lb-link | 2 Ac1900, Ac1900 Firmware | 2025-11-04 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, was found in LB-LINK AC1900 Router 1.0.2. Affected is the function websGetVar of the file /goform/set_manpwd. The manipulation of the argument routepwd leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-35194 | 1 Peplink | 2 Surf Soho, Surf Soho Firmware | 2025-11-04 | N/A | 7.2 HIGH |
| An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability is specifically for the `system` call in the file `/web/MANGA/cgi-bin/api.cgi` for firmware version 6.3.5 at offset `0x4bde44`. | |||||
| CVE-2023-35193 | 1 Peplink | 2 Surf Soho, Surf Soho Firmware | 2025-11-04 | N/A | 7.2 HIGH |
| An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability is specifically for the `system` call in the file `/web/MANGA/cgi-bin/api.cgi` for firmware version 6.3.5 at offset 0x4bddb8. | |||||
| CVE-2023-34356 | 1 Peplink | 2 Surf Soho, Surf Soho Firmware | 2025-11-04 | N/A | 7.2 HIGH |
| An OS command injection vulnerability exists in the data.cgi xfer_dns functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2023-28528 | 1 Ibm | 2 Aix, Vios | 2025-11-04 | N/A | 8.4 HIGH |
| IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 251207. | |||||
| CVE-2023-28381 | 1 Peplink | 2 Surf Soho, Surf Soho Firmware | 2025-11-04 | N/A | 7.2 HIGH |
| An OS command injection vulnerability exists in the admin.cgi MVPN_trial_init functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2023-25583 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2025-11-04 | N/A | 7.2 HIGH |
| Two OS command injection vulnerabilities exist in the zebra vlan_name functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the code branch that manages a new vlan configuration. | |||||
| CVE-2023-25582 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2025-11-04 | N/A | 7.2 HIGH |
| Two OS command injection vulnerabilities exist in the zebra vlan_name functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the code branch that manages an already existing vlan configuration. | |||||
| CVE-2023-24582 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2025-11-04 | N/A | 8.8 HIGH |
| Two OS command injection vulnerabilities exist in the urvpn_client cmd_name_action functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This OS command injection is triggered through a TCP packet. | |||||
| CVE-2023-24520 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2025-11-04 | N/A | 8.8 HIGH |
| Two OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1 functionality of Milesight UR32L v32.3.0.5. A specially-crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the trace tool utility. | |||||
| CVE-2023-24519 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2025-11-04 | N/A | 8.8 HIGH |
| Two OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1 functionality of Milesight UR32L v32.3.0.5. A specially-crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the ping tool utility. | |||||
| CVE-2022-42493 | 1 Siretta | 2 Quartz-gold, Quartz-gold Firmware | 2025-11-04 | N/A | 9.8 CRITICAL |
| Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is reachable through the m2m's DOWNLOAD_INFO command. | |||||
| CVE-2022-42492 | 1 Siretta | 2 Quartz-gold, Quartz-gold Firmware | 2025-11-04 | N/A | 9.8 CRITICAL |
| Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is reachable through the m2m's DOWNLOAD_AD command. | |||||
| CVE-2022-42491 | 1 Siretta | 2 Quartz-gold, Quartz-gold Firmware | 2025-11-04 | N/A | 9.8 CRITICAL |
| Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is reachable through the m2m's M2M_CONFIG_SET command | |||||
| CVE-2022-42490 | 1 Siretta | 2 Quartz-gold, Quartz-gold Firmware | 2025-11-04 | N/A | 9.8 CRITICAL |
| Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is reachable through the m2m's DOWNLOAD_CFG_FILE command | |||||
| CVE-2024-31705 | 2025-11-04 | N/A | 9.8 CRITICAL | ||
| An issue in Infotel Conseil GLPI v.10.X.X and after allows a remote attacker to execute arbitrary code via the insufficient validation of user-supplied input. | |||||
| CVE-2024-20328 | 1 Clamav | 1 Clamav | 2025-11-04 | N/A | 5.3 MEDIUM |
| A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service account.The vulnerability is due to unsafe handling of file names. A local attacker could exploit this vulnerability by supplying a file name containing command-line sequences. When processed on a system using configuration options for the VirusEvent feature, the attacker could cause the application to execute arbitrary commands. ClamAV has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | |||||
| CVE-2023-47618 | 1 Tp-link | 2 Er7206, Er7206 Firmware | 2025-11-04 | N/A | 7.2 HIGH |
| A post authentication command execution vulnerability exists in the web filtering functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2023-47617 | 1 Tp-link | 2 Er7206, Er7206 Firmware | 2025-11-04 | N/A | 7.2 HIGH |
| A post authentication command injection vulnerability exists when configuring the web group member of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2023-47209 | 1 Tp-link | 2 Er7206, Er7206 Firmware | 2025-11-04 | N/A | 7.2 HIGH |
| A post authentication command injection vulnerability exists in the ipsec policy functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||