Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2018-0636

Summary
Assigner-jpcert
Assigner Org ID-ede6fdc4-6654-4307-a26d-3331c018e2ce
Published At-09 Jan, 2019 | 22:00
Updated At-05 Aug, 2024 | 03:35
Rejected At-
Credits

Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via FactoryPassword parameter of a certain URL, different URL from CVE-2018-0634.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:jpcert
Assigner Org ID:ede6fdc4-6654-4307-a26d-3331c018e2ce
Published At:09 Jan, 2019 | 22:00
Updated At:05 Aug, 2024 | 03:35
Rejected At:
▼CVE Numbering Authority (CNA)

Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via FactoryPassword parameter of a certain URL, different URL from CVE-2018-0634.

Affected Products
Vendor
NEC CorporationNEC Corporation
Product
HC100RC
Versions
Affected
  • Ver1.0.1 and earlier
Problem Types
TypeCWE IDDescription
textN/AOS Command Injection
Type: text
CWE ID: N/A
Description: OS Command Injection
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://jvn.jp/en/jp/JVN84825660/index.html
third-party-advisory
x_refsource_JVN
https://jpn.nec.com/security-info/secinfo/nv18-011.html
x_refsource_MISC
Hyperlink: https://jvn.jp/en/jp/JVN84825660/index.html
Resource:
third-party-advisory
x_refsource_JVN
Hyperlink: https://jpn.nec.com/security-info/secinfo/nv18-011.html
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://jvn.jp/en/jp/JVN84825660/index.html
third-party-advisory
x_refsource_JVN
x_transferred
https://jpn.nec.com/security-info/secinfo/nv18-011.html
x_refsource_MISC
x_transferred
Hyperlink: https://jvn.jp/en/jp/JVN84825660/index.html
Resource:
third-party-advisory
x_refsource_JVN
x_transferred
Hyperlink: https://jpn.nec.com/security-info/secinfo/nv18-011.html
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:vultures@jpcert.or.jp
Published At:09 Jan, 2019 | 23:29
Updated At:15 Jan, 2019 | 19:52

Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via FactoryPassword parameter of a certain URL, different URL from CVE-2018-0634.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.07.2HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary2.09.0HIGH
AV:N/AC:L/Au:S/C:C/I:C/A:C
Type: Primary
Version: 3.0
Base score: 7.2
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 9.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C
CPE Matches
NEC Corporation
nec
>>aterm_hc100rc_firmware>>Versions up to 1.0.1(inclusive)
cpe:2.3:o:nec:aterm_hc100rc_firmware:*:*:*:*:*:*:*:*
NEC Corporation
nec
>>aterm_hc100rc>>-
cpe:2.3:h:nec:aterm_hc100rc:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-78Primarynvd@nist.gov
CWE ID: CWE-78
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://jpn.nec.com/security-info/secinfo/nv18-011.htmlvultures@jpcert.or.jp
Vendor Advisory
https://jvn.jp/en/jp/JVN84825660/index.htmlvultures@jpcert.or.jp
Third Party Advisory
Hyperlink: https://jpn.nec.com/security-info/secinfo/nv18-011.html
Source: vultures@jpcert.or.jp
Resource:
Vendor Advisory
Hyperlink: https://jvn.jp/en/jp/JVN84825660/index.html
Source: vultures@jpcert.or.jp
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

666Records found
CVE-2018-16194
Matching Score-10
Assigner-JPCERT/CC
ShareView Details
Matching Score-10
Assigner-JPCERT/CC
CVSS Score-7.2||HIGH
EPSS-0.59% / 68.22%
||
7 Day CHG~0.00%
Published-09 Jan, 2019 | 22:00
Updated-05 Aug, 2024 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows authenticated attackers to execute arbitrary OS commands via unspecified vectors.

Action-Not Available
Vendor-NEC Corporation
Product-aterm_wf1200craterm_wg1200craterm_wg1200cr_firmwareaterm_wf1200cr_firmwareAterm WF1200CR and Aterm WG1200CR
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-0628
Matching Score-10
Assigner-JPCERT/CC
ShareView Details
Matching Score-10
Assigner-JPCERT/CC
CVSS Score-7.2||HIGH
EPSS-0.67% / 70.37%
||
7 Day CHG~0.00%
Published-09 Jan, 2019 | 22:00
Updated-05 Aug, 2024 | 03:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via HTTP request and response.

Action-Not Available
Vendor-NEC Corporation
Product-aterm_wg1200hp_firmwareaterm_wg1200hpWG1200HP
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-0638
Matching Score-10
Assigner-JPCERT/CC
ShareView Details
Matching Score-10
Assigner-JPCERT/CC
CVSS Score-7.2||HIGH
EPSS-0.67% / 70.37%
||
7 Day CHG~0.00%
Published-09 Jan, 2019 | 22:00
Updated-05 Aug, 2024 | 03:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via import.cgi encKey parameter.

Action-Not Available
Vendor-NEC Corporation
Product-aterm_hc100rc_firmwareaterm_hc100rcHC100RC
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-0639
Matching Score-10
Assigner-JPCERT/CC
ShareView Details
Matching Score-10
Assigner-JPCERT/CC
CVSS Score-7.2||HIGH
EPSS-0.59% / 68.22%
||
7 Day CHG~0.00%
Published-09 Jan, 2019 | 22:00
Updated-05 Aug, 2024 | 03:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via tools_firmware.cgi date parameter, time parameter, and offset parameter.

Action-Not Available
Vendor-NEC Corporation
Product-aterm_hc100rc_firmwareaterm_hc100rcHC100RC
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-0629
Matching Score-10
Assigner-JPCERT/CC
ShareView Details
Matching Score-10
Assigner-JPCERT/CC
CVSS Score-7.2||HIGH
EPSS-0.67% / 70.37%
||
7 Day CHG~0.00%
Published-09 Jan, 2019 | 22:00
Updated-05 Aug, 2024 | 03:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via HTTP request and response.

Action-Not Available
Vendor-NEC Corporation
Product-aterm_w300p_firmwareaterm_w300pAterm W300P
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-0630
Matching Score-10
Assigner-JPCERT/CC
ShareView Details
Matching Score-10
Assigner-JPCERT/CC
CVSS Score-7.2||HIGH
EPSS-0.67% / 70.37%
||
7 Day CHG~0.00%
Published-09 Jan, 2019 | 22:00
Updated-05 Aug, 2024 | 03:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via sysCmd parameter.

Action-Not Available
Vendor-NEC Corporation
Product-aterm_w300p_firmwareaterm_w300pAterm W300P
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-0625
Matching Score-10
Assigner-JPCERT/CC
ShareView Details
Matching Score-10
Assigner-JPCERT/CC
CVSS Score-7.2||HIGH
EPSS-0.67% / 70.37%
||
7 Day CHG~0.00%
Published-09 Jan, 2019 | 22:00
Updated-05 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via formSysCmd parameter.

Action-Not Available
Vendor-NEC Corporation
Product-aterm_wg1200hp_firmwareaterm_wg1200hpWG1200HP
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-0627
Matching Score-10
Assigner-JPCERT/CC
ShareView Details
Matching Score-10
Assigner-JPCERT/CC
CVSS Score-7.2||HIGH
EPSS-0.67% / 70.37%
||
7 Day CHG~0.00%
Published-09 Jan, 2019 | 22:00
Updated-05 Aug, 2024 | 03:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via targetAPSsid parameter.

Action-Not Available
Vendor-NEC Corporation
Product-aterm_wg1200hp_firmwareaterm_wg1200hpWG1200HP
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-0634
Matching Score-10
Assigner-JPCERT/CC
ShareView Details
Matching Score-10
Assigner-JPCERT/CC
CVSS Score-7.2||HIGH
EPSS-0.59% / 68.22%
||
7 Day CHG~0.00%
Published-09 Jan, 2019 | 22:00
Updated-05 Aug, 2024 | 03:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via FactoryPassword parameter or bootmode parameter of a certain URL.

Action-Not Available
Vendor-NEC Corporation
Product-aterm_hc100rc_firmwareaterm_hc100rcHC100RC
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-0635
Matching Score-10
Assigner-JPCERT/CC
ShareView Details
Matching Score-10
Assigner-JPCERT/CC
CVSS Score-7.2||HIGH
EPSS-0.59% / 68.22%
||
7 Day CHG~0.00%
Published-09 Jan, 2019 | 22:00
Updated-05 Aug, 2024 | 03:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via filename parameter.

Action-Not Available
Vendor-NEC Corporation
Product-aterm_hc100rc_firmwareaterm_hc100rcHC100RC
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-20740
Matching Score-10
Assigner-JPCERT/CC
ShareView Details
Matching Score-10
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-2.37% / 84.32%
||
7 Day CHG~0.00%
Published-28 Jun, 2021 | 00:50
Updated-03 Aug, 2024 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Hitachi Virtual File Platform Versions prior to 5.5.3-09 and Versions prior to 6.4.3-09, and NEC Storage M Series NAS Gateway Nh4a/Nh8a versions prior to FOS 5.5.3-08(NEC2.5.4a) and Nh4b/Nh8b, Nh4c/Nh8c versions prior to FOS 6.4.3-08(NEC3.4.2) allow remote authenticated attackers to execute arbitrary OS commands with root privileges via unspecified vectors.

Action-Not Available
Vendor-Hitachi, Ltd.NEC Corporation
Product-virtual_file_platformnas_gateway_nh4c_firmwarenas_gateway_nh4a_firmwarenas_gateway_nh4cnas_gateway_nh8b_firmwarenas_gateway_nh8c_firmwarenas_gateway_nh8a_firmwarenas_gateway_nh4anas_gateway_nh4b_firmwarenas_gateway_nh4bnas_gateway_nh8bnas_gateway_nh8anas_gateway_nh8cHitachi Virtual File Platform and NEC Storage M Series NAS Gateway which uses Hitachi Virtual File Platform
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-0637
Matching Score-10
Assigner-JPCERT/CC
ShareView Details
Matching Score-10
Assigner-JPCERT/CC
CVSS Score-7.2||HIGH
EPSS-0.67% / 70.37%
||
7 Day CHG~0.00%
Published-09 Jan, 2019 | 22:00
Updated-05 Aug, 2024 | 03:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via export.cgi encKey parameter.

Action-Not Available
Vendor-NEC Corporation
Product-aterm_hc100rc_firmwareaterm_hc100rcHC100RC
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-0631
Matching Score-10
Assigner-JPCERT/CC
ShareView Details
Matching Score-10
Assigner-JPCERT/CC
CVSS Score-7.2||HIGH
EPSS-0.67% / 70.37%
||
7 Day CHG~0.00%
Published-09 Jan, 2019 | 22:00
Updated-05 Aug, 2024 | 03:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via targetAPSsid parameter.

Action-Not Available
Vendor-NEC Corporation
Product-aterm_w300p_firmwareaterm_w300pAterm W300P
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-20708
Matching Score-10
Assigner-JPCERT/CC
ShareView Details
Matching Score-10
Assigner-JPCERT/CC
CVSS Score-7.2||HIGH
EPSS-0.69% / 70.83%
||
7 Day CHG~0.00%
Published-26 Apr, 2021 | 00:20
Updated-03 Aug, 2024 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NEC Aterm devices (Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and earlier) allow authenticated attackers to execute arbitrary OS commands by sending a specially crafted request to a specific URL.

Action-Not Available
Vendor-NEC Corporation
Product-aterm_wf1200craterm_wg1200craterm_wg1200cr_firmwareaterm_wg2600hs_firmwareaterm_wg2600hsaterm_wf1200cr_firmwareNEC Aterm devices
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-0626
Matching Score-10
Assigner-JPCERT/CC
ShareView Details
Matching Score-10
Assigner-JPCERT/CC
CVSS Score-7.2||HIGH
EPSS-0.67% / 70.37%
||
7 Day CHG~0.00%
Published-09 Jan, 2019 | 22:00
Updated-05 Aug, 2024 | 03:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via sysCmd in formWsc parameter.

Action-Not Available
Vendor-NEC Corporation
Product-aterm_wg1200hp_firmwareaterm_wg1200hpWG1200HP
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-0640
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.2||HIGH
EPSS-2.04% / 83.08%
||
7 Day CHG~0.00%
Published-09 Jan, 2019 | 22:00
Updated-05 Aug, 2024 | 03:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary code via netWizard.cgi date parameter, time parameter, and offset parameter.

Action-Not Available
Vendor-NEC Corporation
Product-aterm_hc100rc_firmwareaterm_hc100rcHC100RC
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-0633
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.2||HIGH
EPSS-1.69% / 81.47%
||
7 Day CHG~0.00%
Published-09 Jan, 2019 | 22:00
Updated-05 Aug, 2024 | 03:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary code via submit-url parameter.

Action-Not Available
Vendor-NEC Corporation
Product-aterm_w300p_firmwareaterm_w300pAterm W300P
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-0641
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.2||HIGH
EPSS-2.04% / 83.08%
||
7 Day CHG~0.00%
Published-09 Jan, 2019 | 22:00
Updated-05 Aug, 2024 | 03:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary code via tools_system.cgi date parameter, time parameter, and offset parameter.

Action-Not Available
Vendor-NEC Corporation
Product-aterm_hc100rc_firmwareaterm_hc100rcHC100RC
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-0632
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.2||HIGH
EPSS-1.69% / 81.47%
||
7 Day CHG~0.00%
Published-09 Jan, 2019 | 22:00
Updated-05 Aug, 2024 | 03:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary code via HTTP request and response.

Action-Not Available
Vendor-NEC Corporation
Product-aterm_w300p_firmwareaterm_w300pAterm W300P
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-20709
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.2||HIGH
EPSS-0.26% / 48.78%
||
7 Day CHG~0.00%
Published-26 Apr, 2021 | 00:20
Updated-03 Aug, 2024 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper validation of integrity check value vulnerability in NEC Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and earlier allows an attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to a specific URL.

Action-Not Available
Vendor-NEC Corporation
Product-aterm_wf1200craterm_wg1200craterm_wg1200cr_firmwareaterm_wg2600hs_firmwareaterm_wg2600hsaterm_wf1200cr_firmwareNEC Aterm devices
CWE ID-CWE-354
Improper Validation of Integrity Check Value
CVE-1999-0043
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.59% / 80.90%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others.

Action-Not Available
Vendor-bsdin/absdiThe MITRE Corporation (Caldera)Netscape (Yahoo Inc.)NEC CorporationInternet Systems Consortium, Inc.Red Hat, Inc.
Product-bsd_osgoah_intrasvnews_serverlinuxinnopenlinuxgoah_networksvn/absd_oslinuxopenlinuxgoah_intrasvgoah_networksvnews_serverinn
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-16195
Matching Score-6
Assigner-JPCERT/CC
ShareView Details
Matching Score-6
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.32% / 53.99%
||
7 Day CHG~0.00%
Published-09 Jan, 2019 | 22:00
Updated-05 Aug, 2024 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands via SOAP interface of UPnP.

Action-Not Available
Vendor-NEC Corporation
Product-aterm_wf1200craterm_wg1200craterm_wg1200cr_firmwareaterm_wf1200cr_firmwareAterm WF1200CR and Aterm WG1200CR
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-3741
Matching Score-6
Assigner-NEC Corporation
ShareView Details
Matching Score-6
Assigner-NEC Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.55% / 66.86%
||
7 Day CHG~0.00%
Published-30 Nov, 2023 | 00:55
Updated-02 Dec, 2024 | 19:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An OS Command injection vulnerability in NEC Platforms DT900 and DT900S Series all versions allows an attacker to execute any command on the device.

Action-Not Available
Vendor-NEC Platforms, Ltd.NEC Corporation
Product-itk-12dg-1p\(bk\)telitk-6dgs-1\(bk\)telitk-8tcgx-1\(bk\)tel_firmwareitk-6dgs-1p\(bk\)tel_firmwareitk-32lcg-1p\(bk\)tel_firmwareitk-32lcg-1p\(bk\)telitk-6dgs-1a\(bk\)telitk-32tcgs-1\(bk\)tel_firmwareitk-8lcx-1p\(bk\)tel_firmwareitk-32lcgs-1a\(bk\)telitk-12dg-1p\(bk\)tel_firmwareitk-6d-1p\(bk\)tel_firmwareitk-8lcx-1\(bk\)tel_firmwareitk-8tcgx-1p\(bk\)telitk-6dg-1p\(bk\)tel_firmwareitk-8tcgx-1p\(bk\)tel_firmwareitk-32tcg-1p\(bk\)telitk-6d-1\(bk\)tel_firmwareitk-32tcgs-1p\(bk\)telitk-32tcg-1p\(bk\)tel_firmwareitk-32lcgs-1p\(bk\)telitk-32tcgs-1a\(bk\)tel_firmwareitk-6dg-1p\(bk\)telitk-8lcg-1p\(bk\)telitk-8tcgx-1\(bk\)telitk-6d-1\(bk\)telitk-32tcgs-1a\(bk\)telitk-32lcgs-1a\(bk\)tel_firmwareitk-6d-1p\(bk\)telitk-12d-1p\(bk\)tel_firmwareitk-32lcgs-1\(bk\)tel_firmwareitk-8lcx-1p\(bk\)telitk-32lcgs-1p\(bk\)tel_firmwareitk-12d-1\(bk\)tel_firmwareitk-12d-1\(bk\)telitk-6dgs-1\(bk\)tel_firmwareitk-8lcg-1p\(bk\)tel_firmwareitk-6dgs-1a\(bk\)tel_firmwareitk-32tcgs-1\(bk\)telitk-6dgs-1p\(bk\)telitk-32tcgs-1p\(bk\)tel_firmwareitk-32lcgs-1\(bk\)telitk-8lcx-1\(bk\)telitk-12d-1p\(bk\)telITK-6DGS-1P(BK) TELITK-32LCGS-1P(BK) TELITK-6DG-1P(BK)TELITK-32LCGS-1(BK) TELITK-8TCGX-1(BK)TELITK-6DGS-1A(BK) TELITK-8LCG-1P(BK)TELITK-8LCX-1(BK)TELITK-8TCGX-1P(BK)TELITK-32TCG-1P(BK)TELITK-32TCGS-1A(BK) TELITK-12D-1P(BK)TELITK-6D-1(BK)TELITK-32TCGS-1(BK) TELITK-6D-1P(BK)TELITK-6DGS-1(BK) TELITK-32LCGS-1A(BK) TELITK-12D-1(BK)TELITK-32LCG-1P(BK)TELITK-12DG-1P(BK)TELITK-8LCX-1P(BK)TELITK-32TCGS-1P(BK) TEL
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-20711
Matching Score-6
Assigner-JPCERT/CC
ShareView Details
Matching Score-6
Assigner-JPCERT/CC
CVSS Score-9.8||CRITICAL
EPSS-0.65% / 69.82%
||
7 Day CHG~0.00%
Published-26 Apr, 2021 | 00:20
Updated-03 Aug, 2024 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Aterm WG2600HS firmware Ver1.5.1 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.

Action-Not Available
Vendor-NEC Corporation
Product-aterm_wg2600hs_firmwareaterm_wg2600hsAterm WG2600HS
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-0356
Matching Score-6
Assigner-NEC Corporation
ShareView Details
Matching Score-6
Assigner-NEC Corporation
CVSS Score-7.2||HIGH
EPSS-0.09% / 26.19%
||
7 Day CHG+0.01%
Published-15 Jan, 2025 | 07:24
Updated-03 Apr, 2025 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NEC Corporation Aterm WX1500HP Ver.1.4.2 and earlier and WX3600HP Ver.1.5.3 and earlier allows a attacker to execute arbitrary OS commands via the network.

Action-Not Available
Vendor-NEC Corporation
Product-WX1500HPWX3600HP
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-3333
Matching Score-6
Assigner-NEC Corporation
ShareView Details
Matching Score-6
Assigner-NEC Corporation
CVSS Score-7.2||HIGH
EPSS-0.07% / 22.44%
||
7 Day CHG~0.00%
Published-28 Jun, 2023 | 01:33
Updated-04 Dec, 2024 | 20:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to execute an arbitrary OS command with the root privilege, after obtaining a high privilege exploiting CVE-2023-3330 and CVE-2023-3331 vulnerabilities.

Action-Not Available
Vendor-NEC Corporation
Product-aterm_wr8175naterm_wr8370n_firmwareaterm_wr8750n_firmwareaterm_wr8370naterm_wf300hpaterm_wr8170naterm_wg600hp_firmwareaterm_wg300hp_firmwareaterm_wg1800hpaterm_wg1800hp2aterm_wg300hpaterm_wg1800hp2_firmwareaterm_wr8600n_firmwareaterm_wf300hp_firmwareaterm_wg1400hp_firmwareaterm_wr9500n_firmwareaterm_wg2200hpaterm_wr9500naterm_wg2200hp_firmwareaterm_wr9300naterm_wg1800hp_firmwareaterm_wg2600hpaterm_wg2600hp2_firmwareaterm_wg600hpaterm_wr8600naterm_wr8170n_firmwareaterm_wr8700n_firmwareaterm_wg2600hp_firmwareaterm_wr9300n_firmwareaterm_wg1400hpaterm_wr8700naterm_wg2600hp2aterm_wr8175n_firmwareaterm_wr8750nAterm WR8170NAterm WG2600HPAterm WR8700NAterm WR9500NAterm WR8175NAterm WG2600HP2Aterm WR9300NAterm WG1800HP2Aterm WG1800HPAterm WR8370NAterm WG2200HPAterm WF300HPAterm WG300HPAterm WG1400HPAterm WR8750NAterm WR8600NAterm WG600HP
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-5636
Matching Score-6
Assigner-JPCERT/CC
ShareView Details
Matching Score-6
Assigner-JPCERT/CC
CVSS Score-6.8||MEDIUM
EPSS-0.24% / 47.49%
||
7 Day CHG~0.00%
Published-14 Dec, 2020 | 02:25
Updated-04 Aug, 2024 | 08:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Aterm SA3500G firmware versions prior to Ver. 3.5.9 allows an attacker with an administrative privilege to send a specially crafted request to a specific URL, which may result in an arbitrary command execution.

Action-Not Available
Vendor-NEC Platforms, Ltd.NEC Corporation
Product-aterm_sa3500gaterm_sa3500g_firmwareAterm SA3500G
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-5525
Matching Score-6
Assigner-JPCERT/CC
ShareView Details
Matching Score-6
Assigner-JPCERT/CC
CVSS Score-8||HIGH
EPSS-0.23% / 45.61%
||
7 Day CHG~0.00%
Published-21 Feb, 2020 | 09:15
Updated-04 Aug, 2024 | 08:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via management screen.

Action-Not Available
Vendor-NEC Corporation
Product-aterm_wg1200craterm_wf1200c_firmwareaterm_wg1200cr_firmwareaterm_wg2600hs_firmwareaterm_wf1200caterm_wg2600hsAterm series
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-5534
Matching Score-6
Assigner-JPCERT/CC
ShareView Details
Matching Score-6
Assigner-JPCERT/CC
CVSS Score-8||HIGH
EPSS-0.23% / 45.61%
||
7 Day CHG~0.00%
Published-21 Feb, 2020 | 09:15
Updated-04 Aug, 2024 | 08:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Aterm WG2600HS firmware Ver1.3.2 and earlier allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via unspecified vectors.

Action-Not Available
Vendor-NEC Corporation
Product-aterm_wg2600hs_firmwareaterm_wg2600hsAterm WG2600HS
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-25621
Matching Score-6
Assigner-NEC Corporation
ShareView Details
Matching Score-6
Assigner-NEC Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.96% / 75.54%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 17:54
Updated-03 Aug, 2024 | 04:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

UUNIVERGE WA 1020 Ver8.2.11 and prior, UNIVERGE WA 1510 Ver8.2.11 and prior, UNIVERGE WA 1511 Ver8.2.11 and prior, UNIVERGE WA 1512 Ver8.2.11 and prior, UNIVERGE WA 2020 Ver8.2.11 and prior, UNIVERGE WA 2021 Ver8.2.11 and prior, UNIVERGE WA 2610-AP Ver8.2.11 and prior, UNIVERGE WA 2611-AP Ver8.2.11 and prior, UNIVERGE WA 2611E-AP Ver8.2.11 and prior, UNIVERGE WA WA2612-AP Ver8.2.11 and prior allows a remote attacker to execute arbitrary OS commands.

Action-Not Available
Vendor-NEC Platforms, Ltd.NEC Corporation
Product-univerge_wa2020univerge_wa2611-ap_firmwareuniverge_wa2610-ap_firmwareuniverge_wa1511_firmwareuniverge_wa2611-apuniverge_wa1510_firmwareuniverge_wa1020univerge_wa2612-apuniverge_wa2612-ap_firmwareuniverge_wa2020_firmwareuniverge_wa1510univerge_wa2610-apuniverge_wa1512_firmwareuniverge_wa1512univerge_wa1511univerge_wa2021univerge_wa1020_firmwareuniverge_wa2021_firmwareuniverge_wa2611e-apuniverge_wa2611e-ap_firmwareUNIVERGE DT
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-40895
Matching Score-6
Assigner-JPCERT/CC
ShareView Details
Matching Score-6
Assigner-JPCERT/CC
CVSS Score-6.4||MEDIUM
EPSS-0.41% / 60.28%
||
7 Day CHG~0.00%
Published-30 Jul, 2024 | 08:37
Updated-02 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FFRI AMC versions 3.4.0 to 3.5.3 and some OEM products that implement/bundle FFRI AMC versions 3.4.0 to 3.5.3 allow a remote unauthenticated attacker to execute arbitrary OS commands when certain conditions are met in an environment where the notification program setting is enabled and the executable file path is set to a batch file (.bat) or command file (.cmd) extension.

Action-Not Available
Vendor-Sky Co., Ltd.FFRI Security, Inc.skygroupffriNEC Corporation
Product-FFRI AMCFFRI AMC for ActSecure χEDR Plus Packffri_amcedr_plus_pack_cloudedr_plus_pack
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-5685
Matching Score-6
Assigner-JPCERT/CC
ShareView Details
Matching Score-6
Assigner-JPCERT/CC
CVSS Score-9.8||CRITICAL
EPSS-0.61% / 68.89%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 09:40
Updated-04 Aug, 2024 | 08:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

UNIVERGE SV9500 series from V1 to V7and SV8500 series from S6 to S8 allows an attacker to execute arbitrary OS commands or cause a denial-of-service (DoS) condition by sending a specially crafted request to a specific URL.

Action-Not Available
Vendor-NEC Corporation
Product-univerge_sv8500univerge_sv9500_firmwareuniverge_sv8500_firmwareuniverge_sv9500UNIVERGE SV9500/SV8500 series
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-5635
Matching Score-6
Assigner-JPCERT/CC
ShareView Details
Matching Score-6
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.41% / 60.71%
||
7 Day CHG~0.00%
Published-14 Dec, 2020 | 02:25
Updated-04 Aug, 2024 | 08:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Aterm SA3500G firmware versions prior to Ver. 3.5.9 allows an attacker on the adjacent network to send a specially crafted request to a specific URL, which may result in an arbitrary command execution.

Action-Not Available
Vendor-NEC Platforms, Ltd.NEC Corporation
Product-aterm_sa3500gaterm_sa3500g_firmwareAterm SA3500G
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-28015
Matching Score-6
Assigner-NEC Corporation
ShareView Details
Matching Score-6
Assigner-NEC Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.28% / 51.36%
||
7 Day CHG~0.00%
Published-28 Mar, 2024 | 00:56
Updated-14 Jan, 2025 | 04:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary OS command with the root privilege via the internet.

Action-Not Available
Vendor-NEC Corporation
Product-WR6600HWM3500RW300PWR8300NWR1200HWR6670SWG600HPWF1200HP2WM3400RNWM3800RWR9300NWR8166NWG1800HP4WG2200HPWR8165NWG1200HS3WR6650SWM3450RNWG1200HSWF300HP2WG1200HP3WG1900HP2WF800HPWR8400NWR9500NWR8100NWF1200HPWR8160NWR7800HWR8500NWG1810HP(JE)WG1810HP(MF)WR4500NWR8200NWR8170NWG1800HP2CR2500PWR8600NWG1800HPWG1200HPWF300HPWM3600RWG1900HPWR8150NWG1200HS2WR4100NWG1400HPWR8370NWR8750NWR8175NWR7870SWG1800HP3WG1200HP2WR7850SMR01LNWG300HPMR02LNWR8700NW1200EX(-MS)aterm_wg1800hp4_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-5524
Matching Score-6
Assigner-JPCERT/CC
ShareView Details
Matching Score-6
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.22% / 45.04%
||
7 Day CHG~0.00%
Published-21 Feb, 2020 | 09:15
Updated-04 Aug, 2024 | 08:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands with root privileges via UPnP function.

Action-Not Available
Vendor-NEC Corporation
Product-aterm_wf1200caterm_wg1200craterm_wg1200cr_firmwareaterm_wg2600hs_firmwareaterm_wf1200c_firmwareaterm_wg2600hsAterm series
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-38965
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-2.31% / 84.14%
||
7 Day CHG~0.00%
Published-17 Jan, 2022 | 17:15
Updated-17 Sep, 2024 | 01:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM FileNet Content Manager 5.5.4, 5.5.6, and 5.5.7 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 212346.

Action-Not Available
Vendor-IBM Corporation
Product-filenet_content_managerFileNet Content Manager
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-9276
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-83.84% / 99.25%
||
7 Day CHG~0.00%
Published-02 Jul, 2018 | 16:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-02-25||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administrator web console with administrative privileges can exploit an OS command injection vulnerability (both on the server and on devices) by sending malformed parameters in sensor or notification management scenarios.

Action-Not Available
Vendor-paesslern/aPaessler
Product-prtg_network_monitorn/aPRTG Network Monitor
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2016-4965
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-7.70% / 91.54%
||
7 Day CHG~0.00%
Published-21 Sep, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users with access to the nslookup functionality to execute arbitrary commands with root privileges via the graph parameter to diagnosis_control.php.

Action-Not Available
Vendor-n/aFortinet, Inc.
Product-fortiwann/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-6926
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.56% / 67.28%
||
7 Day CHG~0.00%
Published-12 Feb, 2018 | 17:00
Updated-16 Sep, 2024 | 20:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In app/Controller/ServersController.php in MISP 2.4.87, a server setting permitted the override of a path variable on certain Red Hed Enterprise Linux and CentOS systems (where rh_shell_fix was enabled), and consequently allowed site admins to inject arbitrary OS commands. The impact is limited by the setting being only accessible to the site administrator.

Action-Not Available
Vendor-mispn/a
Product-mispn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-22123
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-7.6||HIGH
EPSS-85.70% / 99.33%
||
7 Day CHG~0.00%
Published-01 Jun, 2021 | 19:58
Updated-25 Oct, 2024 | 13:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An OS command injection vulnerability in FortiWeb's management interface 6.3.7 and below, 6.2.3 and below, 6.1.x, 6.0.x, 5.9.x may allow a remote authenticated attacker to execute arbitrary commands on the system via the SAML server configuration page.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiwebFortinet FortiWeb
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-8735
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-76.53% / 98.90%
||
7 Day CHG~0.00%
Published-18 Apr, 2018 | 00:00
Updated-05 Aug, 2024 | 07:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Remote command execution (RCE) vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary commands on the target system, aka OS command injection.

Action-Not Available
Vendor-n/aNagios Enterprises, LLC
Product-nagios_xin/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-9086
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-7.2||HIGH
EPSS-2.09% / 83.31%
||
7 Day CHG~0.00%
Published-16 Nov, 2018 | 14:00
Updated-05 Aug, 2024 | 07:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Legacy Server BMC Remote Command Injection

In some Lenovo ThinkServer-branded servers, a command injection vulnerability exists in the BMC firmware download command. This allows a privileged user to download and execute arbitrary code inside the BMC. This can only be exploited by authorized privileged users.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkserver_rd340thinkserver_rd640_firmwarethinkserver_rd440thinkserver_td340_firmwarethinkserver_rd640thinkserver_rd340_firmwarethinkserver_rd440_firmwarethinkserver_td340ThinkServer BMC
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2011-0374
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-9||HIGH
EPSS-1.63% / 81.13%
||
7 Day CHG~0.00%
Published-25 Feb, 2011 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCtb31659.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-telepresence_system_1100telepresence_system_softwaretelepresence_system_1300_seriestelepresence_system_3000telepresence_system_1000telepresence_system_3200_seriestelepresence_system_500_seriesn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-7082
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-1.35% / 79.29%
||
7 Day CHG~0.00%
Published-10 May, 2019 | 16:49
Updated-05 Aug, 2024 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A command injection vulnerability is present in Aruba Instant that permits an authenticated administrative user to execute arbitrary commands on the underlying operating system. A malicious administrator could use this ability to install backdoors or change system configuration in a way that would not be logged. Workaround: None. Resolution: Fixed in Aruba Instant 4.2.4.12, 6.5.4.11, 8.3.0.6, and 8.4.0.0

Action-Not Available
Vendor-n/aSiemens AGAruba Networks
Product-aruba_instantscalance_w1750d_firmwarescalance_w1750dAruba Instant (IAP)
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-6831
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-1.44% / 79.89%
||
7 Day CHG~0.00%
Published-09 Jul, 2018 | 17:00
Updated-05 Aug, 2024 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The setSystemTime function in Foscam Cameras C1 Lite V3, and C1 V3 with firmware 2.82.2.33 and earlier, FI9800P V3, FI9803P V4, FI9851P V3, and FI9853EP V2 2.84.2.33 and earlier, FI9816P V3, FI9821EP V2, FI9821P V3, FI9826P V3, and FI9831P V3 2.81.2.33 and earlier, C1, C1 V2, C1 Lite, and C1 Lite V2 2.52.2.47 and earlier, FI9800P, FI9800P V2, FI9803P V2, FI9803P V3, and FI9851P V2 2.54.2.47 and earlier, FI9815P, FI9815P V2, FI9816P, and FI9816P V2, 2.51.2.47 and earlier, R2 and R4 2.71.1.59 and earlier, C2 and FI9961EP 2.72.1.59 and earlier, FI9900EP, FI9900P, and FI9901EP 2.74.1.59 and earlier, FI9928P 2.74.1.58 and earlier, FI9803EP and FI9853EP 2.22.2.31 and earlier, FI9803P and FI9851P 2.24.2.31 and earlier, FI9821P V2, FI9826P V2, FI9831P V2, and FI9821EP 2.21.2.31 and earlier, FI9821W V2, FI9831W, FI9826W, FI9821P, FI9831P, and FI9826P 2.11.1.120 and earlier, FI9818W V2 2.13.2.120 and earlier, FI9805W, FI9804W, FI9804P, FI9805E, and FI9805P 2.14.1.120 and earlier, FI9828P, and FI9828W 2.13.1.120 and earlier, and FI9828P V2 2.11.1.133 and earlier allows remote authenticated users to execute arbitrary commands via a ';' in the ntpServer argument. NOTE: this issue exists because of an incomplete fix for CVE-2017-2849.

Action-Not Available
Vendor-foscamn/a
Product-fi9851pfi9928p_firmwarefi9815p_firmwarefi9821pfi9851p_firmwarefi9821ep_firmwarefi9831pfi9815pc1_lite_firmwarefi9805w_firmwarefi9803epfi9961ep_firmwarefi9804w_firmwarec2_firmwarefi9828pfi9828p_firmwarefi9804p_firmwarer4fi9961epfi9821w_firmwarec1_liter4_firmwarefi9901epfi9900epfi9816pc2fi9803ep_firmwarefi9828w_firmwarefi9828wfi9800pfi9826p_firmwarefi9928pfi9853ep_firmwarefi9821epfi9821p_firmwarefi9831p_firmwarefi9803p_firmwarefi9900p_firmwarefi9805efi9900ep_firmwarefi9826wfi9805e_firmwarefi9831w_firmwarefi9818w_firmwarefi9826w_firmwarefi9800p_firmwarefi9853epfi9805p_firmwarefi9826pc1_firmwarec1fi9831wfi9805pfi9804wr2fi9901ep_firmwarefi9803pfi9804pfi9900pfi9818wr2_firmwarefi9816p_firmwarefi9821wfi9805wn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-0328
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-7.2||HIGH
EPSS-1.09% / 76.99%
||
7 Day CHG~0.00%
Published-10 Jul, 2019 | 19:10
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ABAP Tests Modules (SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5) of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights. An attacker could thereby impact the integrity and availability of the system.

Action-Not Available
Vendor-SAP SE
Product-netweaver_process_integrationSAP NetWeaver Process Integration ABAP tests (SAP Basis)
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2009-4644
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9||HIGH
EPSS-0.43% / 61.78%
||
7 Day CHG~0.00%
Published-19 Feb, 2010 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Accellion Secure File Transfer Appliance before 8_0_105 allows remote authenticated administrators to bypass the restricted shell and execute arbitrary commands via shell metacharacters to the ping command, as demonstrated by modifying the cli program.

Action-Not Available
Vendor-n/aAccellion (Kiteworks USA, LLC)
Product-secure_file_transfer_appliancen/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2016-10709
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-77.89% / 98.96%
||
7 Day CHG~0.00%
Published-22 Jan, 2018 | 04:00
Updated-06 Aug, 2024 | 03:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the status_rrd_graph_img.php graph parameter, related to _rrd_graph_img.php.

Action-Not Available
Vendor-pfsensen/a
Product-pfsensen/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2010-4278
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9||HIGH
EPSS-10.32% / 92.88%
||
7 Day CHG~0.00%
Published-02 Dec, 2010 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

operation/agentes/networkmap.php in Pandora FMS before 3.1.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the layout parameter in an operation/agentes/networkmap action to index.php.

Action-Not Available
Vendor-n/aPandora FMS S.L.U.
Product-pandora_fmsn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2016-1297
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.61% / 68.83%
||
7 Day CHG~0.00%
Published-26 Feb, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Device Manager GUI in Cisco Application Control Engine (ACE) 4710 A5 before A5(3.1) allows remote authenticated users to bypass intended RBAC restrictions and execute arbitrary CLI commands with admin privileges via an unspecified parameter in a POST request, aka Bug ID CSCul84801.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-application_control_engine_softwaren/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 13
  • 14
  • Next
Details not found