Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-10958

Summary
Assigner-icscert
Assigner Org ID-7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At-17 Jan, 2020 | 17:53
Updated At-04 Aug, 2024 | 22:40
Rejected At-
Credits

Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to network configuration to supply system commands to the server, leading to remote code execution as root.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:icscert
Assigner Org ID:7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At:17 Jan, 2020 | 17:53
Updated At:04 Aug, 2024 | 22:40
Rejected At:
▼CVE Numbering Authority (CNA)

Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to network configuration to supply system commands to the server, leading to remote code execution as root.

Affected Products
Vendor
n/a
Product
Geutebruck IP Cameras
Versions
Affected
  • G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior
Problem Types
TypeCWE IDDescription
CWECWE-78IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND ('OS COMMAND INJECTION') CWE-78
Type: CWE
CWE ID: CWE-78
Description: IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND ('OS COMMAND INJECTION') CWE-78
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.us-cert.gov/ics/advisories/ICSA-19-155-03
x_refsource_MISC
Hyperlink: https://www.us-cert.gov/ics/advisories/ICSA-19-155-03
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.us-cert.gov/ics/advisories/ICSA-19-155-03
x_refsource_MISC
x_transferred
Hyperlink: https://www.us-cert.gov/ics/advisories/ICSA-19-155-03
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:ics-cert@hq.dhs.gov
Published At:17 Jan, 2020 | 18:15
Updated At:24 Jan, 2020 | 22:16

Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to network configuration to supply system commands to the server, leading to remote code execution as root.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.2HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary2.09.0HIGH
AV:N/AC:L/Au:S/C:C/I:C/A:C
Type: Primary
Version: 3.1
Base score: 7.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 9.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C
CPE Matches

geutebrueck
geutebrueck
>>g-code_eec-2400_firmware>>Versions up to 1.12.0.25(inclusive)
cpe:2.3:o:geutebrueck:g-code_eec-2400_firmware:*:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-code_eec-2400>>-
cpe:2.3:h:geutebrueck:g-code_eec-2400:-:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-cam_ebc-2110_firmware>>Versions up to 1.12.0.25(inclusive)
cpe:2.3:o:geutebrueck:g-cam_ebc-2110_firmware:*:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-cam_ebc-2110>>-
cpe:2.3:h:geutebrueck:g-cam_ebc-2110:-:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-cam_ebc-2111_firmware>>Versions up to 1.12.0.25(inclusive)
cpe:2.3:o:geutebrueck:g-cam_ebc-2111_firmware:*:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-cam_ebc-2111>>-
cpe:2.3:h:geutebrueck:g-cam_ebc-2111:-:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-cam_efd-2240_firmware>>Versions up to 1.12.0.25(inclusive)
cpe:2.3:o:geutebrueck:g-cam_efd-2240_firmware:*:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-cam_efd-2240>>-
cpe:2.3:h:geutebrueck:g-cam_efd-2240:-:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-cam_efd-2241_firmware>>Versions up to 1.12.0.25(inclusive)
cpe:2.3:o:geutebrueck:g-cam_efd-2241_firmware:*:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-cam_efd-2241>>-
cpe:2.3:h:geutebrueck:g-cam_efd-2241:-:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-cam_efd-2250_firmware>>Versions up to 1.12.0.25(inclusive)
cpe:2.3:o:geutebrueck:g-cam_efd-2250_firmware:*:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-cam_efd-2250>>-
cpe:2.3:h:geutebrueck:g-cam_efd-2250:-:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-cam_ethc-2230_firmware>>Versions up to 1.12.0.25(inclusive)
cpe:2.3:o:geutebrueck:g-cam_ethc-2230_firmware:*:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-cam_ethc-2230>>-
cpe:2.3:h:geutebrueck:g-cam_ethc-2230:-:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-cam_ethc-2240_firmware>>Versions up to 1.12.0.25(inclusive)
cpe:2.3:o:geutebrueck:g-cam_ethc-2240_firmware:*:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-cam_ethc-2240>>-
cpe:2.3:h:geutebrueck:g-cam_ethc-2240:-:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-cam_ethc-2239_firmware>>Versions up to 1.12.0.25(inclusive)
cpe:2.3:o:geutebrueck:g-cam_ethc-2239_firmware:*:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-cam_ethc-2239>>-
cpe:2.3:h:geutebrueck:g-cam_ethc-2239:-:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-cam_ethc-2249_firmware>>Versions up to 1.12.0.25(inclusive)
cpe:2.3:o:geutebrueck:g-cam_ethc-2249_firmware:*:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-cam_ethc-2249>>-
cpe:2.3:h:geutebrueck:g-cam_ethc-2249:-:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-cam_ewpc-2270_firmware>>Versions up to 1.12.0.25(inclusive)
cpe:2.3:o:geutebrueck:g-cam_ewpc-2270_firmware:*:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-cam_ewpc-2270>>-
cpe:2.3:h:geutebrueck:g-cam_ewpc-2270:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-78Primarynvd@nist.gov
CWE-78Secondaryics-cert@hq.dhs.gov
CWE ID: CWE-78
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-78
Type: Secondary
Source: ics-cert@hq.dhs.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://www.us-cert.gov/ics/advisories/ICSA-19-155-03ics-cert@hq.dhs.gov
Third Party Advisory
US Government Resource
Hyperlink: https://www.us-cert.gov/ics/advisories/ICSA-19-155-03
Source: ics-cert@hq.dhs.gov
Resource:
Third Party Advisory
US Government Resource

Change History

0
Information is not available yet

Similar CVEs

1195Records found

CVE-2019-10956
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.2||HIGH
EPSS-2.71% / 84.15%
||
7 Day CHG~0.00%
Published-17 Jan, 2020 | 17:52
Updated-04 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated user, using a specially crafted URL command, to execute commands as root.

Action-Not Available
Vendor-geutebrueckn/a
Product-g-cam_ethc-2239g-cam_efd-2250g-cam_efd-2240_firmwareg-cam_ethc-2249g-cam_ethc-2230_firmwareg-code_eec-2400g-cam_ebc-2111g-cam_efd-2240g-cam_ebc-2110g-cam_ebc-2111_firmwareg-cam_ethc-2249_firmwareg-cam_ethc-2240g-cam_efd-2250_firmwareg-cam_ethc-2239_firmwareg-cam_ebc-2110_firmwareg-code_eec-2400_firmwareg-cam_ethc-2230g-cam_ewpc-2270g-cam_efd-2241g-cam_efd-2241_firmwareg-cam_ewpc-2270_firmwareg-cam_ethc-2240_firmwareGeutebruck IP Cameras
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-33553
Matching Score-10
Assigner-CERT@VDE
ShareView Details
Matching Score-10
Assigner-CERT@VDE
CVSS Score-7.2||HIGH
EPSS-47.46% / 98.70%
||
7 Day CHG~0.00%
Published-13 Sep, 2021 | 17:55
Updated-16 Sep, 2024 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
UDP Technology/Geutebrück camera devices: Command injection in command parameter leading to RCE

Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.

Action-Not Available
Vendor-geutebrueckGeutebrück
Product-g-cam_ethc-2249g-cam_ethc-2230_firmwareg-cam_efd-2251_firmwareg-code_eec-2400g-code_een-2010_firmwareg-code_een-2040_firmwareg-cam_ebc-2112_firmwareg-cam_ethc-2230g-code_een-2010g-cam_ewpc-2270_firmwareg-code_een-2040g-cam_ethc-2240_firmwareg-cam_ebc-2112g-cam_ewpc-2275g-cam_ewpc-2271_firmwareg-cam_ewpc-2271g-cam_ethc-2239g-cam_efd-2250g-cam_efd-2251g-cam_ebc-2111g-cam_ebc-2110g-cam_ebc-2111_firmwareg-cam_ethc-2249_firmwareg-cam_ethc-2240g-cam_efd-2250_firmwareg-cam_ethc-2239_firmwareg-cam_ebc-2110_firmwareg-code_eec-2400_firmwareg-cam_ewpc-2270g-cam_efd-2241g-cam_efd-2241_firmwareg-cam_ewpc-2275_firmwareEncoder G-CodeE2 Series
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-33554
Matching Score-10
Assigner-CERT@VDE
ShareView Details
Matching Score-10
Assigner-CERT@VDE
CVSS Score-7.2||HIGH
EPSS-55.72% / 98.92%
||
7 Day CHG~0.00%
Published-13 Sep, 2021 | 17:55
Updated-17 Sep, 2024 | 03:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
UDP Technology/Geutebrück camera devices: Command injection in appfile.filename parameter leading to RCE

Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.

Action-Not Available
Vendor-geutebrueckGeutebrück
Product-g-cam_ethc-2249g-cam_ethc-2230_firmwareg-cam_efd-2251_firmwareg-code_eec-2400g-code_een-2010_firmwareg-code_een-2040_firmwareg-cam_ebc-2112_firmwareg-cam_ethc-2230g-code_een-2010g-cam_ewpc-2270_firmwareg-code_een-2040g-cam_ethc-2240_firmwareg-cam_ebc-2112g-cam_ewpc-2275g-cam_ewpc-2271_firmwareg-cam_ewpc-2271g-cam_ethc-2239g-cam_efd-2250g-cam_efd-2251g-cam_ebc-2111g-cam_ebc-2110g-cam_ebc-2111_firmwareg-cam_ethc-2249_firmwareg-cam_ethc-2240g-cam_efd-2250_firmwareg-cam_ethc-2239_firmwareg-cam_ebc-2110_firmwareg-code_eec-2400_firmwareg-cam_ewpc-2270g-cam_efd-2241g-cam_efd-2241_firmwareg-cam_ewpc-2275_firmwareEncoder G-CodeE2 Series
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-33550
Matching Score-10
Assigner-CERT@VDE
ShareView Details
Matching Score-10
Assigner-CERT@VDE
CVSS Score-7.2||HIGH
EPSS-55.72% / 98.92%
||
7 Day CHG~0.00%
Published-13 Sep, 2021 | 17:55
Updated-17 Sep, 2024 | 01:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
UDP Technology/Geutebrück camera devices: Command injection in date parameter leading to RCE

Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.

Action-Not Available
Vendor-geutebrueckGeutebrück
Product-g-cam_ethc-2249g-cam_ethc-2230_firmwareg-cam_efd-2251_firmwareg-code_eec-2400g-code_een-2010_firmwareg-code_een-2040_firmwareg-cam_ebc-2112_firmwareg-cam_ethc-2230g-code_een-2010g-cam_ewpc-2270_firmwareg-code_een-2040g-cam_ethc-2240_firmwareg-cam_ebc-2112g-cam_ewpc-2275g-cam_ewpc-2271_firmwareg-cam_ewpc-2271g-cam_ethc-2239g-cam_efd-2250g-cam_efd-2251g-cam_ebc-2111g-cam_ebc-2110g-cam_ebc-2111_firmwareg-cam_ethc-2249_firmwareg-cam_ethc-2240g-cam_efd-2250_firmwareg-cam_ethc-2239_firmwareg-cam_ebc-2110_firmwareg-code_eec-2400_firmwareg-cam_ewpc-2270g-cam_efd-2241g-cam_efd-2241_firmwareg-cam_ewpc-2275_firmwareEncoder G-CodeE2 Series
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-33544
Matching Score-10
Assigner-CERT@VDE
ShareView Details
Matching Score-10
Assigner-CERT@VDE
CVSS Score-7.2||HIGH
EPSS-94.62% / 99.85%
||
7 Day CHG~0.00%
Published-13 Sep, 2021 | 17:55
Updated-16 Sep, 2024 | 17:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
UDP Technology/Geutebrück camera devices: command injection leading to RCE

Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.

Action-Not Available
Vendor-geutebrueckGeutebrück
Product-g-cam_ethc-2249g-cam_ethc-2230_firmwareg-cam_efd-2251_firmwareg-code_eec-2400g-code_een-2010_firmwareg-code_een-2040_firmwareg-cam_ebc-2112_firmwareg-cam_ethc-2230g-code_een-2010g-cam_ewpc-2270_firmwareg-code_een-2040g-cam_ethc-2240_firmwareg-cam_ebc-2112g-cam_ewpc-2275g-cam_ewpc-2271_firmwareg-cam_ewpc-2271g-cam_ethc-2239g-cam_efd-2250g-cam_efd-2251g-cam_ebc-2111g-cam_ebc-2110g-cam_ebc-2111_firmwareg-cam_ethc-2249_firmwareg-cam_ethc-2240g-cam_efd-2250_firmwareg-cam_ethc-2239_firmwareg-cam_ebc-2110_firmwareg-code_eec-2400_firmwareg-cam_ewpc-2270g-cam_efd-2241g-cam_efd-2241_firmwareg-cam_ewpc-2275_firmwareEncoder G-CodeE2 Series
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-33548
Matching Score-10
Assigner-CERT@VDE
ShareView Details
Matching Score-10
Assigner-CERT@VDE
CVSS Score-7.2||HIGH
EPSS-55.72% / 98.92%
||
7 Day CHG~0.00%
Published-13 Sep, 2021 | 17:55
Updated-16 Sep, 2024 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
UDP Technology/Geutebrück camera devices: Command injection in preserve parameter leading to RCE

Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.

Action-Not Available
Vendor-geutebrueckGeutebrück
Product-g-cam_ethc-2249g-cam_ethc-2230_firmwareg-cam_efd-2251_firmwareg-code_eec-2400g-code_een-2010_firmwareg-code_een-2040_firmwareg-cam_ebc-2112_firmwareg-cam_ethc-2230g-code_een-2010g-cam_ewpc-2270_firmwareg-code_een-2040g-cam_ethc-2240_firmwareg-cam_ebc-2112g-cam_ewpc-2275g-cam_ewpc-2271_firmwareg-cam_ewpc-2271g-cam_ethc-2239g-cam_efd-2250g-cam_efd-2251g-cam_ebc-2111g-cam_ebc-2110g-cam_ebc-2111_firmwareg-cam_ethc-2249_firmwareg-cam_ethc-2240g-cam_efd-2250_firmwareg-cam_ethc-2239_firmwareg-cam_ebc-2110_firmwareg-code_eec-2400_firmwareg-cam_ewpc-2270g-cam_efd-2241g-cam_efd-2241_firmwareg-cam_ewpc-2275_firmwareEncoder G-CodeE2 Series
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-33552
Matching Score-10
Assigner-CERT@VDE
ShareView Details
Matching Score-10
Assigner-CERT@VDE
CVSS Score-7.2||HIGH
EPSS-47.46% / 98.70%
||
7 Day CHG~0.00%
Published-13 Sep, 2021 | 17:55
Updated-17 Sep, 2024 | 01:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
UDP Technology/Geutebrück camera devices: Command injection in date parameter leading to RCE

Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.

Action-Not Available
Vendor-geutebrueckGeutebrück
Product-g-cam_ethc-2249g-cam_ethc-2230_firmwareg-cam_efd-2251_firmwareg-code_eec-2400g-code_een-2010_firmwareg-code_een-2040_firmwareg-cam_ebc-2112_firmwareg-cam_ethc-2230g-code_een-2010g-cam_ewpc-2270_firmwareg-code_een-2040g-cam_ethc-2240_firmwareg-cam_ebc-2112g-cam_ewpc-2275g-cam_ewpc-2271_firmwareg-cam_ewpc-2271g-cam_ethc-2239g-cam_efd-2250g-cam_efd-2251g-cam_ebc-2111g-cam_ebc-2110g-cam_ebc-2111_firmwareg-cam_ethc-2249_firmwareg-cam_ethc-2240g-cam_efd-2250_firmwareg-cam_ethc-2239_firmwareg-cam_ebc-2110_firmwareg-code_eec-2400_firmwareg-cam_ewpc-2270g-cam_efd-2241g-cam_efd-2241_firmwareg-cam_ewpc-2275_firmwareEncoder G-CodeE2 Series
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-33551
Matching Score-10
Assigner-CERT@VDE
ShareView Details
Matching Score-10
Assigner-CERT@VDE
CVSS Score-7.2||HIGH
EPSS-47.46% / 98.70%
||
7 Day CHG~0.00%
Published-13 Sep, 2021 | 17:55
Updated-16 Sep, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
UDP Technology/Geutebrück camera devices: Command injection in environment.lang parameter leading to RCE

Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.

Action-Not Available
Vendor-geutebrueckGeutebrück
Product-g-cam_ethc-2249g-cam_ethc-2230_firmwareg-cam_efd-2251_firmwareg-code_eec-2400g-code_een-2010_firmwareg-code_een-2040_firmwareg-cam_ebc-2112_firmwareg-cam_ethc-2230g-code_een-2010g-cam_ewpc-2270_firmwareg-code_een-2040g-cam_ethc-2240_firmwareg-cam_ebc-2112g-cam_ewpc-2275g-cam_ewpc-2271_firmwareg-cam_ewpc-2271g-cam_ethc-2239g-cam_efd-2250g-cam_efd-2251g-cam_ebc-2111g-cam_ebc-2110g-cam_ebc-2111_firmwareg-cam_ethc-2249_firmwareg-cam_ethc-2240g-cam_efd-2250_firmwareg-cam_ethc-2239_firmwareg-cam_ebc-2110_firmwareg-code_eec-2400_firmwareg-cam_ewpc-2270g-cam_efd-2241g-cam_efd-2241_firmwareg-cam_ewpc-2275_firmwareEncoder G-CodeE2 Series
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-16205
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.2||HIGH
EPSS-60.44% / 99.03%
||
7 Day CHG~0.00%
Published-14 Aug, 2020 | 13:56
Updated-04 Aug, 2024 | 13:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Using a specially crafted URL command, a remote authenticated user can execute commands as root on the G-Cam and G-Code (Firmware Versions 1.12.0.25 and prior as well as the limited Versions 1.12.13.2 and 1.12.14.5).

Action-Not Available
Vendor-geutebrueckn/a
Product-g-cam_ethc-2239g-cam_efd-2250g-cam_efd-2240_firmwareg-cam_ethc-2249g-cam_ethc-2230_firmwareg-code_eec-2400g-cam_ebc-2111g-cam_efd-2240g-cam_ebc-2110g-cam_ebc-2111_firmwareg-cam_ethc-2249_firmwareg-cam_ethc-2240g-cam_efd-2250_firmwareg-cam_ethc-2239_firmwareg-cam_ebc-2110_firmwareg-code_eec-2400_firmwareg-cam_ethc-2230g-cam_ewpc-2270g-cam_efd-2241g-cam_efd-2241_firmwareg-cam_ewpc-2270_firmwareg-cam_ethc-2240_firmwareG-Cam and G-Code
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-33545
Matching Score-8
Assigner-CERT@VDE
ShareView Details
Matching Score-8
Assigner-CERT@VDE
CVSS Score-7.2||HIGH
EPSS-2.65% / 83.78%
||
7 Day CHG~0.00%
Published-13 Sep, 2021 | 17:55
Updated-17 Sep, 2024 | 01:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
UDP Technology/Geutebrück camera devices: Buffer overflow in counter parameter leading to RCE

Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the counter parameter which may allow an attacker to remotely execute arbitrary code.

Action-Not Available
Vendor-geutebrueckGeutebrück
Product-g-cam_ethc-2249g-cam_ethc-2230_firmwareg-cam_efd-2251_firmwareg-code_eec-2400g-code_een-2010_firmwareg-code_een-2040_firmwareg-cam_ebc-2112_firmwareg-cam_ethc-2230g-code_een-2010g-cam_ewpc-2270_firmwareg-code_een-2040g-cam_ethc-2240_firmwareg-cam_ebc-2112g-cam_ewpc-2275g-cam_ewpc-2271_firmwareg-cam_ewpc-2271g-cam_ethc-2239g-cam_efd-2250g-cam_efd-2251g-cam_ebc-2111g-cam_ebc-2110g-cam_ebc-2111_firmwareg-cam_ethc-2249_firmwareg-cam_ethc-2240g-cam_efd-2250_firmwareg-cam_ethc-2239_firmwareg-cam_ebc-2110_firmwareg-code_eec-2400_firmwareg-cam_ewpc-2270g-cam_efd-2241g-cam_efd-2241_firmwareg-cam_ewpc-2275_firmwareEncoder G-CodeE2 Series
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-33547
Matching Score-8
Assigner-CERT@VDE
ShareView Details
Matching Score-8
Assigner-CERT@VDE
CVSS Score-7.2||HIGH
EPSS-2.65% / 83.78%
||
7 Day CHG~0.00%
Published-13 Sep, 2021 | 17:55
Updated-17 Sep, 2024 | 02:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
UDP Technology/Geutebrück camera devices: Buffer overflow in profile parameter leading to RCE

Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the profile parameter which may allow an attacker to remotely execute arbitrary code.

Action-Not Available
Vendor-geutebrueckGeutebrück
Product-g-cam_ethc-2249g-cam_ethc-2230_firmwareg-cam_efd-2251_firmwareg-code_eec-2400g-code_een-2010_firmwareg-code_een-2040_firmwareg-cam_ebc-2112_firmwareg-cam_ethc-2230g-code_een-2010g-cam_ewpc-2270_firmwareg-code_een-2040g-cam_ethc-2240_firmwareg-cam_ebc-2112g-cam_ewpc-2275g-cam_ewpc-2271_firmwareg-cam_ewpc-2271g-cam_ethc-2239g-cam_efd-2250g-cam_efd-2251g-cam_ebc-2111g-cam_ebc-2110g-cam_ebc-2111_firmwareg-cam_ethc-2249_firmwareg-cam_ethc-2240g-cam_efd-2250_firmwareg-cam_ethc-2239_firmwareg-cam_ebc-2110_firmwareg-code_eec-2400_firmwareg-cam_ewpc-2270g-cam_efd-2241g-cam_efd-2241_firmwareg-cam_ewpc-2275_firmwareEncoder G-CodeE2 Series
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2021-33546
Matching Score-8
Assigner-CERT@VDE
ShareView Details
Matching Score-8
Assigner-CERT@VDE
CVSS Score-7.2||HIGH
EPSS-2.65% / 83.78%
||
7 Day CHG~0.00%
Published-13 Sep, 2021 | 17:55
Updated-17 Sep, 2024 | 04:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
UDP Technology/Geutebrück camera devices: Buffer overflow in name parameter leading to RCE

Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the name parameter, which may allow an attacker to remotely execute arbitrary code.

Action-Not Available
Vendor-geutebrueckGeutebrück
Product-g-cam_ethc-2249g-cam_ethc-2230_firmwareg-cam_efd-2251_firmwareg-code_eec-2400g-code_een-2010_firmwareg-code_een-2040_firmwareg-cam_ebc-2112_firmwareg-cam_ethc-2230g-code_een-2010g-cam_ewpc-2270_firmwareg-code_een-2040g-cam_ethc-2240_firmwareg-cam_ebc-2112g-cam_ewpc-2275g-cam_ewpc-2271_firmwareg-cam_ewpc-2271g-cam_ethc-2239g-cam_efd-2250g-cam_efd-2251g-cam_ebc-2111g-cam_ebc-2110g-cam_ebc-2111_firmwareg-cam_ethc-2249_firmwareg-cam_ethc-2240g-cam_efd-2250_firmwareg-cam_ethc-2239_firmwareg-cam_ebc-2110_firmwareg-code_eec-2400_firmwareg-cam_ewpc-2270g-cam_efd-2241g-cam_efd-2241_firmwareg-cam_ewpc-2275_firmwareEncoder G-CodeE2 Series
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2021-33549
Matching Score-8
Assigner-CERT@VDE
ShareView Details
Matching Score-8
Assigner-CERT@VDE
CVSS Score-7.2||HIGH
EPSS-66.19% / 99.19%
||
7 Day CHG~0.00%
Published-13 Sep, 2021 | 17:55
Updated-17 Sep, 2024 | 00:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
UDP Technology/Geutebrück camera devices: Buffer overflow in action parameter leading to RCE

Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the action parameter, which may allow an attacker to remotely execute arbitrary code.

Action-Not Available
Vendor-geutebrueckGeutebrück
Product-g-cam_ethc-2249g-cam_ethc-2230_firmwareg-cam_efd-2251_firmwareg-code_eec-2400g-code_een-2010_firmwareg-code_een-2040_firmwareg-cam_ebc-2112_firmwareg-cam_ethc-2230g-code_een-2010g-cam_ewpc-2270_firmwareg-code_een-2040g-cam_ethc-2240_firmwareg-cam_ebc-2112g-cam_ewpc-2275g-cam_ewpc-2271_firmwareg-cam_ewpc-2271g-cam_ethc-2239g-cam_efd-2250g-cam_efd-2251g-cam_ebc-2111g-cam_ebc-2110g-cam_ebc-2111_firmwareg-cam_ethc-2249_firmwareg-cam_ethc-2240g-cam_efd-2250_firmwareg-cam_ethc-2239_firmwareg-cam_ebc-2110_firmwareg-code_eec-2400_firmwareg-cam_ewpc-2270g-cam_efd-2241g-cam_efd-2241_firmwareg-cam_ewpc-2275_firmwareEncoder G-CodeE2 Series
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2018-19007
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-3.88% / 88.95%
||
7 Day CHG~0.00%
Published-14 Dec, 2018 | 20:00
Updated-05 Aug, 2024 | 11:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Geutebrueck GmbH E2 Camera Series versions prior to 1.12.0.25 the DDNS configuration (in the Network Configuration panel) is vulnerable to an OS system command injection as root.

Action-Not Available
Vendor-geutebrueckn/a
Product-g-cam\/ewpc-2275g-cam\/efd-2251_firmwareg-cam\/efd-2251g-cam\/ewpc-2275_firmwareGeutebrück GmbH E2 Camera Series versions prior to 1.12.0.25
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2017-5173
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-29.58% / 97.96%
||
7 Day CHG~0.00%
Published-19 May, 2017 | 02:43
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Improper Neutralization of Special Elements (in an OS command) issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An improper neutralization of special elements vulnerability has been identified. If special elements are not properly neutralized, an attacker can call multiple parameters that can allow access to the root level operating system which could allow remote code execution.

Action-Not Available
Vendor-geutebrueckn/a
Product-ip_camera_g-cam_efd-2250_firmwareip_camera_g-cam_efd-2250Geutebruck IP Cameras
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-35576
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-42.29% / 98.53%
||
7 Day CHG~0.00%
Published-25 Jan, 2021 | 00:00
Updated-04 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Command Injection issue in the traceroute feature on TP-Link TL-WR841N V13 (JP) with firmware versions prior to 201216 allows authenticated users to execute arbitrary code as root via shell metacharacters, a different vulnerability than CVE-2018-12577.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tl-wr841ntl-wr841n_firmwaren/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-3332
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.1||HIGH
EPSS-3.18% / 86.50%
||
7 Day CHG~0.00%
Published-16 Jul, 2020 | 17:21
Updated-15 Nov, 2024 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers Command Shell Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker to inject arbitrary shell commands that are executed by an affected device. The vulnerability is due to insufficient input validation of user-supplied data. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary shell commands or scripts with root privileges on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130_vpn_routerrv130_vpn_router_firmwarerv215w_wireless-n_vpn_routerrv110w_wireless-n_vpn_firewall_firmwarerv215w_wireless-n_vpn_router_firmwarerv130w_wireless-n_multifunction_vpn_routerrv110w_wireless-n_vpn_firewallrv130w_wireless-n_multifunction_vpn_router_firmwareCisco RV130W Wireless-N Multifunction VPN Router Firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-43483
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.1||CRITICAL
EPSS-1.24% / 65.43%
||
7 Day CHG~0.00%
Published-18 Jan, 2023 | 00:37
Updated-07 Nov, 2023 | 03:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE-2022-43483

Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 does not properly validate the input module name to the monitor services of the software. This could allow a remote attacker to access sensitive functions of the application and execute arbitrary system commands.

Action-Not Available
Vendor-sewioSewio
Product-real-time_location_system_studioRTLS Studio
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-16213
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-2.94% / 85.45%
||
7 Day CHG~0.00%
Published-25 Jun, 2020 | 19:19
Updated-05 Aug, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted string, an attacker could modify the device name of an attached PLC adapter to inject and execute arbitrary commands on the system with root privileges.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-pa6pa6_firmwaren/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2014-0163
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-1.99% / 78.23%
||
7 Day CHG~0.00%
Published-11 Dec, 2019 | 15:33
Updated-06 Aug, 2024 | 09:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Openshift has shell command injection flaws due to unsanitized data being passed into shell commands.

Action-Not Available
Vendor-OpenshiftRed Hat, Inc.
Product-openshiftOpenshift
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-1614
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-4.03% / 89.36%
||
7 Day CHG-0.08%
Published-11 Mar, 2019 | 22:00
Updated-20 Nov, 2024 | 17:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software NX-API Command Injection Vulnerability

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The vulnerability is due to incorrect input validation of user-supplied data by the NX-API subsystem. An attacker could exploit this vulnerability by sending malicious HTTP or HTTPS packets to the management interface of an affected system that has the NX-API feature enabled. A successful exploit could allow the attacker to perform a command-injection attack and execute arbitrary commands with root privileges. Note: NX-API is disabled by default. MDS 9000 Series Multilayer Switches are affected running software versions prior to 8.1(1b) and 8.2(3). Nexus 3000 Series Switches are affected running software versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 3500 Platform Switches are affected running software versions prior to 7.0(3)I7(4). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected running software versions prior to 7.3(4)N1(1). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected running software versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 7000 and 7700 Series Switches are affected running software versions prior to 7.3(3)D1(1) and 8.2(3).

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_3500nexus_9000mds_9000nexus_5500nx-osnexus_3000nexus_6000nexus_7000nexus_2000nexus_5600nexus_7700MDS 9000 Series Multilayer SwitchesNexus 9000 Series Switches in Standalone NX-OS ModeNexus 7000 and 7700 Series SwitchesNexus 3500 Platform SwitchesNexus 2000, 5500, 5600, and 6000 Series SwitchesNexus 3000 Series Switches
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-7461
Matching Score-4
Assigner-Amazon
ShareView Details
Matching Score-4
Assigner-Amazon
CVSS Score-7.5||HIGH
EPSS-0.55% / 41.83%
||
7 Day CHG~0.00%
Published-30 Apr, 2026 | 18:35
Updated-05 May, 2026 | 02:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OS Command Injection in Amazon ECS Agent via FSx Windows File Server Volume Credentials

Improper neutralization of inputs used in an OS command in the FSx Windows File Server volume mounting component in Amazon ECS Agent on Windows before version 1.103.0 might allow a remote authenticated threat actor to execute shell commands with SYSTEM privileges on the underlying host via a specially crafted username field in an ECS task definition. This issue requires permissions to register ECS task definitions or write to the Secrets Manager or SSM Parameter Store credentials used by the FSx volume configuration. To remediate this issue, users should upgrade to version 1.103.0.

Action-Not Available
Vendor-amazonAWS
Product-amazon_ecs_container_agentAmazon ECS Agent
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-43907
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.2||HIGH
EPSS-1.02% / 59.10%
||
7 Day CHG~0.00%
Published-27 Aug, 2023 | 22:38
Updated-01 Oct, 2024 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Guardium command execution

IBM Security Guardium 11.4 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 240901.

Action-Not Available
Vendor-IBM Corporation
Product-security_guardiumSecurity Guardiumsecurity_guardium
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-2257
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-7.2||HIGH
EPSS-0.79% / 51.81%
||
7 Day CHG+0.06%
Published-26 Mar, 2025 | 08:21
Updated-08 Apr, 2026 | 16:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid <= 1.16.10 - Authenticated (Admin+) Command Injection

The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.16.10 via the compression_level setting. This is due to the plugin using the compression_level setting in proc_open() without any validation. This makes it possible for authenticated attackers, with administrator-level access and above, to execute code on the server.

Action-Not Available
Vendor-BoldGrid (InMotion Hosting, Inc.)
Product-total_upkeepTotal Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-43973
Matching Score-4
Assigner-Trellix
ShareView Details
Matching Score-4
Assigner-Trellix
CVSS Score-7.2||HIGH
EPSS-1.85% / 76.59%
||
7 Day CHG~0.00%
Published-09 Jan, 2023 | 00:00
Updated-09 Apr, 2025 | 14:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arbitrary code execution in Linksys WRT54GL

An arbitrary code execution vulnerability exisits in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. The Check_TSSI function within the httpd binary uses unvalidated user input in the construction of a system command. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious POST request to /apply.cgi to execute arbitrary commands on the underlying Linux operating system as root.

Action-Not Available
Vendor-Linksys Holdings, Inc.
Product-wrt54glwrt54gl_firmwareWRT54GL Wireless-G Broadband Router
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-43538
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-1.44% / 69.91%
||
7 Day CHG~0.00%
Published-03 Jan, 2023 | 20:05
Updated-10 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploits could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)Aruba Networks
Product-clearpass_policy_managerAruba ClearPass Policy Manager
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2013-7103
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9||HIGH
EPSS-4.32% / 89.98%
||
7 Day CHG~0.00%
Published-14 Dec, 2013 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

McAfee Email Gateway 7.6 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the value attribute in a (1) TestFile XML element or the (2) hostname. NOTE: this issue can be combined with CVE-2013-7092 to allow remote attackers to execute commands.

Action-Not Available
Vendor-n/aMcAfee, LLC
Product-email_gatewayn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-8259
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-4.45% / 90.24%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 01:00
Updated-11 May, 2026 | 17:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC6 httpd telnet os command injection

A vulnerability has been found in Tenda AC6 2.0/15.03.06.23. The affected element is an unknown function of the file /goform/telnet of the component httpd. The manipulation of the argument lan.ip leads to os command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac6ac6_firmwareAC6
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-8265
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-4.41% / 90.16%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 02:30
Updated-11 May, 2026 | 17:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC6 httpd getLogFile get_log_file os command injection

A security vulnerability has been detected in Tenda AC6 15.03.06.23. Affected by this issue is the function get_log_file of the file /goform/getLogFile of the component httpd. The manipulation of the argument wans.flag leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac6ac6_firmwareAC6
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-43536
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-1.41% / 69.39%
||
7 Day CHG~0.00%
Published-03 Jan, 2023 | 20:03
Updated-10 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploits could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)Aruba Networks
Product-clearpass_policy_managerAruba ClearPass Policy Manager
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-43537
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-1.44% / 69.91%
||
7 Day CHG~0.00%
Published-03 Jan, 2023 | 20:04
Updated-10 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploits could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)Aruba Networks
Product-clearpass_policy_managerAruba ClearPass Policy Manager
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-8271
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-4.64% / 90.60%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 04:00
Updated-11 May, 2026 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DNS-320 network_mgr.cgi cgi_upnp_edit os command injection

A vulnerability was identified in D-Link DNS-320 2.06B01. The impacted element is the function cgi_speed/cgi_dhcpd_lease/cgi_ddns/cgi_set_ip/cgi_upnp_del/cgi_dhcpd/cgi_upnp_add/cgi_upnp_edit of the file /cgi-bin/network_mgr.cgi. The manipulation leads to os command injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.

Action-Not Available
Vendor-D-Link Corporation
Product-dns-320dns-320_firmwareDNS-320
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-8272
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-5.59% / 91.95%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 04:15
Updated-12 May, 2026 | 13:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DNS-320 webfile_mgr.cgi chown os command injection

A security flaw has been discovered in D-Link DNS-320 2.06B01. This affects the function delete/rename/copy/move/chmod/chown of the file /cgi-bin/webfile_mgr.cgi. The manipulation results in os command injection. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.

Action-Not Available
Vendor-D-Link Corporation
Product-dns-320dns-320_firmwareDNS-320
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-8273
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-4.54% / 90.41%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 04:30
Updated-11 May, 2026 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DNS-320 system_mgr.cgi cgi_merge_user os command injection

A weakness has been identified in D-Link DNS-320 2.06B01. This impacts the function cgi_set_host/cgi_set_ntp/cgi_fan_control/cgi_merge_user of the file /cgi-bin/system_mgr.cgi. This manipulation causes os command injection. It is possible to initiate the attack remotely.

Action-Not Available
Vendor-D-Link Corporation
Product-dns-320dns-320_firmwareDNS-320
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-16663
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-84.70% / 99.68%
||
7 Day CHG~0.00%
Published-28 Oct, 2019 | 11:53
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to search.crud.php because the catCommand parameter is passed to the exec function without filtering, which can lead to command execution.

Action-Not Available
Vendor-rconfign/a
Product-rconfign/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-8051
Matching Score-4
Assigner-Ivanti
ShareView Details
Matching Score-4
Assigner-Ivanti
CVSS Score-7.2||HIGH
EPSS-1.91% / 77.33%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 14:24
Updated-15 May, 2026 | 13:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OS command injection in Ivanti Virtual Traffic Manager before version 22.9r4 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

Action-Not Available
Vendor-Ivanti Software
Product-virtual_traffic_managerVirtual Traffic Manager
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-22604
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-5.29% / 91.58%
||
7 Day CHG~0.00%
Published-27 Jan, 2025 | 17:06
Updated-03 Nov, 2025 | 21:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cacti has Authenticated RCE via multi-line SNMP responses

Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response. When processed by ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), a part of each OID will be used as a key in an array that is used as part of a system command, causing a command execution vulnerability. This vulnerability is fixed in 1.2.29.

Action-Not Available
Vendor-The Cacti Group, Inc.
Product-cacticacti
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-1674
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-10.76% / 95.29%
||
7 Day CHG~0.00%
Published-28 Feb, 2019 | 18:00
Updated-20 Nov, 2024 | 17:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools Update Service Command Injection Vulnerability

A vulnerability in the update service of Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user. The vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by invoking the update service command with a crafted argument. An exploit could allow the attacker to run arbitrary commands with SYSTEM user privileges. While the CVSS Attack Vector metric denotes the requirement for an attacker to have local access, administrators should be aware that in Active Directory deployments, the vulnerability could be exploited remotely by leveraging the operating system remote management tools. This vulnerability is fixed in Cisco Webex Meetings Desktop App Release 33.6.6 and 33.9.1 releases. This vulnerability is fixed in Cisco Webex Productivity Tools Release 33.0.7.

Action-Not Available
Vendor-Cisco Systems, Inc.Microsoft Corporation
Product-windowswebex_meetingswebex_meetings_onlinewebex_productivity_toolsCisco Webex Meetings Desktop AppCisco Webex Productivity Tools
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-25759
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-2.27% / 80.96%
||
7 Day CHG~0.00%
Published-15 Dec, 2020 | 19:28
Updated-04 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on D-Link DSR-250 3.17 devices. Certain functionality in the Unified Services Router web interface could allow an authenticated attacker to execute arbitrary commands, due to a lack of validation of inputs provided in multipart HTTP POST requests.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dsr-500_firmwaredsr-1000_firmwaredsr-500dsr-500n_firmwaredsr-150dsr-250ndsr-150ndsr-250n_firmwaredsr-1000n_firmwaredsr-250dsr-150n_firmwaredsr-500acdsr-1000ac_firmwaredsr-150_firmwaredsr-1000dsr-1000acdsr-500ac_firmwaredsr-500ndsr-250_firmwaredsr-1000nn/a
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-6204
Matching Score-4
Assigner-ab69c47f-b95e-4bf2-b2d9-4b1fd1b24b4a
ShareView Details
Matching Score-4
Assigner-ab69c47f-b95e-4bf2-b2d9-4b1fd1b24b4a
CVSS Score-8.5||HIGH
EPSS-7.53% / 93.76%
||
7 Day CHG~0.00%
Published-13 Apr, 2026 | 10:56
Updated-22 Apr, 2026 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LibreNMS versions before 26.3.0 are affected by an authenticated remote code execution vulnerability by abusing the Binary Locations config and the Netcommand feature. Successful exploitation requires administrative privileges. Exploitation could result in compromise of the underlying web server.

Action-Not Available
Vendor-LibreNMS
Product-librenmslibrenms
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-6483
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.6||HIGH
EPSS-14.13% / 96.13%
||
7 Day CHG~0.00%
Published-17 Apr, 2026 | 10:30
Updated-22 Apr, 2026 | 20:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wavlink WL-WN530H4 internet.cgi snprintf os command injection

A vulnerability was found in Wavlink WL-WN530H4 20220721. This vulnerability affects the function strcat/snprintf of the file /cgi-bin/internet.cgi. The manipulation results in os command injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. Upgrading to version 2026.04.16 is able to resolve this issue. Upgrading the affected component is recommended.

Action-Not Available
Vendor-WAVLINK Technology Ltd.
Product-WL-WN530H4
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-6992
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.6||HIGH
EPSS-6.06% / 92.50%
||
7 Day CHG~0.00%
Published-25 Apr, 2026 | 18:00
Updated-30 Apr, 2026 | 14:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Linksys MR9600 JNAP Action run_central2.sh BTRequestGetSmartConnectStatus os command injection

A vulnerability was identified in Linksys MR9600 2.0.6.206937. This affects the function BTRequestGetSmartConnectStatus of the file /etc/init.d/run_central2.sh of the component JNAP Action Handler. The manipulation of the argument pin leads to os command injection. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Linksys Holdings, Inc.
Product-mr9600_firmwaremr9600MR9600
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-7096
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-4.08% / 89.46%
||
7 Day CHG~0.00%
Published-27 Apr, 2026 | 06:45
Updated-30 Apr, 2026 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda HG3 formgponConf os command injection

A security flaw has been discovered in Tenda HG3 2.0 300003070. This vulnerability affects the function formgponConf of the file /boaform/admin/formgponConf. The manipulation of the argument fmgpon_loid results in os command injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-hg3_firmwarehg3HG3
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-7119
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-3.27% / 86.89%
||
7 Day CHG~0.00%
Published-27 Apr, 2026 | 11:30
Updated-30 Apr, 2026 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda HG3 formCountrystr os command injection

A vulnerability was detected in Tenda HG3 2.0. The impacted element is an unknown function of the file /boaform/formCountrystr. The manipulation of the argument countrystr results in os command injection. The attack may be performed from remote. The exploit is now public and may be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-hg3_firmwarehg3HG3
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2013-3322
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-3.55% / 87.89%
||
7 Day CHG~0.00%
Published-31 Jan, 2020 | 13:40
Updated-06 Aug, 2024 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to inject arbitrary commands in the Halt/Reboot interface.

Action-Not Available
Vendor-n/aNetApp, Inc.
Product-oncommand_system_managern/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-2276
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-8.8||HIGH
EPSS-1.62% / 73.19%
||
7 Day CHG~0.00%
Published-16 Sep, 2020 | 13:20
Updated-04 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Selection tasks Plugin 1.0 and earlier executes a user-specified program on the Jenkins controller, allowing attackers with Job/Configure permission to execute an arbitrary system command on the Jenkins controller as the OS user that the Jenkins process is running as.

Action-Not Available
Vendor-Jenkins
Product-selection_tasksJenkins Selection tasks Plugin
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2013-3578
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-9||HIGH
EPSS-2.46% / 82.51%
||
7 Day CHG~0.00%
Published-15 Jul, 2013 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the Help Desk application in Wave EMBASSY Remote Administration Server (ERAS) allows remote authenticated users to execute arbitrary SQL commands via the ct100$4MainController$TextBoxSearchValue parameter (aka the search field), leading to execution of operating-system commands.

Action-Not Available
Vendor-waven/a
Product-embassy_remote_administration_server_help_deskembassy_remote_administration_servern/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2013-3576
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-9||HIGH
EPSS-66.59% / 99.19%
||
7 Day CHG~0.00%
Published-14 Jun, 2013 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ginkgosnmp.inc in HP System Management Homepage (SMH) allows remote authenticated users to execute arbitrary commands via shell metacharacters in the PATH_INFO to smhutil/snmpchp.php.en.

Action-Not Available
Vendor-n/aHP Inc.
Product-system_management_homepagen/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-47911
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.1||CRITICAL
EPSS-1.24% / 65.43%
||
7 Day CHG~0.00%
Published-18 Jan, 2023 | 00:47
Updated-07 Nov, 2023 | 03:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE-2022-47911

Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 does not properly validate the input module name to the backup services of the software. This could allow a remote attacker to access sensitive functions of the application and execute arbitrary system commands.

Action-Not Available
Vendor-sewioSewio
Product-real-time_location_system_studioRTLS Studio
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-5844
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.6||HIGH
EPSS-5.08% / 91.30%
||
7 Day CHG~0.00%
Published-09 Apr, 2026 | 04:45
Updated-30 Apr, 2026 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DIR-882 HNAP1 SetNetworkSettings prog.cgi sprintf os command injection

A vulnerability was found in D-Link DIR-882 1.01B02. Impacted is the function sprintf of the file prog.cgi of the component HNAP1 SetNetworkSettings Handler. The manipulation of the argument IPAddress results in os command injection. The attack may be performed from remote. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-D-Link Corporation
Product-dir-882_firmwaredir-882DIR-882
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 23
  • 24
  • Next
Details not found