Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-3702

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-13 May, 2019 | 16:54
Updated At-04 Aug, 2024 | 19:19
Rejected At-
Credits

A Remote Code Execution issue in the DNS Query Web UI in Lifesize Icon LS_RM3_3.7.0 (2421) allows remote authenticated attackers to execute arbitrary commands via a crafted DNS Query address field in a JSON API request.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:13 May, 2019 | 16:54
Updated At:04 Aug, 2024 | 19:19
Rejected At:
▼CVE Numbering Authority (CNA)

A Remote Code Execution issue in the DNS Query Web UI in Lifesize Icon LS_RM3_3.7.0 (2421) allows remote authenticated attackers to execute arbitrary commands via a crafted DNS Query address field in a JSON API request.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.sva.de/solutions/it-security.html
x_refsource_MISC
https://www.lifesize.com/en/video-conferencing-cameras
x_refsource_MISC
https://atomic111.github.io/article/lifesize-icon-remote-code-execution
x_refsource_MISC
Hyperlink: https://www.sva.de/solutions/it-security.html
Resource:
x_refsource_MISC
Hyperlink: https://www.lifesize.com/en/video-conferencing-cameras
Resource:
x_refsource_MISC
Hyperlink: https://atomic111.github.io/article/lifesize-icon-remote-code-execution
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.sva.de/solutions/it-security.html
x_refsource_MISC
x_transferred
https://www.lifesize.com/en/video-conferencing-cameras
x_refsource_MISC
x_transferred
https://atomic111.github.io/article/lifesize-icon-remote-code-execution
x_refsource_MISC
x_transferred
Hyperlink: https://www.sva.de/solutions/it-security.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.lifesize.com/en/video-conferencing-cameras
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://atomic111.github.io/article/lifesize-icon-remote-code-execution
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:13 May, 2019 | 17:29
Updated At:21 Jul, 2021 | 11:39

A Remote Code Execution issue in the DNS Query Web UI in Lifesize Icon LS_RM3_3.7.0 (2421) allows remote authenticated attackers to execute arbitrary commands via a crafted DNS Query address field in a JSON API request.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.08.8HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary2.06.5MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
Type: Primary
Version: 3.0
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.5
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P
CPE Matches
lifesize
lifesize
>>icon_300_firmware>>ls_rm3_3.7.0\(2421\)
cpe:2.3:o:lifesize:icon_300_firmware:ls_rm3_3.7.0\(2421\):*:*:*:*:*:*:*
lifesize
lifesize
>>icon_300>>-
cpe:2.3:h:lifesize:icon_300:-:*:*:*:*:*:*:*
lifesize
lifesize
>>icon_500_firmware>>ls_rm3_3.7.0\(2421\)
cpe:2.3:o:lifesize:icon_500_firmware:ls_rm3_3.7.0\(2421\):*:*:*:*:*:*:*
lifesize
lifesize
>>icon_500>>-
cpe:2.3:h:lifesize:icon_500:-:*:*:*:*:*:*:*
lifesize
lifesize
>>icon_700_firmware>>ls_rm3_3.7.0\(2421\)
cpe:2.3:o:lifesize:icon_700_firmware:ls_rm3_3.7.0\(2421\):*:*:*:*:*:*:*
lifesize
lifesize
>>icon_700>>-
cpe:2.3:h:lifesize:icon_700:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-78Primarynvd@nist.gov
CWE ID: CWE-78
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://atomic111.github.io/article/lifesize-icon-remote-code-executioncve@mitre.org
Exploit
Third Party Advisory
https://www.lifesize.com/en/video-conferencing-camerascve@mitre.org
Product
Vendor Advisory
https://www.sva.de/solutions/it-security.htmlcve@mitre.org
Not Applicable
Hyperlink: https://atomic111.github.io/article/lifesize-icon-remote-code-execution
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: https://www.lifesize.com/en/video-conferencing-cameras
Source: cve@mitre.org
Resource:
Product
Vendor Advisory
Hyperlink: https://www.sva.de/solutions/it-security.html
Source: cve@mitre.org
Resource:
Not Applicable

Change History

0
Information is not available yet

Similar CVEs

566Records found
CVE-2018-11144
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-7.27% / 91.46%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 2 of 46).

Action-Not Available
Vendor-n/aQuest Software, Inc.
Product-disk_backupn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-11181
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-7.27% / 91.46%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 39 of 46).

Action-Not Available
Vendor-n/aQuest Software, Inc.
Product-disk_backupn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-11162
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-7.27% / 91.46%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 20 of 46).

Action-Not Available
Vendor-n/aQuest Software, Inc.
Product-disk_backupn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-11171
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-7.27% / 91.46%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 29 of 46).

Action-Not Available
Vendor-n/aQuest Software, Inc.
Product-disk_backupn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-11177
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-7.27% / 91.46%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 35 of 46).

Action-Not Available
Vendor-n/aQuest Software, Inc.
Product-disk_backupn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-11152
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-7.27% / 91.46%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 10 of 46).

Action-Not Available
Vendor-n/aQuest Software, Inc.
Product-disk_backupn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-11165
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-7.27% / 91.46%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 23 of 46).

Action-Not Available
Vendor-n/aQuest Software, Inc.
Product-disk_backupn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-11170
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-7.27% / 91.46%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 28 of 46).

Action-Not Available
Vendor-n/aQuest Software, Inc.
Product-disk_backupn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-11148
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-7.27% / 91.46%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 6 of 46).

Action-Not Available
Vendor-n/aQuest Software, Inc.
Product-disk_backupn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-10441
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.26% / 49.23%
||
7 Day CHG-0.68%
Published-15 Sep, 2025 | 10:32
Updated-15 Sep, 2025 | 12:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DI-8100G/DI-8200G/DI-8003G jhttpd version_upgrade.asp sub_433F7C os command injection

A vulnerability was found in D-Link DI-8100G, DI-8200G and DI-8003G 17.12.20A1/19.12.10A1. Affected by this issue is the function sub_433F7C of the file version_upgrade.asp of the component jhttpd. The manipulation of the argument path results in os command injection. The attack may be launched remotely. The exploit has been made public and could be used.

Action-Not Available
Vendor-D-Link Corporation
Product-DI-8003GDI-8200GDI-8100G
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-11150
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-7.27% / 91.46%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 8 of 46).

Action-Not Available
Vendor-n/aQuest Software, Inc.
Product-disk_backupn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-11151
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-6.77% / 91.11%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 9 of 46).

Action-Not Available
Vendor-n/aQuest Software, Inc.
Product-disk_backupn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-11173
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-7.27% / 91.46%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 31 of 46).

Action-Not Available
Vendor-n/aQuest Software, Inc.
Product-disk_backupn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-11166
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-7.27% / 91.46%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 24 of 46).

Action-Not Available
Vendor-n/aQuest Software, Inc.
Product-disk_backupn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-11147
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-7.27% / 91.46%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 5 of 46).

Action-Not Available
Vendor-n/aQuest Software, Inc.
Product-disk_backupn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-11160
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-7.27% / 91.46%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 18 of 46).

Action-Not Available
Vendor-n/aQuest Software, Inc.
Product-disk_backupn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-11139
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-25.18% / 96.05%
||
7 Day CHG~0.00%
Published-31 May, 2018 | 18:00
Updated-05 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The '/common/ajax_email_connection_test.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by any authenticated user and can be abused to execute arbitrary commands on the system. This script is vulnerable to command injection via the unsanitized user input 'TEST_SERVER' sent to the script via the POST method.

Action-Not Available
Vendor-n/aQuest Software, Inc.
Product-kace_system_management_appliancen/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-11174
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-7.27% / 91.46%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 32 of 46).

Action-Not Available
Vendor-n/aQuest Software, Inc.
Product-disk_backupn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-10327
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-1.24% / 78.88%
||
7 Day CHG~0.00%
Published-12 Sep, 2025 | 21:02
Updated-20 Jan, 2026 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MiczFlor RPi-Jukebox-RFID shuffle.php os command injection

A weakness has been identified in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected by this vulnerability is an unknown functionality of the file /htdocs/api/playlist/shuffle.php. Executing manipulation of the argument playlist can lead to os command injection. The attack can be launched remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-sourcefabricMiczFlor
Product-rpi-jukebox-rfidRPi-Jukebox-RFID
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-10440
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.26% / 49.23%
||
7 Day CHG-0.68%
Published-15 Sep, 2025 | 10:02
Updated-15 Sep, 2025 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DI-8100/DI-8100G/DI-8200/DI-8200G/DI-8003/DI-8003G jhttpd usb_paswd.asp sub_4621DC os command injection

A vulnerability has been found in D-Link DI-8100, DI-8100G, DI-8200, DI-8200G, DI-8003 and DI-8003G 16.07.26A1/17.12.20A1/19.12.10A1. Affected by this vulnerability is the function sub_4621DC of the file usb_paswd.asp of the component jhttpd. The manipulation of the argument hname leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-D-Link Corporation
Product-DI-8200GDI-8200DI-8003GDI-8003DI-8100DI-8100G
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-11175
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-7.27% / 91.46%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 33 of 46).

Action-Not Available
Vendor-n/aQuest Software, Inc.
Product-disk_backupn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-11188
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-7.27% / 91.46%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 46 of 46).

Action-Not Available
Vendor-n/aQuest Software, Inc.
Product-disk_backupn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-10326
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.23% / 45.04%
||
7 Day CHG-0.02%
Published-12 Sep, 2025 | 20:32
Updated-02 Oct, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MiczFlor RPi-Jukebox-RFID single.php os command injection

A security flaw has been discovered in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected is an unknown function of the file /htdocs/api/playlist/single.php. Performing manipulation of the argument playlist results in os command injection. The attack can be initiated remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-sourcefabricMiczFlor
Product-rpi-jukebox-rfidRPi-Jukebox-RFID
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-11176
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-7.27% / 91.46%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 34 of 46).

Action-Not Available
Vendor-n/aQuest Software, Inc.
Product-disk_backupn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-11179
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-7.27% / 91.46%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 37 of 46).

Action-Not Available
Vendor-n/aQuest Software, Inc.
Product-disk_backupn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-11187
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-7.27% / 91.46%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 45 of 46).

Action-Not Available
Vendor-n/aQuest Software, Inc.
Product-disk_backupn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-10328
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 39.68%
||
7 Day CHG-0.01%
Published-12 Sep, 2025 | 21:32
Updated-02 Oct, 2025 | 20:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MiczFlor RPi-Jukebox-RFID playsinglefile.php os command injection

A security vulnerability has been detected in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected by this issue is some unknown functionality of the file /htdocs/api/playlist/playsinglefile.php. The manipulation of the argument File leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-sourcefabricMiczFlor
Product-rpi-jukebox-rfidRPi-Jukebox-RFID
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-11178
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-7.27% / 91.46%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 36 of 46).

Action-Not Available
Vendor-n/aQuest Software, Inc.
Product-disk_backupn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-11189
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.44% / 80.41%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 1 of 6).

Action-Not Available
Vendor-n/aQuest Software, Inc.
Product-disk_backupn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-10967
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-2.65% / 85.41%
||
7 Day CHG~0.00%
Published-18 May, 2018 | 14:00
Updated-05 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can forge an HTTP request to inject operating system commands that can be executed on the device with higher privileges, aka remote code execution.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-550a_firmwaredir-604mdir-550adir-604m_firmwaren/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-11153
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-7.27% / 91.46%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 11 of 46).

Action-Not Available
Vendor-n/aQuest Software, Inc.
Product-disk_backupn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-11164
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-7.27% / 91.46%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 22 of 46).

Action-Not Available
Vendor-n/aQuest Software, Inc.
Product-disk_backupn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-11172
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-7.27% / 91.46%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 30 of 46).

Action-Not Available
Vendor-n/aQuest Software, Inc.
Product-disk_backupn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-11158
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-7.27% / 91.46%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 16 of 46).

Action-Not Available
Vendor-n/aQuest Software, Inc.
Product-disk_backupn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-11163
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-6.77% / 91.11%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 21 of 46).

Action-Not Available
Vendor-n/aQuest Software, Inc.
Product-disk_backupn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-11167
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-7.27% / 91.46%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 25 of 46).

Action-Not Available
Vendor-n/aQuest Software, Inc.
Product-disk_backupn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-11149
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-7.27% / 91.46%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 7 of 46).

Action-Not Available
Vendor-n/aQuest Software, Inc.
Product-disk_backupn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-11169
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-7.27% / 91.46%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 27 of 46).

Action-Not Available
Vendor-n/aQuest Software, Inc.
Product-disk_backupn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-11156
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-7.27% / 91.46%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 14 of 46).

Action-Not Available
Vendor-n/aQuest Software, Inc.
Product-disk_backupn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-19907
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-9.77% / 92.77%
||
7 Day CHG~0.00%
Published-12 Jul, 2021 | 19:14
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A command injection vulnerability in the sandcat plugin of Caldera 2.3.1 and earlier allows authenticated attackers to execute any command or service.

Action-Not Available
Vendor-mitren/a
Product-calderan/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-9793
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-10.00% / 92.88%
||
7 Day CHG~0.00%
Published-10 Oct, 2024 | 15:31
Updated-01 Nov, 2024 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC1206 ate ate_ifconfig_set command injection

A vulnerability classified as critical was found in Tenda AC1206 up to 15.03.06.23. This vulnerability affects the function ate_iwpriv_set/ate_ifconfig_set of the file /goform/ate. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac1206_firmwareac1206AC1206ac1206_firmware
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-8210
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-2.59% / 85.26%
||
7 Day CHG~0.00%
Published-27 Aug, 2024 | 18:31
Updated-29 Aug, 2024 | 16:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DNS-1550-04 hd_config.cgi sprintf command injection

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. It has been classified as critical. This affects the function sprintf of the file /cgi-bin/hd_config.cgi. The manipulation of the argument f_mount leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.

Action-Not Available
Vendor-D-Link Corporation
Product-dns-340ldnr-202ldns-320lw_firmwaredns-327ldns-1200-05dns-321_firmwaredns-325dns-120dns-343dns-320l_firmwaredns-320dnr-326dns-726-4dns-326_firmwaredns-120_firmwaredns-315ldnr-322ldns-326dns-1200-05_firmwaredns-1100-4_firmwarednr-326_firmwaredns-343_firmwaredns-345_firmwarednr-202l_firmwaredns-1550-04dns-323_firmwaredns-320_firmwaredns-320lwdns-315l_firmwaredns-320ldns-323dns-1100-4dnr-322l_firmwaredns-325_firmwaredns-345dns-1550-04_firmwaredns-726-4_firmwaredns-340l_firmwaredns-321dns-327l_firmwareDNS-326DNR-326DNS-327LDNS-120DNR-202LDNS-321DNS-323DNS-340LDNS-320LWDNR-322LDNS-320LDNS-345DNS-1550-04DNS-1200-05DNS-325DNS-343DNS-315LDNS-726-4DNS-320DNS-1100-4dns-726-4_firmware
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-1000019
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-28.32% / 96.39%
||
7 Day CHG~0.00%
Published-09 Feb, 2018 | 23:00
Updated-05 Aug, 2024 | 12:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenEMR version 5.0.0 contains a OS Command Injection vulnerability in fax_dispatch.php that can result in OS command injection by an authenticated attacker with any role. This vulnerability appears to have been fixed in 5.0.0 Patch 2 or higher.

Action-Not Available
Vendor-n/aOpenEMR Foundation, Inc
Product-openemrn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-10354
Matching Score-4
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-4
Assigner-Trend Micro, Inc.
CVSS Score-8.8||HIGH
EPSS-4.79% / 89.23%
||
7 Day CHG-1.57%
Published-23 May, 2018 | 16:00
Updated-05 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A command injection remote command execution vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw in the LauncherServer. Authentication is required to exploit this vulnerability.

Action-Not Available
Vendor-Trend Micro Incorporated
Product-email_encryption_gatewayTrend Micro Email Encryption Gateway
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-8808
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-4.58% / 88.96%
||
7 Day CHG~0.00%
Published-22 Nov, 2024 | 21:03
Updated-20 Dec, 2024 | 17:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability

Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cohesive Networks VNS3. Authentication is required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 8000 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24177.

Action-Not Available
Vendor-cohesiveCohesive Networkscohesive
Product-vns3VNS3vns3
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-8214
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-1.42% / 80.29%
||
7 Day CHG~0.00%
Published-27 Aug, 2024 | 20:00
Updated-29 Aug, 2024 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DNS-1550-04 hd_config.cgi cgi_FMT_Std2R5_2nd_DiskMGR command injection

A vulnerability classified as critical was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. Affected by this vulnerability is the function cgi_FMT_Std2R5_2nd_DiskMGR of the file /cgi-bin/hd_config.cgi. The manipulation of the argument f_source_dev leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.

Action-Not Available
Vendor-D-Link Corporation
Product-dns-340ldnr-202ldns-320lw_firmwaredns-327ldns-1200-05dns-321_firmwaredns-325dns-120dns-343dns-320l_firmwaredns-320dnr-326dns-726-4dns-326_firmwaredns-120_firmwaredns-315ldnr-322ldns-326dns-1200-05_firmwaredns-1100-4_firmwarednr-326_firmwaredns-343_firmwaredns-345_firmwarednr-202l_firmwaredns-1550-04dns-323_firmwaredns-320_firmwaredns-320lwdns-315l_firmwaredns-320ldns-323dns-1100-4dnr-322l_firmwaredns-325_firmwaredns-345dns-1550-04_firmwaredns-726-4_firmwaredns-340l_firmwaredns-321dns-327l_firmwareDNS-326DNR-326DNS-327LDNS-120DNR-202LDNS-321DNS-323DNS-340LDNS-320LWDNR-322LDNS-320LDNS-345DNS-1550-04DNS-1200-05DNS-325DNS-343DNS-315LDNS-726-4DNS-320DNS-1100-4dns-726-4_firmware
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-8574
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-2.86% / 85.93%
||
7 Day CHG~0.00%
Published-08 Sep, 2024 | 11:00
Updated-10 Sep, 2024 | 14:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK AC1200 T8 cstecgi.cgi setParentalRules os command injection

A vulnerability has been found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220 and classified as critical. This vulnerability affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument slaveIpList leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-TOTOLINK
Product-t8t8_firmwareAC1200 T8ac1200_t8_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-8809
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-4.58% / 88.96%
||
7 Day CHG~0.00%
Published-22 Nov, 2024 | 21:03
Updated-09 Jan, 2025 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability

Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cohesive Networks VNS3. Authentication is required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 8000 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24178.

Action-Not Available
Vendor-cohesiveCohesive Networkscohesive
Product-vns3VNS3vns3
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-0341
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-2.52% / 85.10%
||
7 Day CHG~0.00%
Published-16 Jul, 2018 | 17:00
Updated-29 Nov, 2024 | 14:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web-based UI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware before 11.2(1) could allow an authenticated, remote attacker to perform a command injection and execute commands with the privileges of the web server. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including arbitrary shell commands in a specific user input field. Cisco Bug IDs: CSCvi51426.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-ip_phone_8841ip_phone_8865ip_phone_multiplatform_firmwareip_phone_7811ip_phone_7861ip_phone_8851ip_phone_8861ip_phone_6851ip_phone_7821ip_phone_8845ip_phone_7841ip_phone_8811ip_phone_6841Cisco IP Phone 6800, 7800, and 8800 unknown
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-9001
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-1.31% / 79.50%
||
7 Day CHG~0.00%
Published-19 Sep, 2024 | 20:00
Updated-24 Sep, 2024 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK T10 cstecgi.cgi setTracerouteCfg os command injection

A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been declared as critical. This vulnerability affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-TOTOLINK
Product-t10_firmwaret10T10t10
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 11
  • 12
  • Next
Details not found