Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-7848

Summary
Assigner-krcert
Assigner Org ID-cdd7a122-0fae-4202-8d86-14efbacc2863
Published At-17 Feb, 2021 | 13:29
Updated At-04 Aug, 2024 | 09:41
Rejected At-
Credits

The EFM ipTIME C200 IP Camera is affected by a Command Injection vulnerability in /login.cgi?logout=1 script. To exploit this vulnerability, an attacker can send a GET request that executes arbitrary OS commands via cookie value.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:krcert
Assigner Org ID:cdd7a122-0fae-4202-8d86-14efbacc2863
Published At:17 Feb, 2021 | 13:29
Updated At:04 Aug, 2024 | 09:41
Rejected At:
▼CVE Numbering Authority (CNA)

The EFM ipTIME C200 IP Camera is affected by a Command Injection vulnerability in /login.cgi?logout=1 script. To exploit this vulnerability, an attacker can send a GET request that executes arbitrary OS commands via cookie value.

Affected Products
Vendor
EFM networks & multimedia
Product
ipTIME C200 IP Camera
Platforms
  • Windows
Versions
Affected
  • From 1.0.12 through 1.0.12 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-20CWE-20 Improper Input Validation
Type: CWE
CWE ID: CWE-20
Description: CWE-20 Improper Input Validation
Metrics
VersionBase scoreBase severityVector
3.18.0HIGH
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.0
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35905
x_refsource_MISC
Hyperlink: https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35905
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35905
x_refsource_MISC
x_transferred
Hyperlink: https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35905
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:vuln@krcert.or.kr
Published At:17 Feb, 2021 | 14:15
Updated At:18 Feb, 2021 | 15:43

The EFM ipTIME C200 IP Camera is affected by a Command Injection vulnerability in /login.cgi?logout=1 script. To exploit this vulnerability, an attacker can send a GET request that executes arbitrary OS commands via cookie value.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.0HIGH
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary3.18.0HIGH
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary2.07.7HIGH
AV:A/AC:L/Au:S/C:C/I:C/A:C
Type: Primary
Version: 3.1
Base score: 8.0
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.0
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 7.7
Base severity: HIGH
Vector:
AV:A/AC:L/Au:S/C:C/I:C/A:C
CPE Matches
iptime
iptime
>>c200>>-
cpe:2.3:h:iptime:c200:-:*:*:*:*:*:*:*
iptime
iptime
>>c200_firmware>>1.0.12
cpe:2.3:o:iptime:c200_firmware:1.0.12:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-77Primarynvd@nist.gov
CWE-20Secondaryvuln@krcert.or.kr
CWE ID: CWE-77
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-20
Type: Secondary
Source: vuln@krcert.or.kr
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35905vuln@krcert.or.kr
Third Party Advisory
Hyperlink: https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35905
Source: vuln@krcert.or.kr
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

105Records found
CVE-2020-7847
Matching Score-8
Assigner-KrCERT/CC
ShareView Details
Matching Score-8
Assigner-KrCERT/CC
CVSS Score-7.4||HIGH
EPSS-0.27% / 50.47%
||
7 Day CHG~0.00%
Published-23 Feb, 2021 | 15:39
Updated-04 Aug, 2024 | 09:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ipTIME NAS product allows an arbitrary file upload vulnerability in the Manage Bulletins/Upload feature, which can be leveraged to gain remote code execution. This issue affects: pTIME NAS 1.4.36.

Action-Not Available
Vendor-iptimeEFM Networks
Product-nas1dualnas3nas101nas4dualnas4_firmwarenas2dual_firmwarenas101_firmwarenas3_firmwarenas-iienas2dualnas-ii_firmwarenas-i_firmwarenas-inas4dual_firmwarenas-iie_firmwarenas-iinas1dual_firmwarenas4ipTIME NAS
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-39963
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-1.79% / 81.98%
||
7 Day CHG+1.46%
Published-19 Jul, 2024 | 00:00
Updated-04 Jun, 2025 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX9 V22.03.01.46 and AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX12 V1.0 V22.03.01.46 were discovered to contain an authenticated remote command execution (RCE) vulnerability via the macFilterType parameter at /goform/setMacFilterCfg.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ax9ax9_firmwareax12ax12_firmwaren/aax12_firmwareax9_firmware
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-25530
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-8||HIGH
EPSS-0.32% / 54.02%
||
7 Day CHG~0.00%
Published-20 Sep, 2023 | 00:09
Updated-24 Sep, 2024 | 15:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX H100 BMC contains a vulnerability in the KVM service, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, and information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_h100_firmwaredgx_h100DGX H100 BMCdgx_h100_bmc
CWE ID-CWE-20
Improper Input Validation
CVE-2023-25651
Matching Score-4
Assigner-ZTE Corporation
ShareView Details
Matching Score-4
Assigner-ZTE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 12.64%
||
7 Day CHG~0.00%
Published-14 Dec, 2023 | 07:03
Updated-02 Aug, 2024 | 11:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection Vulnerability in Some ZTE Mobile Internet Products

There is a SQL injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of SMS interface parameter, an authenticated attacker could use the vulnerability to execute SQL injection and cause information leak.

Action-Not Available
Vendor-ZTE Corporation
Product-mf833u1_firmwaremf286r_firmwaremf833u1mf286rMobile Internet Products
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-33788
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-1.93% / 82.63%
||
7 Day CHG~0.00%
Published-06 May, 2024 | 00:00
Updated-11 Jun, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the PinCode parameter at /API/info form endpoint.

Action-Not Available
Vendor-n/aLinksys Holdings, Inc.
Product-e5600e5600_firmwaren/ae5600_firmware
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-31811
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-1.48% / 80.22%
||
7 Day CHG+0.39%
Published-08 Apr, 2024 | 00:00
Updated-18 Mar, 2025 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the langType parameter in the setLanguageCfg function.

Action-Not Available
Vendor-n/aTOTOLINK
Product-ex200_firmwareex200n/aex200_firmware
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-32355
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-0.84% / 73.85%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 16:00
Updated-04 Apr, 2025 | 14:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability via the 'password' parameter in the setSSServer function.

Action-Not Available
Vendor-n/aTOTOLINK
Product-x5000r_firmwarex5000rn/ax5000r_firmware
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-30572
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-0.97% / 75.68%
||
7 Day CHG+0.25%
Published-03 Apr, 2024 | 00:00
Updated-04 Apr, 2025 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the ntp_server parameter.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r6850_firmwarer6850n/ar6850_firmware
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-28726
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-0.31% / 53.82%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 00:00
Updated-13 Nov, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to execute arbitrary code via a crafted payload to the Diagnostics function.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-n/adwr-2000m_firmware
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2022-44611
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 9.93%
||
7 Day CHG~0.00%
Published-11 Aug, 2023 | 02:37
Updated-13 Feb, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via adjacent access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-xeon_w-1350_firmwarecore_i3-9100_firmwarecore_i7-11850he_firmwarecore_i7-11370h_firmwarexeon_e-2378gcore_i7-1068ng7core_i7-1160g7core_i5-1035g7core_i3-10105f_firmwarecore_i3-8350k_firmwarecore_i3-9350k_firmwarexeon_e-2124g_firmwarecore_i7-9700kfcore_i5-8305g_firmwarexeon_e-2314xeon_e-2254me_firmwarecore_i7-10870h_firmwarecore_i5-8400hpentium_n6415_firmwarexeon_e-2276me_firmwarecore_i3-1110g4_firmwarecore_i5-11600_firmwarecore_i3-1110g4core_i7-1060g7_firmwarecore_i7-9700core_i5-10200hxeon_e-2226gcore_i9-9900kfcore_i3-10100f_firmwarecore_i5-1035g4core_i3-8145ucore_i5-10400hcore_i7-10700k_firmwarecore_i7-11700xeon_e-2276m_firmwarecore_i5-9600_firmwarecore_i5-9600t_firmwarecore_i3-10100ycore_i7-9700tecore_i5-10400tcore_i3-8109ucore_i7-11370hcore_i5-10310ucore_i5-9400f_firmwarecore_i9-11900txeon_e-2224xeon_e-2186m_firmwarecore_i7-10700t_firmwarecore_i7-9700f_firmwarecore_i7-1195g7_firmwarecore_i5-9500e_firmwarecore_i5-11600txeon_e-2378core_i7-11850hcore_i5-8269u_firmwarecore_i9-11900xeon_e-2278gexeon_e-2134_firmwarecore_i5-10600_firmwarecore_i3-9100hlcore_i5-10400core_i5-8400bcore_i3-9300t_firmwarecore_i7-10610u_firmwarecore_i7-10710u_firmwarecore_i5-10500tecore_i5-9500_firmwarecore_i7-11850hecore_i5-11600core_i5-8400h_firmwarecore_i3-9100tecore_i7-9700fcore_i9-10980hkcore_i5-8600xeon_e-2136core_i7-9700kcore_i7-10510ucore_i5-9400_firmwarecore_i5-10400t_firmwarecore_i7-8500y_firmwarecore_i3-10100ecore_i3-8100core_i7-1060g7core_i9-11900hcore_i9-10900core_i5-11600k_firmwarexeon_w-1390p_firmwarecore_i3-11100hexeon_e-2374g_firmwarecore_i3-10100txeon_w-1390t_firmwarecore_i7-11700k_firmwarecore_i9-10900kcore_i3-10325_firmwarexeon_e-2386gcore_i5-8600kcore_i7-10700te_firmwarecore_i7-8700k_firmwarecore_i9-10900fxeon_e-2124_firmwarecore_i5-11500t_firmwarecore_i7-8700_firmwarecore_i7-1160g7_firmwarecore_i7-8750hcore_i3-10105t_firmwarecore_i5-8365uxeon_e-2226ge_firmwarecore_i5-9600kfcore_i5-8500b_firmwarecore_i3-10100tecore_i5-10400_firmwarecore_i3-1115gre_firmwarecore_i7-10700fxeon_e-2286mcore_i5-1030g4_firmwarecore_i7-9850he_firmwarecore_i7-8557u_firmwarecore_i7-1180g7_firmwarecore_i5-1145g7core_i3-1125g4core_i7-1068ng7_firmwarecore_i7-10750hxeon_e-2276gxeon_w-1390core_i3-8300core_i3-1000g4xeon_e-2186gatom_x6427fexeon_e-2174gceleron_j6413_firmwarecore_i7-8809gcore_i3-8145uecore_i5-10400h_firmwarecore_i7-8700bcore_i5-10500_firmwarecore_i5-11400t_firmwarecore_i3-1115g4core_i7-11700f_firmwarexeon_e-2334_firmwarecore_i5-10210ycore_i5-1140g7core_i5-10500ecore_i9-9900kf_firmwarecore_i5-9400tcore_i5-9500fcore_i5-10210u_firmwarecore_i5-8300hcore_i5-8600t_firmwarecore_i5-10600tcore_i7-9850hexeon_e-2356gcore_i3-10110yatom_x6414re_firmwarecore_i5-10600kfcore_i7-10700ecore_i5-11600kfcore_i9-9900kscore_i5-10500h_firmwarecore_i5-9600core_i7-11700kfcore_i7-10870hcore_i5-8600_firmwarecore_i3-9100fcore_i5-9600kf_firmwarecore_i9-11900_firmwareatom_x6212re_firmwarexeon_e-2224_firmwarecore_i7-9750hfcore_i5-9300h_firmwarexeon_e-2274gcore_i7-10700kcore_i5-11500tcore_i5-9500core_i3-9320_firmwarexeon_e-2278gelcore_i3-8145ue_firmwarecore_i5-10500te_firmwarecore_i5-8400b_firmwarecore_i3-8100_firmwarecore_i7-11700kcore_i5-1130g7_firmwarexeon_e-2124core_i9-9880hcore_i7-10710ucore_i5-8500t_firmwarexeon_w-1350p_firmwarecore_i7-10700kfcore_i3-11100he_firmwarecore_i5-8300h_firmwarexeon_e-2136_firmwarexeon_e-2276g_firmwarexeon_e-2276mecore_i7-8565uxeon_e-2274g_firmwarecore_i3-10300_firmwarecore_i7-8706g_firmwarecore_i9-11900t_firmwarecore_i3-8100t_firmwarecore_i5-8259ucore_i9-11900fcore_i9-9900core_i7-10510y_firmwarecore_i7-9850hl_firmwarecore_i3-10100e_firmwarecore_i7-11600hcore_i7-11390h_firmwarexeon_e-2146g_firmwarecore_i7-8850h_firmwarecore_i3-8140ucore_i5-1038ng7_firmwarexeon_e-2336xeon_e-2388gcore_i7-9700kf_firmwarecore_i3-10105core_i7-9850h_firmwarecore_i3-10100te_firmwarecore_i3-1120g4_firmwarecore_i9-10900k_firmwarexeon_e-2278g_firmwarecore_i7-8550uxeon_e-2276ml_firmwarexeon_e-2224gatom_x6211ecore_i3-9100tcore_i7-1185g7_firmwarecore_i5-8310y_firmwarecore_i5-11320hxeon_e-2226gecore_i3-10300t_firmwarecore_i5-9300hcore_i7-11375h_firmwarecore_i9-10900_firmwarecore_i7-8559u_firmwarecore_i7-8086k_firmwarecore_i7-10610ucore_i5-10505_firmwarecore_i5-1035g1_firmwarecore_i7-8665u_firmwarexeon_e-2176g_firmwarecore_i7-8500ycore_i5-9400hcore_i9-9900tcore_i3-8145u_firmwarexeon_w-1390pcore_i5-11260hcore_i7-9700e_firmwarecore_i5-10300h_firmwarecore_i7-11850h_firmwarecore_i5-8210yceleron_n6211core_i7-8750h_firmwarecore_i5-10200h_firmwarecore_i9-11900f_firmwarecore_i5-11300h_firmwarecore_i3-8300t_firmwarecore_i3-8109u_firmwareceleron_n6211_firmwarecore_i7-11700t_firmwarecore_i7-9700k_firmwarexeon_e-2288g_firmwarecore_i3-9100f_firmwarecore_i5-1145g7e_firmwarexeon_e-2246g_firmwarecore_i7-1185gre_firmwarexeon_e-2176m_firmwarecore_i3-10300txeon_e-2174g_firmwarecore_i3-8100b_firmwarecore_i5-11500core_i5-1135g7core_i9-8950hk_firmwarecore_i5-8500core_i5-9500te_firmwarepentium_j6425_firmwareatom_x6200fecore_i5-8265ucore_i7-10700kf_firmwarexeon_e-2254mecore_i7-9750hxeon_e-2336_firmwareatom_x6413e_firmwarexeon_e-2286g_firmwarecore_i3-10305tcore_i3-8350kcore_i7-10700_firmwarecore_i5-9600k_firmwarecore_i9-9900t_firmwarecore_i3-9100xeon_e-2224g_firmwarecore_i5-1145gre_firmwareatom_x6212rexeon_e-2276mcore_i7-8705gcore_i7-8665ucore_i5-9500ecore_i3-8300tcore_i7-8706gcore_i7-11700fxeon_e-2236core_i9-9880h_firmwarexeon_w-1370core_i7-8700t_firmwarecore_i7-10850hxeon_e-2236_firmwarecore_i7-1185grecore_i3-1125g4_firmwarecore_i7-11375hxeon_e-2126g_firmwarecore_i7-11800h_firmwarecore_i7-8700core_i5-8259u_firmwarecore_i5-10400fcore_i7-8665ue_firmwarecore_i5-8400atom_x6200fe_firmwarecore_i7-8705g_firmwarecore_i9-10900te_firmwarecore_i3-10300core_i7-10700tcore_i5-1140g7_firmwarecore_i7-8086kcore_i5-10210ucore_i5-8257ucore_i5-8365ue_firmwarecore_i7-8700kcore_i9-11900kf_firmwarecore_i5-1155g7_firmwarecore_i5-8600k_firmwarecore_i7-10510u_firmwarexeon_e-2134xeon_e-2226g_firmwarecore_i3-10100_firmwarecore_i5-10505xeon_w-1390tcore_i5-1030g7core_i5-10310y_firmwarecore_i7-8569u_firmwarepentium_n6415core_i7\+8700_firmwarexeon_e-2144g_firmwarecore_i3-1000g1core_i7-10510ycore_i7-1185g7e_firmwarecore_i5-10600kf_firmwarecore_i5-8210y_firmwarecore_i3-10110ucore_i7-11800hcore_i3-9100e_firmwarecore_i5-9600kcore_i3-10305t_firmwarecore_i5-10310u_firmwarecore_i9-10900f_firmwarecore_i3-9100hl_firmwarecore_i3-10105fcore_i5-1155g7core_i3-8100hcore_i3-9100t_firmwarecore_i5-11320h_firmwarecore_i9-11950hxeon_e-2386g_firmwarecore_i5-10300hcore_i5-8350ucore_i3-1005g1_firmwarecore_i7-11700txeon_e-2246gcore_i5-8500tcore_i3-10100y_firmwarecore_i5-11400h_firmwarecore_i5-11500h_firmwarecore_i9-11900kcore_i5-8350u_firmwarecore_i7-8700b_firmwarecore_i9-8950hkcore_i9-10900ecore_i9-10850kcore_i5-9300hf_firmwarexeon_e-2314_firmwarecore_i9-9900ks_firmwarexeon_e-2254mlcore_i5-8400tcore_i3-9300_firmwarecore_i7-10700core_i7-11600h_firmwarecore_i3-9100te_firmwarexeon_e-2254ml_firmwarecore_i7-10750h_firmwarexeon_e-2334core_i3-10105tcore_i9-10885hatom_x6211e_firmwarepentium_j6425core_i5-11400tcore_i5-11300hcore_i9-11900kfcore_i3-10325core_i3-9300core_i7-10875hxeon_e-2276mlxeon_e-2244gcore_i9-9900kcore_i3-9350kf_firmwarexeon_e-2176gxeon_e-2324gcore_i9-11900k_firmwarecore_i7-8709gcore_i3-10100core_i5-8200y_firmwarecore_i7-8550u_firmwarecore_i5-1035g7_firmwarecore_i7-10700f_firmwarecore_i5-9400core_m3-8100y_firmwarecore_i3-8100tcore_i7-8557uxeon_e-2278ge_firmwarecore_i5-9500tcore_i5-8260u_firmwarecore_i7-8700tcore_i3-10305_firmwarecore_i7-8650ucore_i5-11400fcore_i5-11500_firmwarecore_i9-10900e_firmwarecore_i5-1145grexeon_e-2286m_firmwareatom_x6414recore_i7-1180g7xeon_e-2378g_firmwarecore_i7-9750h_firmwarexeon_w-1390_firmwareatom_x6425re_firmwarecore_i9-11950h_firmwarexeon_e-2234_firmwarecore_i5-1035g1core_i5-1038ng7core_i5-11260h_firmwarecore_i7-8565u_firmwarecore_i5-11400f_firmwarecore_i7-10700e_firmwarexeon_e-2186g_firmwarecore_i5-1035g4_firmwarecore_i3-10110y_firmwarecore_i5-8500bcore_i7-1195g7core_i7-1185g7xeon_e-2124gcore_i7-1165g7core_i5-8269ucore_i5-11600katom_x6427fe_firmwarecore_i9-11900h_firmwarecore_i7-11390hcore_i5-1030g4core_i7-10700texeon_e-2288gcore_i3-9100exeon_e-2234core_i5-10500core_i7-8709g_firmwareatom_x6425ecore_i7-11700_firmwarexeon_e-2356g_firmwarecore_i7-9850hcore_i5-9400fcore_i7-9700t_firmwarecore_i5-10500e_firmwarecore_i5-11500he_firmwarecore_i5-8279ucore_i5-8279u_firmwarecore_i3-8130u_firmwarecore_i5-9500f_firmwarecore_i5-1145g7_firmwarecore_i5-10600t_firmwarecore_i5-9300hfcore_i5-10210y_firmwarecore_i5-11400hcore_i5-8250uatom_x6425recore_i3-8140u_firmwarecore_i3-10305core_i3-1000g4_firmwarexeon_e-2126gcore_i7-9700txeon_w-1370p_firmwarecore_i5-11400_firmwarecore_i7-9850hlcore_i7-8650u_firmwarecore_i9-11980hkcore_i5-10600kcore_i3-9350kfxeon_w-1370pxeon_e-2388g_firmwarecore_i9-9900k_firmwarecore_m3-8100ycore_i7-1165g7_firmwarecore_i5-8250u_firmwarecore_i9-10900kfxeon_e-2186mcore_i7-9700ecore_i3-1115g4e_firmwarecore_i5-8400_firmwarexeon_e-2176mcore_i5-1130g7core_i3-1120g4core_i3-1000g1_firmwarecore_i5-10600k_firmwarecore_i7-9750hf_firmwarecore_i5-10310ycore_i5-8400t_firmwarexeon_e-2286gcore_i5-8365u_firmwarecore_i5-10500hcore_i5-8260ucore_i9-10900t_firmwarecore_i7-10810u_firmwarecore_i3-10100t_firmwarecore_i5-11600kf_firmwarecore_i3-9300txeon_e-2244g_firmwarecore_i7-10810ucore_i5-10400f_firmwarecore_i3-8100h_firmwarecore_i7-11700kf_firmwarecore_i3-1115g4_firmwarecore_i3-10105_firmwareceleron_j6413xeon_w-1370_firmwarexeon_e-2278gcore_i7-10875h_firmwarecore_i3-1115grexeon_e-2378_firmwarecore_i7-8850hcore_i5-10500t_firmwarecore_i5-11500hcore_i5-8265u_firmwarexeon_e-2374gcore_i3-10100fcore_i3-8300_firmwareatom_x6425e_firmwarecore_i9-9900_firmwareatom_x6413ecore_i7-1065g7_firmwarecore_i5-1135g7_firmwarecore_i5-10600core_i7\+8700core_i5-8257u_firmwarecore_i3-1115g4ecore_i9-10900kf_firmwarexeon_w-1350core_i3-9350kcore_i5-8500_firmwarecore_i5-11600t_firmwarecore_i9-11980hk_firmwarecore_i9-10850k_firmwarecore_i5-8365uecore_i7-8665uecore_i7-8809g_firmwarecore_i9-10885h_firmwarecore_i5-1145g7ecore_i9-9980hk_firmwarecore_i5-11500hecore_i5-1030g7_firmwarecore_i5-9400h_firmwarecore_i3-10320core_i9-10900tcore_i5-8200ycore_i5-8310ycore_i3-10110u_firmwarecore_i5-9500texeon_e-2324g_firmwarexeon_e-2278gel_firmwarexeon_e-2144gxeon_w-1350pcore_i5-9500t_firmwarecore_i7-8569ucore_i7-9700te_firmwarecore_i5-10500tcore_i3-10320_firmwarecore_i7-1185g7ecore_i3-1005g1core_i3-8100bcore_i5-9600tcore_i3-9320core_i5-11400core_i7-10850h_firmwarecore_i7-1065g7core_i5-8600tcore_i5-8305gcore_i9-9980hkcore_i7-8559ucore_i5-9400t_firmwarecore_i9-10900tecore_i7-9700_firmwarecore_i9-10980hk_firmwarexeon_e-2146gcore_i3-8130uIntel(R) Processors
CWE ID-CWE-20
Improper Input Validation
CVE-2024-25951
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-8||HIGH
EPSS-0.71% / 71.33%
||
7 Day CHG~0.00%
Published-09 Mar, 2024 | 05:56
Updated-31 Jan, 2025 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A command injection vulnerability exists in local RACADM. A malicious authenticated user could gain control of the underlying operating system.

Action-Not Available
Vendor-Dell Inc.
Product-idrac8Integrated Dell Remote Access Controller 8integrated_dell_remote_access_controller_8
CWE ID-CWE-1288
Improper Validation of Consistency within Input
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-23628
Matching Score-4
Assigner-Exodus Intelligence
ShareView Details
Matching Score-4
Assigner-Exodus Intelligence
CVSS Score-9||CRITICAL
EPSS-0.14% / 34.22%
||
7 Day CHG~0.00%
Published-25 Jan, 2024 | 23:41
Updated-23 Aug, 2024 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Motorola MR2600 SaveStaticRouteIPv6Params Command Injection Vulnerability

A command injection vulnerability exists in the 'SaveStaticRouteIPv6Params' parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command execution. Authentication is required, however can be bypassed.

Action-Not Available
Vendor-Motorola Mobility LLC. (Lenovo Group Limited)
Product-mr2600mr2600_firmwareMR2600mr2600_firmware
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-23627
Matching Score-4
Assigner-Exodus Intelligence
ShareView Details
Matching Score-4
Assigner-Exodus Intelligence
CVSS Score-9||CRITICAL
EPSS-1.17% / 77.77%
||
7 Day CHG~0.00%
Published-25 Jan, 2024 | 23:41
Updated-29 May, 2025 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Motorola MR2600 SaveStaticRouteIPv4Params Command Injection Vulnerability

A command injection vulnerability exists in the 'SaveStaticRouteIPv4Params' parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command execution. Authentication is required, however can be bypassed.

Action-Not Available
Vendor-Motorola Mobility LLC. (Lenovo Group Limited)
Product-mr2600mr2600_firmwareMR2600
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-22544
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-0.10% / 29.23%
||
7 Day CHG~0.00%
Published-27 Feb, 2024 | 00:00
Updated-01 Aug, 2024 | 22:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Linksys Router E1700 version 1.0.04 (build 3), allows authenticated attackers to execute arbitrary code via the setDateTime function.

Action-Not Available
Vendor-n/aLinksys Holdings, Inc.
Product-n/ae1700_firmware
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2016-4822
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8||HIGH
EPSS-1.65% / 81.23%
||
7 Day CHG~0.00%
Published-25 Jun, 2016 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Corega CG-WLBARGL devices allow remote authenticated users to execute arbitrary commands via unspecified vectors.

Action-Not Available
Vendor-coregan/a
Product-cg-wlbarglcg-wlbargl_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-14434
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.61% / 68.69%
||
7 Day CHG~0.00%
Published-18 Jun, 2020 | 16:34
Updated-04 Aug, 2024 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, RBS850 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, and RBS840 before 3.2.15.25.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs750_firmwarerbs850_firmwarerbr850rbr750_firmwarerbk842rbk853_firmwarerbs850rbk752_firmwarerbk753_firmwarerbk752rbr750rbs750rbs840_firmwarerbk853rbr840rbk753rbk753srbr840_firmwarerbk852_firmwarerbk852rbk842_firmwarerbk753s_firmwarerbr850_firmwarerbs840n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-1043
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9||CRITICAL
EPSS-0.83% / 73.67%
||
7 Day CHG~0.00%
Published-14 Jul, 2020 | 22:53
Updated-04 Aug, 2024 | 06:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1032, CVE-2020-1036, CVE-2020-1040, CVE-2020-1041, CVE-2020-1042.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_server_2008Windows Server
CWE ID-CWE-20
Improper Input Validation
CVE-2018-3963
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-9||CRITICAL
EPSS-0.81% / 73.33%
||
7 Day CHG~0.00%
Published-21 Mar, 2019 | 15:52
Updated-05 Aug, 2024 | 04:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable command injection vulnerability exists in the DHCP daemon configuration of the CUJO Smart Firewall. When adding a new static DHCP address, its corresponding hostname is inserted into the dhcpd.conf file without prior sanitization, allowing for arbitrary execution of system commands. To trigger this vulnerability, an attacker can send a DHCP request message and set up the corresponding static DHCP entry.

Action-Not Available
Vendor-getcujon/a
Product-smart_firewallCUJO
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2014-0633
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.7||HIGH
EPSS-0.28% / 50.62%
||
7 Day CHG~0.00%
Published-28 Mar, 2014 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The GUI in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not properly validate session-timeout values, which might make it easier for remote attackers to execute arbitrary code by leveraging an unattended workstation.

Action-Not Available
Vendor-n/aELAN Microelectronics Corporation
Product-vplex_geosynchronyn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-1042
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9||CRITICAL
EPSS-0.83% / 73.67%
||
7 Day CHG~0.00%
Published-14 Jul, 2020 | 22:53
Updated-04 Aug, 2024 | 06:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1032, CVE-2020-1036, CVE-2020-1040, CVE-2020-1041, CVE-2020-1043.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_server_2008Windows Server
CWE ID-CWE-20
Improper Input Validation
CVE-2019-20703
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.41% / 60.71%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 14:40
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d3600_firmwared6000_firmwared3600xr500_firmwared6000xr500n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-43206
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-1.61% / 81.00%
||
7 Day CHG~0.00%
Published-20 Sep, 2023 | 00:00
Updated-24 Sep, 2024 | 18:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function web_cert_download_handler. This vulnerability allows attackers to execute arbitrary commands via the certDownload parameter.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dwl-6610apdwl-6610ap_firmwaren/adwl-6610ap_firmware
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-43202
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-1.50% / 80.36%
||
7 Day CHG~0.00%
Published-20 Sep, 2023 | 00:00
Updated-25 Sep, 2024 | 01:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function pcap_download_handler. This vulnerability allows attackers to execute arbitrary commands via the update.device.packet-capture.tftp-file-name parameter.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dwl-6610apdwl-6610ap_firmwaren/adwl-6610ap_firmware
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-0126
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-8||HIGH
EPSS-0.13% / 33.34%
||
7 Day CHG~0.00%
Published-12 May, 2022 | 16:35
Updated-05 May, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation for the Intel(R) Manageability Commander before version 2.2 may allow an authenticated user to potentially enable escalation of privilege via adjacent access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-manageability_commanderIntel(R) Manageability Commander
CWE ID-CWE-20
Improper Input Validation
CVE-2023-43207
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-1.50% / 80.36%
||
7 Day CHG~0.00%
Published-20 Sep, 2023 | 00:00
Updated-24 Sep, 2024 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function config_upload_handler. This vulnerability allows attackers to execute arbitrary commands via the configRestore parameter.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dwl-6610apdwl-6610ap_firmwaren/adwl-6610ap_firmware
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-43204
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-1.50% / 80.36%
||
7 Day CHG~0.00%
Published-20 Sep, 2023 | 00:00
Updated-24 Sep, 2024 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function sub_2EF50. This vulnerability allows attackers to execute arbitrary commands via the manual-time-string parameter.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dwl-6610apdwl-6610ap_firmwaren/adwl-6610ap_firmware
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-41029
Matching Score-4
Assigner-Exodus Intelligence
ShareView Details
Matching Score-4
Assigner-Exodus Intelligence
CVSS Score-8||HIGH
EPSS-0.18% / 39.30%
||
7 Day CHG~0.00%
Published-22 Sep, 2023 | 16:07
Updated-24 Sep, 2024 | 18:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Juplink RX4-1500 Command Injection Vulnerability

Command injection vulnerability in the homemng.htm endpoint in Juplink RX4-1500 Wifi router firmware versions V1.0.2, V1.0.3, V1.0.4, and V1.0.5 allows authenticated remote attackers to execute commands as root via specially crafted HTTP requests to the vulnerable endpoint.

Action-Not Available
Vendor-juplinkJuplinkjuplink
Product-rx4-1500_firmwarerx4-1500RX4-1500rx4-1500
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-1036
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9||CRITICAL
EPSS-1.09% / 77.01%
||
7 Day CHG+0.03%
Published-14 Jul, 2020 | 22:53
Updated-04 Aug, 2024 | 06:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1032, CVE-2020-1040, CVE-2020-1041, CVE-2020-1042, CVE-2020-1043.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_server_2008Windows Server
CWE ID-CWE-20
Improper Input Validation
CVE-2023-41031
Matching Score-4
Assigner-Exodus Intelligence
ShareView Details
Matching Score-4
Assigner-Exodus Intelligence
CVSS Score-8||HIGH
EPSS-0.26% / 49.03%
||
7 Day CHG~0.00%
Published-22 Sep, 2023 | 16:07
Updated-24 Sep, 2024 | 18:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Juplink RX4-1500 homemng.htm Command Injection Vulnerability

Command injection in homemng.htm in Juplink RX4-1500 versions V1.0.2, V1.0.3, V1.0.4, and V1.0.5 allows remote authenticated attackers to execute commands via specially crafted requests to the vulnerable endpoint.

Action-Not Available
Vendor-juplinkJuplinkjuplink
Product-rx4-1500_firmwarerx4-1500RX4-1500rx4-1500
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-6279
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.05% / 15.24%
||
7 Day CHG~0.00%
Published-19 Jun, 2025 | 21:00
Updated-08 Jul, 2025 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Upsonic Pickle add_tool cloudpickle.loads deserialization

A vulnerability, which was classified as critical, has been found in Upsonic up to 0.55.6. This issue affects the function cloudpickle.loads of the file /tools/add_tool of the component Pickle Handler. The manipulation leads to deserialization. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-upsonicn/a
Product-upsonicUpsonic
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2020-0910
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.4||HIGH
EPSS-14.77% / 94.25%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 15:12
Updated-04 Aug, 2024 | 06:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10WindowsWindows 10 Version 1903 for x64-based SystemsWindows ServerWindows Server, version 1909 (Server Core installation)Windows Server, version 1903 (Server Core installation)Windows 10 Version 1909 for x64-based Systems
CWE ID-CWE-20
Improper Input Validation
CVE-2023-40062
Matching Score-4
Assigner-SolarWinds
ShareView Details
Matching Score-4
Assigner-SolarWinds
CVSS Score-8||HIGH
EPSS-2.41% / 84.48%
||
7 Day CHG+0.13%
Published-01 Nov, 2023 | 15:29
Updated-05 Sep, 2024 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability

SolarWinds Platform Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability. If executed, this vulnerability would allow a low-privileged user to execute commands with SYSTEM privileges.

Action-Not Available
Vendor-SolarWindsSolarWinds Worldwide, LLC.
Product-solarwinds_platformSolarWinds Platform
CWE ID-CWE-20
Improper Input Validation
CVE-2020-36650
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.20% / 42.61%
||
7 Day CHG~0.00%
Published-11 Jan, 2023 | 17:52
Updated-04 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IonicaBizau node-gry command injection

A vulnerability, which was classified as critical, was found in IonicaBizau node-gry up to 5.x. This affects an unknown part. The manipulation leads to command injection. Upgrading to version 6.0.0 is able to address this issue. The patch is named 5108446c1e23960d65e8b973f1d9486f9f9dbd6c. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-218019.

Action-Not Available
Vendor-gry_projectIonicaBizau
Product-grynode-gry
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-3453
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.7||MEDIUM
EPSS-1.62% / 81.06%
||
7 Day CHG~0.00%
Published-04 Sep, 2020 | 02:26
Updated-13 Nov, 2024 | 18:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV340 Series Routers Command Injection and Remote Code Execution Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 Series Routers could allow an authenticated, remote attacker with administrative credentials to execute arbitrary commands on the underlying operating system (OS) as a restricted user. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv340_firmwarerv340wrv345prv345rv345_firmwarerv345p_firmwarerv340rv340w_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-20
Improper Input Validation
CVE-2020-35777
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.60% / 68.40%
||
7 Day CHG~0.00%
Published-29 Dec, 2020 | 23:41
Updated-04 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR DGN2200v1 devices before v1.0.0.58 are affected by command injection.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-dgn2200v1dgn2200v1_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-27867
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-6.8||MEDIUM
EPSS-0.13% / 33.64%
||
7 Day CHG~0.00%
Published-11 Feb, 2021 | 23:35
Updated-04 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. When parsing the funjsq_access_token parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11653.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-r6850_firmwarer6120r7450_firmwarer6220_firmwareac2600ac2400r6080_firmwarer7200_firmwarer6120_firmwarer6800r6260_firmwarer6260r6220r6020r6330_firmwareac2400_firmwarer7350_firmwarer7400_firmwarer6020_firmwarer7200r6350_firmwarer6080r6230r6700r6330r6800_firmwarer6230_firmwareac2100_firmwarer6900r6900_firmwarer7400ac2100r7450r6350r6850r6700_firmwarer7350ac2600_firmwareMultiple Routers
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-26907
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.27% / 49.69%
||
7 Day CHG~0.00%
Published-09 Oct, 2020 | 06:32
Updated-04 Aug, 2024 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs850rbs850_firmwarerbr850rbk852_firmwarerbk852rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-26929
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-0.48% / 63.99%
||
7 Day CHG~0.00%
Published-09 Oct, 2020 | 06:26
Updated-04 Aug, 2024 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R6220 before 1.1.0.100 and R6230 before 1.1.0.100.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r6230_firmwarer6220_firmwarer6220r6230n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-3546
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.6||HIGH
EPSS-1.37% / 79.44%
||
7 Day CHG~0.00%
Published-14 Apr, 2025 | 01:31
Updated-15 Apr, 2025 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
H3C Magic BE18000 HTTP POST Request getLanguage FCGI_CheckStringIfContainsSemicolon command injection

A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been declared as critical. Affected by this vulnerability is the function FCGI_CheckStringIfContainsSemicolon of the file /api/wizard/getLanguage of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack can only be done within the local network. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.

Action-Not Available
Vendor-New H3C Technologies Co., Ltd.
Product-Magic NX30 ProMagic BE18000Magic NX15Magic NX400Magic R3010
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-3541
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.6||HIGH
EPSS-1.37% / 79.44%
||
7 Day CHG~0.00%
Published-13 Apr, 2025 | 23:00
Updated-15 Apr, 2025 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
H3C Magic NX15/Magic NX30 Pro/Magic NX400/Magic R3010 HTTP POST Request getSpecs FCGI_WizardProtoProcess command injection

A vulnerability, which was classified as critical, has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400 and Magic R3010 up to V100R014. Affected by this issue is the function FCGI_WizardProtoProcess of the file /api/wizard/getSpecs of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.

Action-Not Available
Vendor-New H3C Technologies Co., Ltd.
Product-Magic R3010Magic NX30 ProMagic NX15Magic NX400
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-3540
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.6||HIGH
EPSS-1.37% / 79.44%
||
7 Day CHG~0.00%
Published-13 Apr, 2025 | 22:31
Updated-15 Apr, 2025 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
H3C Magic NX15/Magic NX30 Pro/Magic NX400/Magic R3010 HTTP POST Request getCapability FCGI_WizardProtoProcess command injection

A vulnerability classified as critical was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400 and Magic R3010 up to V100R014. Affected by this vulnerability is the function FCGI_WizardProtoProcess of the file /api/wizard/getCapability of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.

Action-Not Available
Vendor-New H3C Technologies Co., Ltd.
Product-Magic R3010Magic NX30 ProMagic NX15Magic NX400
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-3543
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.6||HIGH
EPSS-1.37% / 79.44%
||
7 Day CHG~0.00%
Published-14 Apr, 2025 | 00:00
Updated-15 Apr, 2025 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
H3C Magic NX15/Magic NX30 Pro/Magic NX400/Magic R3010 HTTP POST Request setsyncpppoecfg FCGI_WizardProtoProcess command injection

A vulnerability has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400 and Magic R3010 up to V100R014 and classified as critical. This vulnerability affects the function FCGI_WizardProtoProcess of the file /api/wizard/setsyncpppoecfg of the component HTTP POST Request Handler. The manipulation leads to command injection. Access to the local network is required for this attack. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.

Action-Not Available
Vendor-New H3C Technologies Co., Ltd.
Product-Magic R3010Magic NX30 ProMagic NX15Magic NX400
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-3545
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.6||HIGH
EPSS-1.37% / 79.44%
||
7 Day CHG~0.00%
Published-14 Apr, 2025 | 01:00
Updated-15 Apr, 2025 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
H3C Magic BE18000 HTTP POST Request setLanguage FCGI_CheckStringIfContainsSemicolon command injection

A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been classified as critical. Affected is the function FCGI_CheckStringIfContainsSemicolon of the file /api/wizard/setLanguage of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack needs to be approached within the local network. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.

Action-Not Available
Vendor-New H3C Technologies Co., Ltd.
Product-Magic NX30 ProMagic BE18000Magic NX15Magic NX400Magic R3010
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-3542
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.6||HIGH
EPSS-1.37% / 79.44%
||
7 Day CHG~0.00%
Published-13 Apr, 2025 | 23:31
Updated-15 Apr, 2025 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
H3C Magic NX15/Magic NX400/Magic R3010 HTTP POST Request getsyncpppoecfg FCGI_WizardProtoProcess command injection

A vulnerability, which was classified as critical, was found in H3C Magic NX15, Magic NX400 and Magic R3010 up to V100R014. This affects the function FCGI_WizardProtoProcess of the file /api/wizard/getsyncpppoecfg of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.

Action-Not Available
Vendor-New H3C Technologies Co., Ltd.
Product-Magic R3010Magic NX15Magic NX400
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-3539
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.6||HIGH
EPSS-1.37% / 79.44%
||
7 Day CHG~0.00%
Published-13 Apr, 2025 | 22:00
Updated-15 Apr, 2025 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
H3C Magic BE18000 HTTP POST Request getBasicInfo FCGI_CheckStringIfContainsSemicolon command injection

A vulnerability classified as critical has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected is the function FCGI_CheckStringIfContainsSemicolon of the file /api/wizard/getBasicInfo of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack can only be done within the local network. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.

Action-Not Available
Vendor-New H3C Technologies Co., Ltd.
Product-Magic NX30 ProMagic BE18000Magic NX15Magic NX400Magic R3010
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-3544
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.6||HIGH
EPSS-1.10% / 77.09%
||
7 Day CHG~0.00%
Published-14 Apr, 2025 | 00:31
Updated-15 Apr, 2025 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
H3C Magic BE18000 HTTP POST Request getCapabilityWeb FCGI_CheckStringIfContainsSemicolon command injection

A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014 and classified as critical. This issue affects the function FCGI_CheckStringIfContainsSemicolon of the file /api/wizard/getCapabilityWeb of the component HTTP POST Request Handler. The manipulation leads to command injection. Access to the local network is required for this attack to succeed. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.

Action-Not Available
Vendor-New H3C Technologies Co., Ltd.
Product-Magic NX30 ProMagic BE18000Magic NX15Magic NX400Magic R3010
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-1041
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9||CRITICAL
EPSS-0.83% / 73.67%
||
7 Day CHG~0.00%
Published-14 Jul, 2020 | 22:53
Updated-04 Aug, 2024 | 06:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1032, CVE-2020-1036, CVE-2020-1040, CVE-2020-1042, CVE-2020-1043.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_server_2008Windows Server
CWE ID-CWE-20
Improper Input Validation
CVE-2020-1032
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9||CRITICAL
EPSS-0.83% / 73.67%
||
7 Day CHG~0.00%
Published-14 Jul, 2020 | 22:53
Updated-04 Aug, 2024 | 06:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1036, CVE-2020-1040, CVE-2020-1041, CVE-2020-1042, CVE-2020-1043.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_server_2008Windows Server
CWE ID-CWE-20
Improper Input Validation
CVE-2020-1040
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9||CRITICAL
EPSS-0.43% / 61.72%
||
7 Day CHG~0.00%
Published-14 Jul, 2020 | 22:53
Updated-30 Jul, 2025 | 01:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1032, CVE-2020-1036, CVE-2020-1041, CVE-2020-1042, CVE-2020-1043.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2008windows_server_2012Windows ServerHyper-V RemoteFX
CWE ID-CWE-20
Improper Input Validation
CVE-2025-2727
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.6||HIGH
EPSS-1.42% / 79.77%
||
7 Day CHG+0.47%
Published-25 Mar, 2025 | 02:31
Updated-11 Apr, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
H3C Magic NX30 Pro HTTP POST Request getNetworkStatus command injection

A vulnerability, which was classified as critical, was found in H3C Magic NX30 Pro up to V100R007. This affects an unknown part of the file /api/wizard/getNetworkStatus of the component HTTP POST Request Handler. The manipulation leads to command injection. Access to the local network is required for this attack to succeed. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.

Action-Not Available
Vendor-New H3C Technologies Co., Ltd.
Product-Magic NX30 Pro
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found