Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-7848

Summary
Assigner-krcert
Assigner Org ID-cdd7a122-0fae-4202-8d86-14efbacc2863
Published At-17 Feb, 2021 | 13:29
Updated At-04 Aug, 2024 | 09:41
Rejected At-
Credits

The EFM ipTIME C200 IP Camera is affected by a Command Injection vulnerability in /login.cgi?logout=1 script. To exploit this vulnerability, an attacker can send a GET request that executes arbitrary OS commands via cookie value.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:krcert
Assigner Org ID:cdd7a122-0fae-4202-8d86-14efbacc2863
Published At:17 Feb, 2021 | 13:29
Updated At:04 Aug, 2024 | 09:41
Rejected At:
▼CVE Numbering Authority (CNA)

The EFM ipTIME C200 IP Camera is affected by a Command Injection vulnerability in /login.cgi?logout=1 script. To exploit this vulnerability, an attacker can send a GET request that executes arbitrary OS commands via cookie value.

Affected Products
Vendor
EFM networks & multimedia
Product
ipTIME C200 IP Camera
Platforms
  • Windows
Versions
Affected
  • From 1.0.12 through 1.0.12 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-20CWE-20 Improper Input Validation
Type: CWE
CWE ID: CWE-20
Description: CWE-20 Improper Input Validation
Metrics
VersionBase scoreBase severityVector
3.18.0HIGH
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.0
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35905
x_refsource_MISC
Hyperlink: https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35905
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35905
x_refsource_MISC
x_transferred
Hyperlink: https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35905
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:vuln@krcert.or.kr
Published At:17 Feb, 2021 | 14:15
Updated At:18 Feb, 2021 | 15:43

The EFM ipTIME C200 IP Camera is affected by a Command Injection vulnerability in /login.cgi?logout=1 script. To exploit this vulnerability, an attacker can send a GET request that executes arbitrary OS commands via cookie value.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.0HIGH
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary3.18.0HIGH
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary2.07.7HIGH
AV:A/AC:L/Au:S/C:C/I:C/A:C
Type: Primary
Version: 3.1
Base score: 8.0
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.0
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 7.7
Base severity: HIGH
Vector:
AV:A/AC:L/Au:S/C:C/I:C/A:C
CPE Matches
iptime
iptime
>>c200>>-
cpe:2.3:h:iptime:c200:-:*:*:*:*:*:*:*
iptime
iptime
>>c200_firmware>>1.0.12
cpe:2.3:o:iptime:c200_firmware:1.0.12:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-77Primarynvd@nist.gov
CWE-20Secondaryvuln@krcert.or.kr
CWE ID: CWE-77
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-20
Type: Secondary
Source: vuln@krcert.or.kr
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35905vuln@krcert.or.kr
Third Party Advisory
Hyperlink: https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35905
Source: vuln@krcert.or.kr
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

114Records found
CVE-2020-7847
Matching Score-8
Assigner-KrCERT/CC
ShareView Details
Matching Score-8
Assigner-KrCERT/CC
CVSS Score-7.4||HIGH
EPSS-0.27% / 50.20%
||
7 Day CHG~0.00%
Published-23 Feb, 2021 | 15:39
Updated-04 Aug, 2024 | 09:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ipTIME NAS product allows an arbitrary file upload vulnerability in the Manage Bulletins/Upload feature, which can be leveraged to gain remote code execution. This issue affects: pTIME NAS 1.4.36.

Action-Not Available
Vendor-iptimeEFM Networks
Product-nas1dualnas3nas101nas4dualnas4_firmwarenas2dual_firmwarenas101_firmwarenas3_firmwarenas-iienas2dualnas-ii_firmwarenas-i_firmwarenas-inas4dual_firmwarenas-iie_firmwarenas-iinas1dual_firmwarenas4ipTIME NAS
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-33180
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-8||HIGH
EPSS-0.15% / 35.46%
||
7 Day CHG~0.00%
Published-24 Feb, 2026 | 18:41
Updated-27 Feb, 2026 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escalation of privileges.

Action-Not Available
Vendor-NVIDIA Corporation
Product-quantum-x800gb300_nvl72dgx_gb200nvoscumulus_linuxNVOSCumulus Linux LTSCumulus Linux GA
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-0910
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.4||HIGH
EPSS-14.77% / 94.52%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 15:12
Updated-04 Aug, 2024 | 06:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10WindowsWindows 10 Version 1903 for x64-based SystemsWindows ServerWindows Server, version 1909 (Server Core installation)Windows Server, version 1903 (Server Core installation)Windows 10 Version 1909 for x64-based Systems
CWE ID-CWE-20
Improper Input Validation
CVE-2018-0965
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.4||HIGH
EPSS-0.83% / 74.54%
||
7 Day CHG~0.00%
Published-13 Sep, 2018 | 00:00
Updated-05 Aug, 2024 | 03:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8439.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10Windows 10 ServersWindows 10Windows Server 2016
CWE ID-CWE-20
Improper Input Validation
CVE-2017-8193
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-8||HIGH
EPSS-0.44% / 63.15%
||
7 Day CHG~0.00%
Published-22 Nov, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The FusionSphere OpenStack V100R006C00SPC102(NFV) has a command injection vulnerability. Due to the insufficient input validation on one port, an authenticated, local attacker may exploit the vulnerability to gain root privileges by sending message with malicious commands.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-fusionsphere_openstackFusionSphere OpenStack
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-3540
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.6||HIGH
EPSS-0.52% / 66.75%
||
7 Day CHG~0.00%
Published-13 Apr, 2025 | 22:31
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
H3C Magic NX15/Magic NX30 Pro/Magic NX400/Magic R3010 HTTP POST Request getCapability FCGI_WizardProtoProcess command injection

A vulnerability classified as critical was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400 and Magic R3010 up to V100R014. Affected by this vulnerability is the function FCGI_WizardProtoProcess of the file /api/wizard/getCapability of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.

Action-Not Available
Vendor-New H3C Technologies Co., Ltd.
Product-Magic R3010Magic NX30 ProMagic NX15Magic NX400
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-3545
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.6||HIGH
EPSS-0.52% / 66.75%
||
7 Day CHG~0.00%
Published-14 Apr, 2025 | 01:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
H3C Magic BE18000 HTTP POST Request setLanguage FCGI_CheckStringIfContainsSemicolon command injection

A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been classified as critical. Affected is the function FCGI_CheckStringIfContainsSemicolon of the file /api/wizard/setLanguage of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack needs to be approached within the local network. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.

Action-Not Available
Vendor-New H3C Technologies Co., Ltd.
Product-Magic NX30 ProMagic BE18000Magic NX15Magic NX400Magic R3010
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-3544
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.6||HIGH
EPSS-0.52% / 66.75%
||
7 Day CHG~0.00%
Published-14 Apr, 2025 | 00:31
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
H3C Magic BE18000 HTTP POST Request getCapabilityWeb FCGI_CheckStringIfContainsSemicolon command injection

A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014 and classified as critical. This issue affects the function FCGI_CheckStringIfContainsSemicolon of the file /api/wizard/getCapabilityWeb of the component HTTP POST Request Handler. The manipulation leads to command injection. Access to the local network is required for this attack to succeed. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.

Action-Not Available
Vendor-New H3C Technologies Co., Ltd.
Product-Magic NX30 ProMagic BE18000Magic NX15Magic NX400Magic R3010
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2019-20701
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-0.30% / 53.73%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 14:39
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d3600_firmwared6000_firmwared3600xr500_firmwared6000xr500n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2019-20704
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.34% / 57.07%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 14:41
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d3600_firmwared6000_firmwared3600xr500_firmwared6000xr500n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2019-20706
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.22% / 44.98%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 14:54
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7800 before 1.0.2.60 and XR500 before 2.3.2.32.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-xr500_firmwarer7800r7800_firmwarexr500n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2019-20702
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.34% / 57.07%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 14:40
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d3600_firmwared6000_firmwared3600xr500_firmwared6000xr500n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-2732
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.6||HIGH
EPSS-0.39% / 60.11%
||
7 Day CHG~0.00%
Published-25 Mar, 2025 | 04:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
H3C Magic BE18000 HTTP POST Request getWifiNeighbour command injection

A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/wizard/getWifiNeighbour of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.

Action-Not Available
Vendor-New H3C Technologies Co., Ltd.
Product-Magic R3010Magic NX400Magic BE18000Magic NX30 ProMagic NX15
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-2728
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.6||HIGH
EPSS-0.39% / 60.11%
||
7 Day CHG~0.00%
Published-25 Mar, 2025 | 02:31
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
H3C Magic NX30 Pro/Magic NX400 getNetworkConf command injection

A vulnerability has been found in H3C Magic NX30 Pro and Magic NX400 up to V100R014 and classified as critical. This vulnerability affects unknown code of the file /api/wizard/getNetworkConf. The manipulation leads to command injection. The attack needs to be approached within the local network. It is recommended to upgrade the affected component.

Action-Not Available
Vendor-New H3C Technologies Co., Ltd.
Product-Magic NX400Magic NX30 Pro
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-2725
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.6||HIGH
EPSS-0.40% / 60.39%
||
7 Day CHG~0.00%
Published-25 Mar, 2025 | 02:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
H3C Magic BE18000 HTTP POST Request auth command injection

A vulnerability classified as critical was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected by this vulnerability is an unknown functionality of the file /api/login/auth of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.

Action-Not Available
Vendor-New H3C Technologies Co., Ltd.
Product-Magic R3010Magic NX400Magic BE18000Magic NX30 ProMagic NX15
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-2731
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.6||HIGH
EPSS-0.39% / 60.11%
||
7 Day CHG~0.00%
Published-25 Mar, 2025 | 03:31
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
H3C Magic BE18000 HTTP POST Request getDualbandSync command injection

A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/wizard/getDualbandSync of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.

Action-Not Available
Vendor-New H3C Technologies Co., Ltd.
Product-Magic R3010Magic NX400Magic BE18000Magic NX30 ProMagic NX15
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-2730
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.6||HIGH
EPSS-0.39% / 60.11%
||
7 Day CHG~0.00%
Published-25 Mar, 2025 | 03:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
H3C Magic BE18000 HTTP POST Request getssidname command injection

A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been classified as critical. Affected is an unknown function of the file /api/wizard/getssidname of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.

Action-Not Available
Vendor-New H3C Technologies Co., Ltd.
Product-Magic R3010Magic NX400Magic BE18000Magic NX30 ProMagic NX15
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-2729
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.6||HIGH
EPSS-0.39% / 60.11%
||
7 Day CHG~0.00%
Published-25 Mar, 2025 | 03:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
H3C Magic BE18000 HTTP POST Request networkSetup command injection

A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014 and classified as critical. This issue affects some unknown processing of the file /api/wizard/networkSetup of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack can only be done within the local network. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.

Action-Not Available
Vendor-New H3C Technologies Co., Ltd.
Product-Magic R3010Magic NX400Magic BE18000Magic NX30 ProMagic NX15
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2019-20708
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-0.16% / 37.35%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 14:56
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d3600_firmwared6000_firmwared3600xr500_firmwared6000xr500n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-24818
Matching Score-4
Assigner-Nokia
ShareView Details
Matching Score-4
Assigner-Nokia
CVSS Score-8||HIGH
EPSS-0.11% / 29.08%
||
7 Day CHG+0.01%
Published-07 Apr, 2026 | 15:13
Updated-08 Apr, 2026 | 21:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
An OS Command Injection vulnerability in Nokia MantaRay NM

Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper neutralization of special elements used in an OS command in Log Search application.

Action-Not Available
Vendor-Nokia Corporation
Product-MantaRay NM
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2019-20761
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.6||HIGH
EPSS-0.35% / 57.30%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 21:12
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR R7800 devices before 1.0.2.62 are affected by command injection by an authenticated user.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r7800r7800_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2019-20709
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-0.30% / 53.73%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 15:28
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d3600_firmwared6000_firmwared3600xr500_firmwared6000xr500n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2019-20680
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7||HIGH
EPSS-0.18% / 39.83%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 19:53
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7000v2 before 1.0.0.53, R6220 before 1.1.0.80, R6260 before 1.1.0.64, R6700 before 1.0.2.6, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900 before 1.0.2.4, R6900P before 1.3.1.64, R6900v2 before 1.2.0.36, R7000 before 1.0.9.60, R7000P before 1.3.1.64, R7800 before 1.0.2.60, R7900 before 1.0.3.8, R7900P before 1.4.1.30, R8000 before 1.0.4.46, R8000P before 1.4.1.30, R8300 before 1.0.2.128, R8500 before 1.0.2.128, R8900 before 1.0.4.12, R9000 before 1.0.4.12, and XR500 before 2.3.2.32.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r8900_firmwarer6220_firmwarer8000r6900pr7900r8000pr6900p_firmwarer6800r8300r8500_firmwarer6260_firmwarer6260r7000_firmwarer6220r8000p_firmwarexr500_firmwarer7900pxr500r7000p_firmwarer8500d7000r8900r9000_firmwared7000_firmwarer6700r8300_firmwarer7000r6900r7000pr9000r6900_firmwarer7800r7900_firmwarer7800_firmwarer6700_firmwarer7900p_firmwarer6800_firmwarer8000_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2019-20707
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.41% / 61.56%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 14:55
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7800 before 1.0.2.60 and XR500 before 2.3.2.32.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-xr500_firmwarer7800r7800_firmwarexr500n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2016-4822
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8||HIGH
EPSS-0.78% / 73.73%
||
7 Day CHG~0.00%
Published-25 Jun, 2016 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Corega CG-WLBARGL devices allow remote authenticated users to execute arbitrary commands via unspecified vectors.

Action-Not Available
Vendor-coregan/a
Product-cg-wlbarglcg-wlbargl_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2019-20711
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-0.30% / 53.73%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 15:33
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d3600_firmwared6000_firmwared3600xr500_firmwared6000xr500n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2019-20703
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.43% / 62.47%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 14:40
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d3600_firmwared6000_firmwared3600xr500_firmwared6000xr500n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-10961
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.33% / 55.71%
||
7 Day CHG~0.00%
Published-25 Sep, 2025 | 18:02
Updated-07 Oct, 2025 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wavlink NU516U1 Delete_Mac_list wireless.cgi sub_4030C0 command injection

A vulnerability was determined in Wavlink NU516U1 M16U1_V240425. This affects the function sub_4030C0 of the file /cgi-bin/wireless.cgi of the component Delete_Mac_list Page. Executing manipulation of the argument delete_list can lead to command injection. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-WAVLINK Technology Ltd.
Product-wl-nu516u1_firmwarewl-nu516u1NU516U1
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2019-20710
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-0.32% / 54.62%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 15:32
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d3600_firmwared6000_firmwared3600xr500_firmwared6000xr500n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2019-20705
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.41% / 61.56%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 14:42
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d3600_firmwared6000_firmwared3600xr500_firmwared6000xr500n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-41031
Matching Score-4
Assigner-Exodus Intelligence
ShareView Details
Matching Score-4
Assigner-Exodus Intelligence
CVSS Score-8||HIGH
EPSS-0.26% / 49.31%
||
7 Day CHG~0.00%
Published-22 Sep, 2023 | 16:07
Updated-24 Sep, 2024 | 18:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Juplink RX4-1500 homemng.htm Command Injection Vulnerability

Command injection in homemng.htm in Juplink RX4-1500 versions V1.0.2, V1.0.3, V1.0.4, and V1.0.5 allows remote authenticated attackers to execute commands via specially crafted requests to the vulnerable endpoint.

Action-Not Available
Vendor-juplinkJuplinkjuplink
Product-rx4-1500_firmwarerx4-1500RX4-1500rx4-1500
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-9199
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-6.8||MEDIUM
EPSS-0.24% / 47.41%
||
7 Day CHG~0.00%
Published-03 Sep, 2020 | 17:58
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

B2368-22 V100R001C00;B2368-57 V100R001C00;B2368-66 V100R001C00 have a command injection vulnerability. An attacker with high privileges may exploit this vulnerability through some operations on the LAN. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject commands to the target device.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-b2368-57b2368-22b2368-57_firmwareb2368-66_firmwareb2368-66b2368-22_firmwareB2368-22;B2368-57;B2368-66
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2019-1398
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.4||HIGH
EPSS-0.74% / 73.01%
||
7 Day CHG~0.00%
Published-12 Nov, 2019 | 18:52
Updated-04 Aug, 2024 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1389, CVE-2019-1397.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10WindowsWindows Server, version 1903 (Server Core installation)Windows ServerWindows 10 Version 1903 for x64-based Systems
CWE ID-CWE-20
Improper Input Validation
CVE-2022-44611
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 8.67%
||
7 Day CHG~0.00%
Published-11 Aug, 2023 | 02:37
Updated-13 Feb, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via adjacent access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-xeon_w-1350_firmwarecore_i3-9100_firmwarecore_i7-11850he_firmwarecore_i7-11370h_firmwarexeon_e-2378gcore_i7-1068ng7core_i7-1160g7core_i5-1035g7core_i3-10105f_firmwarecore_i3-8350k_firmwarecore_i3-9350k_firmwarexeon_e-2124g_firmwarecore_i7-9700kfcore_i5-8305g_firmwarexeon_e-2314xeon_e-2254me_firmwarecore_i7-10870h_firmwarecore_i5-8400hpentium_n6415_firmwarexeon_e-2276me_firmwarecore_i3-1110g4_firmwarecore_i5-11600_firmwarecore_i3-1110g4core_i7-1060g7_firmwarecore_i7-9700core_i5-10200hxeon_e-2226gcore_i9-9900kfcore_i3-10100f_firmwarecore_i5-1035g4core_i3-8145ucore_i5-10400hcore_i7-10700k_firmwarecore_i7-11700xeon_e-2276m_firmwarecore_i5-9600_firmwarecore_i5-9600t_firmwarecore_i3-10100ycore_i7-9700tecore_i5-10400tcore_i3-8109ucore_i7-11370hcore_i5-10310ucore_i5-9400f_firmwarecore_i9-11900txeon_e-2224xeon_e-2186m_firmwarecore_i7-10700t_firmwarecore_i7-9700f_firmwarecore_i7-1195g7_firmwarecore_i5-9500e_firmwarecore_i5-11600txeon_e-2378core_i7-11850hcore_i5-8269u_firmwarecore_i9-11900xeon_e-2278gexeon_e-2134_firmwarecore_i5-10600_firmwarecore_i3-9100hlcore_i5-10400core_i5-8400bcore_i3-9300t_firmwarecore_i7-10610u_firmwarecore_i7-10710u_firmwarecore_i5-10500tecore_i5-9500_firmwarecore_i7-11850hecore_i5-11600core_i5-8400h_firmwarecore_i3-9100tecore_i7-9700fcore_i9-10980hkcore_i5-8600xeon_e-2136core_i7-9700kcore_i7-10510ucore_i5-9400_firmwarecore_i5-10400t_firmwarecore_i7-8500y_firmwarecore_i3-10100ecore_i3-8100core_i7-1060g7core_i9-11900hcore_i9-10900core_i5-11600k_firmwarexeon_w-1390p_firmwarecore_i3-11100hexeon_e-2374g_firmwarecore_i3-10100txeon_w-1390t_firmwarecore_i7-11700k_firmwarecore_i9-10900kcore_i3-10325_firmwarexeon_e-2386gcore_i5-8600kcore_i7-10700te_firmwarecore_i7-8700k_firmwarecore_i9-10900fxeon_e-2124_firmwarecore_i5-11500t_firmwarecore_i7-8700_firmwarecore_i7-1160g7_firmwarecore_i7-8750hcore_i3-10105t_firmwarecore_i5-8365uxeon_e-2226ge_firmwarecore_i5-9600kfcore_i5-8500b_firmwarecore_i3-10100tecore_i5-10400_firmwarecore_i3-1115gre_firmwarecore_i7-10700fxeon_e-2286mcore_i5-1030g4_firmwarecore_i7-9850he_firmwarecore_i7-8557u_firmwarecore_i7-1180g7_firmwarecore_i5-1145g7core_i3-1125g4core_i7-1068ng7_firmwarecore_i7-10750hxeon_e-2276gxeon_w-1390core_i3-8300core_i3-1000g4xeon_e-2186gatom_x6427fexeon_e-2174gceleron_j6413_firmwarecore_i7-8809gcore_i3-8145uecore_i5-10400h_firmwarecore_i7-8700bcore_i5-10500_firmwarecore_i5-11400t_firmwarecore_i3-1115g4core_i7-11700f_firmwarexeon_e-2334_firmwarecore_i5-10210ycore_i5-1140g7core_i5-10500ecore_i9-9900kf_firmwarecore_i5-9400tcore_i5-9500fcore_i5-10210u_firmwarecore_i5-8300hcore_i5-8600t_firmwarecore_i5-10600tcore_i7-9850hexeon_e-2356gcore_i3-10110yatom_x6414re_firmwarecore_i5-10600kfcore_i7-10700ecore_i5-11600kfcore_i9-9900kscore_i5-10500h_firmwarecore_i5-9600core_i7-11700kfcore_i7-10870hcore_i5-8600_firmwarecore_i3-9100fcore_i5-9600kf_firmwarecore_i9-11900_firmwareatom_x6212re_firmwarexeon_e-2224_firmwarecore_i7-9750hfcore_i5-9300h_firmwarexeon_e-2274gcore_i7-10700kcore_i5-11500tcore_i5-9500core_i3-9320_firmwarexeon_e-2278gelcore_i3-8145ue_firmwarecore_i5-10500te_firmwarecore_i5-8400b_firmwarecore_i3-8100_firmwarecore_i7-11700kcore_i5-1130g7_firmwarexeon_e-2124core_i9-9880hcore_i7-10710ucore_i5-8500t_firmwarexeon_w-1350p_firmwarecore_i7-10700kfcore_i3-11100he_firmwarecore_i5-8300h_firmwarexeon_e-2136_firmwarexeon_e-2276g_firmwarexeon_e-2276mecore_i7-8565uxeon_e-2274g_firmwarecore_i3-10300_firmwarecore_i7-8706g_firmwarecore_i9-11900t_firmwarecore_i3-8100t_firmwarecore_i5-8259ucore_i9-11900fcore_i9-9900core_i7-10510y_firmwarecore_i7-9850hl_firmwarecore_i3-10100e_firmwarecore_i7-11600hcore_i7-11390h_firmwarexeon_e-2146g_firmwarecore_i7-8850h_firmwarecore_i3-8140ucore_i5-1038ng7_firmwarexeon_e-2336xeon_e-2388gcore_i7-9700kf_firmwarecore_i3-10105core_i7-9850h_firmwarecore_i3-10100te_firmwarecore_i3-1120g4_firmwarecore_i9-10900k_firmwarexeon_e-2278g_firmwarecore_i7-8550uxeon_e-2276ml_firmwarexeon_e-2224gatom_x6211ecore_i3-9100tcore_i7-1185g7_firmwarecore_i5-8310y_firmwarecore_i5-11320hxeon_e-2226gecore_i3-10300t_firmwarecore_i5-9300hcore_i7-11375h_firmwarecore_i9-10900_firmwarecore_i7-8559u_firmwarecore_i7-8086k_firmwarecore_i7-10610ucore_i5-10505_firmwarecore_i5-1035g1_firmwarecore_i7-8665u_firmwarexeon_e-2176g_firmwarecore_i7-8500ycore_i5-9400hcore_i9-9900tcore_i3-8145u_firmwarexeon_w-1390pcore_i5-11260hcore_i7-9700e_firmwarecore_i5-10300h_firmwarecore_i7-11850h_firmwarecore_i5-8210yceleron_n6211core_i7-8750h_firmwarecore_i5-10200h_firmwarecore_i9-11900f_firmwarecore_i5-11300h_firmwarecore_i3-8300t_firmwarecore_i3-8109u_firmwareceleron_n6211_firmwarecore_i7-11700t_firmwarecore_i7-9700k_firmwarexeon_e-2288g_firmwarecore_i3-9100f_firmwarecore_i5-1145g7e_firmwarexeon_e-2246g_firmwarecore_i7-1185gre_firmwarexeon_e-2176m_firmwarecore_i3-10300txeon_e-2174g_firmwarecore_i3-8100b_firmwarecore_i5-11500core_i5-1135g7core_i9-8950hk_firmwarecore_i5-8500core_i5-9500te_firmwarepentium_j6425_firmwareatom_x6200fecore_i5-8265ucore_i7-10700kf_firmwarexeon_e-2254mecore_i7-9750hxeon_e-2336_firmwareatom_x6413e_firmwarexeon_e-2286g_firmwarecore_i3-10305tcore_i3-8350kcore_i7-10700_firmwarecore_i5-9600k_firmwarecore_i9-9900t_firmwarecore_i3-9100xeon_e-2224g_firmwarecore_i5-1145gre_firmwareatom_x6212rexeon_e-2276mcore_i7-8705gcore_i7-8665ucore_i5-9500ecore_i3-8300tcore_i7-8706gcore_i7-11700fxeon_e-2236core_i9-9880h_firmwarexeon_w-1370core_i7-8700t_firmwarecore_i7-10850hxeon_e-2236_firmwarecore_i7-1185grecore_i3-1125g4_firmwarecore_i7-11375hxeon_e-2126g_firmwarecore_i7-11800h_firmwarecore_i7-8700core_i5-8259u_firmwarecore_i5-10400fcore_i7-8665ue_firmwarecore_i5-8400atom_x6200fe_firmwarecore_i7-8705g_firmwarecore_i9-10900te_firmwarecore_i3-10300core_i7-10700tcore_i5-1140g7_firmwarecore_i7-8086kcore_i5-10210ucore_i5-8257ucore_i5-8365ue_firmwarecore_i7-8700kcore_i9-11900kf_firmwarecore_i5-1155g7_firmwarecore_i5-8600k_firmwarecore_i7-10510u_firmwarexeon_e-2134xeon_e-2226g_firmwarecore_i3-10100_firmwarecore_i5-10505xeon_w-1390tcore_i5-1030g7core_i5-10310y_firmwarecore_i7-8569u_firmwarepentium_n6415core_i7\+8700_firmwarexeon_e-2144g_firmwarecore_i3-1000g1core_i7-10510ycore_i7-1185g7e_firmwarecore_i5-10600kf_firmwarecore_i5-8210y_firmwarecore_i3-10110ucore_i7-11800hcore_i3-9100e_firmwarecore_i5-9600kcore_i3-10305t_firmwarecore_i5-10310u_firmwarecore_i9-10900f_firmwarecore_i3-9100hl_firmwarecore_i3-10105fcore_i5-1155g7core_i3-8100hcore_i3-9100t_firmwarecore_i5-11320h_firmwarecore_i9-11950hxeon_e-2386g_firmwarecore_i5-10300hcore_i5-8350ucore_i3-1005g1_firmwarecore_i7-11700txeon_e-2246gcore_i5-8500tcore_i3-10100y_firmwarecore_i5-11400h_firmwarecore_i5-11500h_firmwarecore_i9-11900kcore_i5-8350u_firmwarecore_i7-8700b_firmwarecore_i9-8950hkcore_i9-10900ecore_i9-10850kcore_i5-9300hf_firmwarexeon_e-2314_firmwarecore_i9-9900ks_firmwarexeon_e-2254mlcore_i5-8400tcore_i3-9300_firmwarecore_i7-10700core_i7-11600h_firmwarecore_i3-9100te_firmwarexeon_e-2254ml_firmwarecore_i7-10750h_firmwarexeon_e-2334core_i3-10105tcore_i9-10885hatom_x6211e_firmwarepentium_j6425core_i5-11400tcore_i5-11300hcore_i9-11900kfcore_i3-10325core_i3-9300core_i7-10875hxeon_e-2276mlxeon_e-2244gcore_i9-9900kcore_i3-9350kf_firmwarexeon_e-2176gxeon_e-2324gcore_i9-11900k_firmwarecore_i7-8709gcore_i3-10100core_i5-8200y_firmwarecore_i7-8550u_firmwarecore_i5-1035g7_firmwarecore_i7-10700f_firmwarecore_i5-9400core_m3-8100y_firmwarecore_i3-8100tcore_i7-8557uxeon_e-2278ge_firmwarecore_i5-9500tcore_i5-8260u_firmwarecore_i7-8700tcore_i3-10305_firmwarecore_i7-8650ucore_i5-11400fcore_i5-11500_firmwarecore_i9-10900e_firmwarecore_i5-1145grexeon_e-2286m_firmwareatom_x6414recore_i7-1180g7xeon_e-2378g_firmwarecore_i7-9750h_firmwarexeon_w-1390_firmwareatom_x6425re_firmwarecore_i9-11950h_firmwarexeon_e-2234_firmwarecore_i5-1035g1core_i5-1038ng7core_i5-11260h_firmwarecore_i7-8565u_firmwarecore_i5-11400f_firmwarecore_i7-10700e_firmwarexeon_e-2186g_firmwarecore_i5-1035g4_firmwarecore_i3-10110y_firmwarecore_i5-8500bcore_i7-1195g7core_i7-1185g7xeon_e-2124gcore_i7-1165g7core_i5-8269ucore_i5-11600katom_x6427fe_firmwarecore_i9-11900h_firmwarecore_i7-11390hcore_i5-1030g4core_i7-10700texeon_e-2288gcore_i3-9100exeon_e-2234core_i5-10500core_i7-8709g_firmwareatom_x6425ecore_i7-11700_firmwarexeon_e-2356g_firmwarecore_i7-9850hcore_i5-9400fcore_i7-9700t_firmwarecore_i5-10500e_firmwarecore_i5-11500he_firmwarecore_i5-8279ucore_i5-8279u_firmwarecore_i3-8130u_firmwarecore_i5-9500f_firmwarecore_i5-1145g7_firmwarecore_i5-10600t_firmwarecore_i5-9300hfcore_i5-10210y_firmwarecore_i5-11400hcore_i5-8250uatom_x6425recore_i3-8140u_firmwarecore_i3-10305core_i3-1000g4_firmwarexeon_e-2126gcore_i7-9700txeon_w-1370p_firmwarecore_i5-11400_firmwarecore_i7-9850hlcore_i7-8650u_firmwarecore_i9-11980hkcore_i5-10600kcore_i3-9350kfxeon_w-1370pxeon_e-2388g_firmwarecore_i9-9900k_firmwarecore_m3-8100ycore_i7-1165g7_firmwarecore_i5-8250u_firmwarecore_i9-10900kfxeon_e-2186mcore_i7-9700ecore_i3-1115g4e_firmwarecore_i5-8400_firmwarexeon_e-2176mcore_i5-1130g7core_i3-1120g4core_i3-1000g1_firmwarecore_i5-10600k_firmwarecore_i7-9750hf_firmwarecore_i5-10310ycore_i5-8400t_firmwarexeon_e-2286gcore_i5-8365u_firmwarecore_i5-10500hcore_i5-8260ucore_i9-10900t_firmwarecore_i7-10810u_firmwarecore_i3-10100t_firmwarecore_i5-11600kf_firmwarecore_i3-9300txeon_e-2244g_firmwarecore_i7-10810ucore_i5-10400f_firmwarecore_i3-8100h_firmwarecore_i7-11700kf_firmwarecore_i3-1115g4_firmwarecore_i3-10105_firmwareceleron_j6413xeon_w-1370_firmwarexeon_e-2278gcore_i7-10875h_firmwarecore_i3-1115grexeon_e-2378_firmwarecore_i7-8850hcore_i5-10500t_firmwarecore_i5-11500hcore_i5-8265u_firmwarexeon_e-2374gcore_i3-10100fcore_i3-8300_firmwareatom_x6425e_firmwarecore_i9-9900_firmwareatom_x6413ecore_i7-1065g7_firmwarecore_i5-1135g7_firmwarecore_i5-10600core_i7\+8700core_i5-8257u_firmwarecore_i3-1115g4ecore_i9-10900kf_firmwarexeon_w-1350core_i3-9350kcore_i5-8500_firmwarecore_i5-11600t_firmwarecore_i9-11980hk_firmwarecore_i9-10850k_firmwarecore_i5-8365uecore_i7-8665uecore_i7-8809g_firmwarecore_i9-10885h_firmwarecore_i5-1145g7ecore_i9-9980hk_firmwarecore_i5-11500hecore_i5-1030g7_firmwarecore_i5-9400h_firmwarecore_i3-10320core_i9-10900tcore_i5-8200ycore_i5-8310ycore_i3-10110u_firmwarecore_i5-9500texeon_e-2324g_firmwarexeon_e-2278gel_firmwarexeon_e-2144gxeon_w-1350pcore_i5-9500t_firmwarecore_i7-8569ucore_i7-9700te_firmwarecore_i5-10500tcore_i3-10320_firmwarecore_i7-1185g7ecore_i3-1005g1core_i3-8100bcore_i5-9600tcore_i3-9320core_i5-11400core_i7-10850h_firmwarecore_i7-1065g7core_i5-8600tcore_i5-8305gcore_i9-9980hkcore_i7-8559ucore_i5-9400t_firmwarecore_i9-10900tecore_i7-9700_firmwarecore_i9-10980hk_firmwarexeon_e-2146gcore_i3-8130uIntel(R) Processors
CWE ID-CWE-20
Improper Input Validation
CVE-2019-1397
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.4||HIGH
EPSS-1.00% / 77.06%
||
7 Day CHG~0.00%
Published-12 Nov, 2019 | 18:52
Updated-04 Aug, 2024 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1389, CVE-2019-1398.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows Server, version 1903 (Server Core installation)Windows ServerWindows 10 Version 1903 for x64-based Systems
CWE ID-CWE-20
Improper Input Validation
CVE-2019-1389
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.4||HIGH
EPSS-1.00% / 77.06%
||
7 Day CHG~0.00%
Published-12 Nov, 2019 | 18:52
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1397, CVE-2019-1398.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_7windows_10windows_server_2008WindowsWindows Server
CWE ID-CWE-20
Improper Input Validation
CVE-2026-33826
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8||HIGH
EPSS-0.38% / 59.15%
||
7 Day CHG~0.00%
Published-14 Apr, 2026 | 16:57
Updated-17 Apr, 2026 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Active Directory Remote Code Execution Vulnerability

Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2016windows_server_2012windows_server_2022windows_server_2025windows_server_2019Windows Server 2025Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025 (Server Core installation)Windows Server 2016Windows Server 2012 R2 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2012 R2Windows Server 2022Windows Server 2016 (Server Core installation)Windows Server 2019
CWE ID-CWE-20
Improper Input Validation
CVE-2023-43202
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-1.50% / 81.15%
||
7 Day CHG~0.00%
Published-20 Sep, 2023 | 00:00
Updated-25 Sep, 2024 | 01:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function pcap_download_handler. This vulnerability allows attackers to execute arbitrary commands via the update.device.packet-capture.tftp-file-name parameter.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dwl-6610apdwl-6610ap_firmwaren/adwl-6610ap_firmware
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-43206
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-1.61% / 81.78%
||
7 Day CHG~0.00%
Published-20 Sep, 2023 | 00:00
Updated-24 Sep, 2024 | 18:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function web_cert_download_handler. This vulnerability allows attackers to execute arbitrary commands via the certDownload parameter.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dwl-6610apdwl-6610ap_firmwaren/adwl-6610ap_firmware
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-43207
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-1.95% / 83.48%
||
7 Day CHG~0.00%
Published-20 Sep, 2023 | 00:00
Updated-24 Sep, 2024 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function config_upload_handler. This vulnerability allows attackers to execute arbitrary commands via the configRestore parameter.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dwl-6610apdwl-6610ap_firmwaren/adwl-6610ap_firmware
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-22476
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-5.5||MEDIUM
EPSS-0.22% / 44.88%
||
7 Day CHG~0.00%
Published-06 May, 2025 | 16:08
Updated-04 Nov, 2025 | 17:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Remote execution.

Action-Not Available
Vendor-Dell Inc.
Product-storage_managerDell Storage Center - Dell Storage Manager
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-40062
Matching Score-4
Assigner-SolarWinds
ShareView Details
Matching Score-4
Assigner-SolarWinds
CVSS Score-8||HIGH
EPSS-2.41% / 85.13%
||
7 Day CHG~0.00%
Published-01 Nov, 2023 | 15:29
Updated-05 Sep, 2024 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability

SolarWinds Platform Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability. If executed, this vulnerability would allow a low-privileged user to execute commands with SYSTEM privileges.

Action-Not Available
Vendor-SolarWindsSolarWinds Worldwide, LLC.
Product-solarwinds_platformSolarWinds Platform
CWE ID-CWE-20
Improper Input Validation
CVE-2019-0709
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.6||HIGH
EPSS-37.31% / 97.18%
||
7 Day CHG~0.00%
Published-12 Jun, 2019 | 13:49
Updated-20 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Hyper-V Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code. An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system. The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10Windows 10 Version 1607Windows Server 2016Windows 10 Version 1507Windows 10 Version 1709Windows Server 2016 (Server Core installation)Windows 10 Version 1703
CWE ID-CWE-20
Improper Input Validation
CVE-2018-3963
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-9||CRITICAL
EPSS-0.81% / 74.32%
||
7 Day CHG~0.00%
Published-21 Mar, 2019 | 15:52
Updated-05 Aug, 2024 | 04:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable command injection vulnerability exists in the DHCP daemon configuration of the CUJO Smart Firewall. When adding a new static DHCP address, its corresponding hostname is inserted into the dhcpd.conf file without prior sanitization, allowing for arbitrary execution of system commands. To trigger this vulnerability, an attacker can send a DHCP request message and set up the corresponding static DHCP entry.

Action-Not Available
Vendor-getcujon/a
Product-smart_firewallCUJO
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-37566
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8||HIGH
EPSS-0.43% / 62.60%
||
7 Day CHG~0.00%
Published-13 Jul, 2023 | 01:44
Updated-06 Nov, 2024 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, and LAN-W301NR all versions.

Action-Not Available
Vendor-LOGITEC CORPORATIONElecom Co., Ltd.
Product-wrc-1167febk-a_firmwarewrc-1167ghbk3-a_firmwarewrc-1167febk-awrc-1167ghbk3-aWRC-1167FEBK-AWRC-1900GHBK-ALAN-W301NRWRC-1467GHBK-AWRC-F1167ACF2WRC-1167GHBK3-AWRC-733FEBK2-AWRC-600GHBK-Awrc-f1167acf2wrc-1467ghbk-awrc-600ghbk-alan-w301nrwrc-1167febk-awrc-733febk2-awrc-1900ghbk-awrc-1167ghbk3-a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2019-0550
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.4||HIGH
EPSS-0.68% / 71.52%
||
7 Day CHG~0.00%
Published-08 Jan, 2019 | 21:00
Updated-04 Aug, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote Code Execution Vulnerability." This affects Windows 10 Servers, Windows 10, Windows Server 2019. This CVE ID is unique from CVE-2019-0551.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 ServersWindows 10Windows Server 2019
CWE ID-CWE-20
Improper Input Validation
CVE-2023-36103
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-12.80% / 94.04%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 00:00
Updated-24 Sep, 2024 | 18:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Command Injection vulnerability in goform/SetIPTVCfg interface of Tenda AC15 V15.03.05.20 allows remote attackers to run arbitrary commands via crafted POST request.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac15_firmwareac15n/aac15_firmware
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2019-0965
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.6||HIGH
EPSS-0.54% / 67.60%
||
7 Day CHG~0.00%
Published-14 Aug, 2019 | 20:55
Updated-20 Feb, 2026 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Hyper-V Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code. An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system. The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10windows_server_2019Windows 10 Version 1803Windows Server 2019 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows 10 Version 1809Windows Server 2019Windows 10 Version 1709Windows Server, version 1803 (Server Core Installation)Windows Server, version 1903 (Server Core installation)
CWE ID-CWE-20
Improper Input Validation
CVE-2019-0551
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.4||HIGH
EPSS-0.68% / 71.52%
||
7 Day CHG~0.00%
Published-08 Jan, 2019 | 21:00
Updated-04 Aug, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2019-0550.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows Server 2019Windows 10Windows 10 ServersWindows Server 2016
CWE ID-CWE-20
Improper Input Validation
CVE-2019-0620
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.6||HIGH
EPSS-0.40% / 60.82%
||
7 Day CHG~0.00%
Published-12 Jun, 2019 | 13:49
Updated-20 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Hyper-V Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code. An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system. The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_server_2016windows_rt_8.1windows_server_2019windows_8.1windows_10Windows 10 Version 1803Windows Server, version 1803 (Server Core Installation)Windows Server 2019Windows Server 2012 R2Windows Server 2016Windows Server 2016 (Server Core installation)Windows Server 2019 (Server Core installation)Windows 10 Version 1903 for ARM64-based SystemsWindows Server 2012 R2 (Server Core installation)Windows 10 Version 1607Windows Server, version 1903 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows 10 Version 1507Windows Server 2012 (Server Core installation)Windows 10 Version 1709Windows 8.1Windows Server 2012Windows 10 Version 1703Windows 10 Version 1809
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found