Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-4329

Summary
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
Published At-05 Mar, 2023 | 19:00
Updated At-05 Mar, 2025 | 19:51
Rejected At-
Credits

json-logic-js logic.js command injection

A vulnerability, which was classified as critical, has been found in json-logic-js 2.0.0. Affected by this issue is some unknown functionality of the file logic.js. The manipulation leads to command injection. Upgrading to version 2.0.1 is able to address this issue. The patch is identified as c1dd82f5b15d8a553bb7a0cfa841ab8a11a9c227. It is recommended to upgrade the affected component. VDB-222266 is the identifier assigned to this vulnerability.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulDB
Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5
Published At:05 Mar, 2023 | 19:00
Updated At:05 Mar, 2025 | 19:51
Rejected At:
▼CVE Numbering Authority (CNA)
json-logic-js logic.js command injection

A vulnerability, which was classified as critical, has been found in json-logic-js 2.0.0. Affected by this issue is some unknown functionality of the file logic.js. The manipulation leads to command injection. Upgrading to version 2.0.1 is able to address this issue. The patch is identified as c1dd82f5b15d8a553bb7a0cfa841ab8a11a9c227. It is recommended to upgrade the affected component. VDB-222266 is the identifier assigned to this vulnerability.

Affected Products
Vendor
n/a
Product
json-logic-js
Versions
Affected
  • 2.0.0
Problem Types
TypeCWE IDDescription
CWECWE-77CWE-77 Command Injection
Type: CWE
CWE ID: CWE-77
Description: CWE-77 Command Injection
Metrics
VersionBase scoreBase severityVector
3.15.5MEDIUM
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3.05.5MEDIUM
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2.05.2N/A
AV:A/AC:L/Au:S/C:P/I:P/A:P
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Version: 3.0
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Version: 2.0
Base score: 5.2
Base severity: N/A
Vector:
AV:A/AC:L/Au:S/C:P/I:P/A:P
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
tool
VulDB GitHub Commit Analyzer
Timeline
EventDate
Advisory disclosed2023-03-03 00:00:00
CVE reserved2023-03-03 00:00:00
VulDB entry created2023-03-03 01:00:00
VulDB entry last update2023-03-31 08:24:11
Event: Advisory disclosed
Date: 2023-03-03 00:00:00
Event: CVE reserved
Date: 2023-03-03 00:00:00
Event: VulDB entry created
Date: 2023-03-03 01:00:00
Event: VulDB entry last update
Date: 2023-03-31 08:24:11
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/?id.222266
vdb-entry
technical-description
https://vuldb.com/?ctiid.222266
signature
permissions-required
https://github.com/jwadhams/json-logic-js/pull/98
issue-tracking
https://github.com/jwadhams/json-logic-js/commit/c1dd82f5b15d8a553bb7a0cfa841ab8a11a9c227
patch
Hyperlink: https://vuldb.com/?id.222266
Resource:
vdb-entry
technical-description
Hyperlink: https://vuldb.com/?ctiid.222266
Resource:
signature
permissions-required
Hyperlink: https://github.com/jwadhams/json-logic-js/pull/98
Resource:
issue-tracking
Hyperlink: https://github.com/jwadhams/json-logic-js/commit/c1dd82f5b15d8a553bb7a0cfa841ab8a11a9c227
Resource:
patch
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/?id.222266
vdb-entry
technical-description
x_transferred
https://vuldb.com/?ctiid.222266
signature
permissions-required
x_transferred
https://github.com/jwadhams/json-logic-js/pull/98
issue-tracking
x_transferred
https://github.com/jwadhams/json-logic-js/commit/c1dd82f5b15d8a553bb7a0cfa841ab8a11a9c227
patch
x_transferred
Hyperlink: https://vuldb.com/?id.222266
Resource:
vdb-entry
technical-description
x_transferred
Hyperlink: https://vuldb.com/?ctiid.222266
Resource:
signature
permissions-required
x_transferred
Hyperlink: https://github.com/jwadhams/json-logic-js/pull/98
Resource:
issue-tracking
x_transferred
Hyperlink: https://github.com/jwadhams/json-logic-js/commit/c1dd82f5b15d8a553bb7a0cfa841ab8a11a9c227
Resource:
patch
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cna@vuldb.com
Published At:05 Mar, 2023 | 19:15
Updated At:17 May, 2024 | 02:03

A vulnerability, which was classified as critical, has been found in json-logic-js 2.0.0. Affected by this issue is some unknown functionality of the file logic.js. The manipulation leads to command injection. Upgrading to version 2.0.1 is able to address this issue. The patch is identified as c1dd82f5b15d8a553bb7a0cfa841ab8a11a9c227. It is recommended to upgrade the affected component. VDB-222266 is the identifier assigned to this vulnerability.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary3.15.5MEDIUM
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Secondary2.05.2MEDIUM
AV:A/AC:L/Au:S/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Type: Secondary
Version: 2.0
Base score: 5.2
Base severity: MEDIUM
Vector:
AV:A/AC:L/Au:S/C:P/I:P/A:P
CPE Matches
json-logic-js_project
json-logic-js_project
>>json-logic-js>>2.0.0
cpe:2.3:a:json-logic-js_project:json-logic-js:2.0.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-77Primarynvd@nist.gov
CWE-77Secondarycna@vuldb.com
CWE ID: CWE-77
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-77
Type: Secondary
Source: cna@vuldb.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/jwadhams/json-logic-js/commit/c1dd82f5b15d8a553bb7a0cfa841ab8a11a9c227cna@vuldb.com
Patch
https://github.com/jwadhams/json-logic-js/pull/98cna@vuldb.com
Patch
https://vuldb.com/?ctiid.222266cna@vuldb.com
Permissions Required
Third Party Advisory
https://vuldb.com/?id.222266cna@vuldb.com
Permissions Required
Third Party Advisory
Hyperlink: https://github.com/jwadhams/json-logic-js/commit/c1dd82f5b15d8a553bb7a0cfa841ab8a11a9c227
Source: cna@vuldb.com
Resource:
Patch
Hyperlink: https://github.com/jwadhams/json-logic-js/pull/98
Source: cna@vuldb.com
Resource:
Patch
Hyperlink: https://vuldb.com/?ctiid.222266
Source: cna@vuldb.com
Resource:
Permissions Required
Third Party Advisory
Hyperlink: https://vuldb.com/?id.222266
Source: cna@vuldb.com
Resource:
Permissions Required
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

859Records found
CVE-2021-45580
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.27% / 50.60%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:43
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs850rbk752_firmwarerbk752rbs750_firmwarerbr750rbs750rbs850_firmwarerbr850rbk852_firmwarerbr750_firmwarerbk852rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45572
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.14% / 35.42%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:46
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs850rbk752_firmwarerbk752rbs750_firmwarerbr750rbs750rbs850_firmwarerbr850rbk852_firmwarerbr750_firmwarerbk852rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-46455
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-7.87% / 91.66%
||
7 Day CHG~0.00%
Published-04 Feb, 2022 | 01:33
Updated-04 Aug, 2024 | 05:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetStationSettings. This vulnerability allows attackers to execute arbitrary commands via the station_access_enable parameter.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-823_pro_firmwaredir-823_pron/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45623
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.3||HIGH
EPSS-1.61% / 81.05%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:34
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects R7800 before 1.0.2.74, R9000 before 1.0.5.2, and XR500 before 2.3.2.66.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r7800r9000_firmwarexr500_firmwarer7800_firmwarer9000xr500n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45545
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.14% / 35.42%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:53
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7850 before 1.0.5.74, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, RAX200 before 1.0.4.120, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rax200_firmwarerax80r7900p_firmwarerbr850_firmwarer7850_firmwarerbs850_firmwarer8000rax75rbr850rax80_firmwarer8000prbs850r7960pr8000p_firmwarer7960p_firmwarer7850rax200rax75_firmwarerbk852_firmwarerbk852r7900pr8000_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45549
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.40% / 60.21%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:52
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects LAX20 before 1.1.6.28, MK62 before 1.1.6.122, MR60 before 1.1.6.122, MS60 before 1.1.6.122, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.116, R7000P before 1.3.3.140, R7850 before 1.0.5.68, R7900 before 1.0.4.38, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RS400 before 1.5.1.80, and XR1000 before 1.0.0.58.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-xr1000_firmwarerax80rax40xr1000rax15rs400_firmwarer8000rax75lax20mk62r6900pr6400_firmwarer7900r8000prax35rax50r6900p_firmwarerax35_firmwarer7960pms60_firmwarerax45rs400r7000_firmwarer8000p_firmwarer7850rax20rax200lax20_firmwarer7900prax20_firmwarerax40_firmwarer7000p_firmwarerax200_firmwaremk62_firmwaremr60r7850_firmwarerax43_firmwarer6700mr60_firmwarer7000rax43rax80_firmwarer7000pr7900_firmwarer7960p_firmwarerax15_firmwarerax75_firmwarerax50_firmwarer6400rax45_firmwarer6700_firmwarer7900p_firmwarems60r8000_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-46452
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-5.86% / 90.22%
||
7 Day CHG~0.00%
Published-04 Feb, 2022 | 01:33
Updated-04 Aug, 2024 | 05:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetNetworkTomographySettings. This vulnerability allows attackers to execute arbitrary commands via the tomography_ping_address, tomography_ping_number, tomography_ping_size, tomography_ping_timeout, and tomography_ping_ttl parameters.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-823_pro_firmwaredir-823_pron/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45742
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-20.32% / 95.31%
||
7 Day CHG~0.00%
Published-04 Feb, 2022 | 01:33
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a720ra720r_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45630
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||CRITICAL
EPSS-2.18% / 83.69%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:32
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-cbr40_firmwarerbs750_firmwarecbr750rbs850_firmwarerbr850rbr750_firmwarecbr750_firmwarecbr40rbs850rbk752_firmwarerbk752rbr750rbs750rbk852_firmwarerbk852rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45738
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-25.81% / 96.05%
||
7 Day CHG~0.00%
Published-04 Feb, 2022 | 01:33
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function UploadFirmwareFile. This vulnerability allows attackers to execute arbitrary commands via the parameter FileName.

Action-Not Available
Vendor-n/aTOTOLINK
Product-x5000r_firmwarex5000rn/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45617
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.53% / 80.56%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:35
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX7500 before 1.0.0.72, R6400 before 1.0.1.68, R6900P before 1.3.2.132, R7000 before 1.0.11.116, R7000P before 1.3.2.132, R7900 before 1.0.4.38, R7960P before 1.4.1.66, R8000 before 1.0.4.66, RAX200 before 1.0.3.106, RS400 before 1.5.1.80, XR300 before 1.0.3.68, MK62 before 1.0.6.110, MR60 before 1.0.6.110, R6400v2 before 1.0.4.106, R8000P before 1.4.1.66, RAX20 before 1.0.2.64, RAX45 before 1.0.2.82, RAX80 before 1.0.3.106, MS60 before 1.0.6.110, R6700v3 before 1.0.4.106, R7900P before 1.4.1.66, RAX15 before 1.0.2.64, RAX50 before 1.0.2.82, RAX75 before 1.0.3.106, RBR750 before 3.2.16.22, RBR850 before 3.2.16.22, RBS750 before 3.2.16.22, RBS850 before 3.2.16.22, RBK752 before 3.2.16.22, and RBK852 before 3.2.16.22.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-cbr40_firmwareeax80rax15r6400_firmwarerax50r6900p_firmwareex7500_firmwarer7960prax45rs400r7000_firmwareeax80_firmwarer6700v3rax20r6700v3_firmwarerax20_firmwarer7900peax20_firmwaremr60r6400v2rbs850_firmwarerbr850r7000rax80_firmwarecbr40rbk752_firmwarer7900_firmwarerbk852r7900p_firmwarems60r8000_firmwareex7500rax80rs400_firmwarer8000rax75mk62r6900pr7900r8000prbs850ms60_firmwarerbr750r8000p_firmwarerax200r7000p_firmwarerax200_firmwarerbs750_firmwaremk62_firmwaremr60_firmwarexr300rbr750_firmwareeax20r7000pr6400v2_firmwarexr300_firmwarerbk752rbs750r7960p_firmwarerax15_firmwarerax75_firmwarerax50_firmwarer6400rax45_firmwarerbk852_firmwarerbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-46226
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-7.87% / 91.66%
||
7 Day CHG~0.00%
Published-04 Feb, 2022 | 01:33
Updated-04 Aug, 2024 | 05:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function wget_test.asp. This vulnerability allows attackers to execute arbitrary commands via the url parameter.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-di-7200gv2_firmwaredi-7200gv2n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-28446
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-9.8||CRITICAL
EPSS-13.72% / 94.01%
||
7 Day CHG~0.00%
Published-25 Jul, 2022 | 14:05
Updated-17 Sep, 2024 | 04:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Command Injection

The package ntesseract before 0.2.9 are vulnerable to Command Injection via lib/tesseract.js.

Action-Not Available
Vendor-ntesseract_projectn/a
Product-ntesseractntesseract
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45558
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.14% / 35.42%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:50
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs850rbk752_firmwarerbk752rbs750_firmwarerbr750rbs750rbs850_firmwarerbr850rbk852_firmwarerbr750_firmwarerbk852rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45576
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.23% / 45.98%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:44
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs850rbk752_firmwarerbk752rbs750_firmwarerbr750rbs750rbs850_firmwarerbr850rbk852_firmwarerbr750_firmwarerbk852rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-47104
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 27.67%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 00:00
Updated-09 Sep, 2024 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

tinyfiledialogs (aka tiny file dialogs) before 3.15.0 allows shell metacharacters (such as a backquote or a dollar sign) in titles, messages, and other input data. NOTE: this issue exists because of an incomplete fix for CVE-2020-36767, which only considered single and double quote characters.

Action-Not Available
Vendor-vareillen/avareilleLinux Kernel Organization, Inc
Product-tiny_file_dialogslinux_kerneln/atinyfiledialogs
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-45543
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.11% / 29.47%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:53
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R8000 before 1.0.4.74, RAX200 before 1.0.4.120, R8000P before 1.4.2.84, R7900P before 1.4.2.84, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, and RBK852 before 3.2.17.12.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rax200_firmwarerbs850rbr850_firmwarer8000p_firmwarerax200rbs850_firmwarer8000r7900prbr850rbk852_firmwarerbk852r7900p_firmwarer8000pr8000_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45622
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-2.67% / 85.22%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:34
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, EX7500 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6400 before 1.0.1.70, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.116, R7000P before 1.3.3.140, R7850 before 1.0.5.68, R7900 before 1.0.4.38, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, XR1000 before 1.0.0.58, and XR300 before 1.0.3.68.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-cbr40_firmwareeax80rax15lax20r6400_firmwarerax50r6900p_firmwareex7500_firmwarerax45r7960prs400r7000_firmwarerax40v2_firmwareeax80_firmwarer6700v3rax20r6700v3_firmwarer7900prax20_firmwareeax20_firmwaremr60rax35v2rax43_firmwarerax40v2cbr750r6400v2rbs850_firmwarerbr850r7000rax43rax80_firmwarecbr750_firmwarecbr40rbk752_firmwarer7900_firmwarerbk852r7900p_firmwarems60lax20_firmwarer8000_firmwarexr1000_firmwarerax80ex7500xr1000rs400_firmwarer8000rax75mk62r6900pr7900r8000prbs850ms60_firmwarerbr750r8000p_firmwarer7850rax200r7000p_firmwarerax200_firmwarerbs750_firmwaremk62_firmwarer7850_firmwaremr60_firmwarexr300rbr750_firmwareeax20r7000pr6400v2_firmwarexr300_firmwarerax35v2_firmwarerbk752rbs750r7960p_firmwarerax15_firmwarerax75_firmwarerax50_firmwarerbk852_firmwarerax45_firmwarer6400rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45619
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.86% / 74.21%
||
7 Day CHG+0.48%
Published-26 Dec, 2021 | 00:35
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects EX6200v2 before 1.0.1.86, EX6250 before 1.0.0.134, EX7700 before 1.0.0.216, EX8000 before 1.0.1.232, LBR1020 before 2.6.3.58, LBR20 before 2.6.3.50, R7800 before 1.0.2.80, R8900 before 1.0.5.26, R9000 before 1.0.5.26, RBS50Y before 2.7.3.22, WNR2000v5 before 1.0.0.76, XR700 before 1.0.1.36, EX6150v2 before 1.0.1.98, EX7300 before 1.0.2.158, EX7320 before 1.0.0.134, RAX10 before 1.0.2.88, RAX120 before 1.2.0.16, RAX70 before 1.0.2.88, EX6100v2 before 1.0.1.98, EX6400 before 1.0.2.158, EX7300v2 before 1.0.0.134, R6700AX before 1.0.2.88, RAX120v2 before 1.2.0.16, RAX78 before 1.0.2.88, EX6410 before 1.0.0.134, RBR10 before 2.7.3.22, RBR20 before 2.7.3.22, RBR350 before 4.3.4.7, RBR40 before 2.7.3.22, RBR50 before 2.7.3.22, EX6420 before 1.0.0.134, RBS10 before 2.7.3.22, RBS20 before 2.7.3.22, RBS350 before 4.3.4.7, RBS40 before 2.7.3.22, RBS50 before 2.7.3.22, EX6400v2 before 1.0.0.134, RBK12 before 2.7.3.22, RBK20 before 2.7.3.22, RBK352 before 4.3.4.7, RBK40 before 2.7.3.22, and RBK50 before 2.7.3.22.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rax70rbk12rbk50_firmwareex6150v2_firmwarer8900_firmwarerbr40_firmwarerbr350_firmwareex6410ex6420_firmwareex7300v2_firmwarewnr2000v5_firmwareex6250_firmwarerbk352xr700_firmwareex7300rbk12_firmwarerax10rax120v2rbs40rbs50y_firmwarer8900rbs40_firmwarer9000_firmwarerbr10rax78_firmwarerbs10_firmwareex6410_firmwarelbr1020_firmwarerbs20rbs50_firmwarerbs50yr9000ex6200v2_firmwareex6400v2ex6100v2ex7700_firmwarer7800rax120_firmwarerbs10wnr2000v5r7800_firmwareex6100v2_firmwarerbk20_firmwarelbr1020xr700ex6400ex6200v2rbk20ex6400_firmwareex7300_firmwarerbs20_firmwareex6150v2r6700axrax120v2_firmwareex8000rbk40ex7320_firmwarerbr20rax78rax70_firmwarerbk40_firmwarerax120rax10_firmwareex6400v2_firmwareex6420ex7300v2ex8000_firmwareex6250rbr10_firmwarerbr40rbs50rbs350rbr50_firmwarerbr50ex7700lbr20rbr20_firmwareex7320rbk352_firmwarerbk50rbr350lbr20_firmwarerbs350_firmwarer6700ax_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45585
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.14% / 35.42%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:42
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs850rbk752_firmwarerbk752rbs750_firmwarerbr750rbs750rbs850_firmwarerbr850rbk852_firmwarerbr750_firmwarerbk852rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-46457
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-7.87% / 91.66%
||
7 Day CHG~0.00%
Published-04 Feb, 2022 | 01:33
Updated-04 Aug, 2024 | 05:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function ChgSambaUserSettings. This vulnerability allows attackers to execute arbitrary commands via the samba_name parameter.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-823_pro_firmwaredir-823_pron/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-5606
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-1.07% / 76.87%
||
7 Day CHG~0.00%
Published-04 Jun, 2025 | 19:00
Updated-10 Jun, 2025 | 15:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC18 SetIPTVCfg formSetIptv command injection

A vulnerability was found in Tenda AC18 15.03.05.05. It has been declared as critical. This vulnerability affects the function formSetIptv of the file /goform/SetIPTVCfg. The manipulation of the argument list leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac18ac18_firmwareAC18
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-54424
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.1||HIGH
EPSS-0.15% / 36.89%
||
7 Day CHG+0.11%
Published-01 Aug, 2025 | 23:04
Updated-26 Aug, 2025 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
1Panel Agent Bypasses Certificate Verification Leading to Arbitrary Command Execution

1Panel is a web interface and MCP Server that manages websites, files, containers, databases, and LLMs on a Linux server. In versions 2.0.5 and below, the HTTPS protocol used for communication between the Core and Agent endpoints has incomplete certificate verification during certificate validation, leading to unauthorized interface access. Due to the presence of numerous command execution or high-privilege interfaces in 1Panel, this results in Remote Code Execution (RCE). This is fixed in version 2.0.6. The CVE has been translated from Simplified Chinese using GitHub Copilot.

Action-Not Available
Vendor-FIT2CLOUD Inc.1Panel (FIT2CLOUD Inc.)
Product-1panel1Panel
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-28423
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-9.8||CRITICAL
EPSS-0.49% / 64.39%
||
7 Day CHG~0.00%
Published-02 Aug, 2022 | 13:28
Updated-16 Sep, 2024 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Command Injection

This affects all versions of package monorepo-build.

Action-Not Available
Vendor-monorepo-build_projectn/a
Product-monorepo-buildmonorepo-build
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-57105
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.36% / 57.51%
||
7 Day CHG~0.00%
Published-22 Aug, 2025 | 00:00
Updated-26 Aug, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DI-7400G+ router has a command injection vulnerability, which allows attackers to execute arbitrary commands on the device. The sub_478D28 function in in mng_platform.asp, and sub_4A12DC function in wayos_ac_server.asp of the jhttpd program, with the parameter ac_mng_srv_host.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45733
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-25.81% / 96.05%
||
7 Day CHG~0.00%
Published-04 Feb, 2022 | 01:34
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function NTPSyncWithHost. This vulnerability allows attackers to execute arbitrary commands via the parameter host_time.

Action-Not Available
Vendor-n/aTOTOLINK
Product-x5000r_firmwarex5000rn/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45564
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.14% / 35.42%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:48
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs850rbk752_firmwarerbk752rbs750_firmwarerbr750rbs750rbs850_firmwarerbr850rbk852_firmwarerbr750_firmwarerbk852rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-46228
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-7.87% / 91.66%
||
7 Day CHG~0.00%
Published-04 Feb, 2022 | 01:33
Updated-04 Aug, 2024 | 05:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function httpd_debug.asp. This vulnerability allows attackers to execute arbitrary commands via the time parameter.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-di-7200gv2_firmwaredi-7200gv2n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45589
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.46% / 63.13%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:42
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs850rbk752_firmwarerbk752rbs750_firmwarerbr750rbs750rbs850_firmwarerbr850rbk852_firmwarerbr750_firmwarerbk852rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45618
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-1.53% / 80.56%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:35
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7800 before 1.0.1.64, EX6200v2 before 1.0.1.86, EX6250 before 1.0.0.134, EX7700 before 1.0.0.216, EX8000 before 1.0.1.232, LBR20 before 2.6.3.50, R7800 before 1.0.2.80, R8900 before 1.0.5.26, R9000 before 1.0.5.26, RAX120 before 1.2.0.16, RBS50Y before 1.0.0.56, WNR2000v5 before 1.0.0.76, XR450 before 2.3.2.114, XR500 before 2.3.2.114, XR700 before 1.0.1.36, EX6150v2 before 1.0.1.98, EX7300 before 1.0.2.158, EX7320 before 1.0.0.134, EX6100v2 before 1.0.1.98, EX6400 before 1.0.2.158, EX7300v2 before 1.0.0.134, EX6410 before 1.0.0.134, RBR10 before 2.6.1.44, RBR20 before 2.6.2.104, RBR40 before 2.6.2.104, RBR50 before 2.7.2.102, EX6420 before 1.0.0.134, RBS10 before 2.6.1.44, RBS20 before 2.6.2.104, RBS40 before 2.6.2.104, RBS50 before 2.7.2.102, EX6400v2 before 1.0.0.134, RBK12 before 2.6.1.44, RBK20 before 2.6.2.104, RBK40 before 2.6.2.104, and RBK50 before 2.7.2.102.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbk12ex6150v2_firmwarer8900_firmwarerbr40_firmwareex6410ex6420_firmwareex7300v2_firmwarewnr2000v5_firmwareex6250_firmwarexr500_firmwarexr700_firmwarexr450_firmwareex7300rbk12_firmwarerbs40rbs50y_firmwarer8900r9000_firmwarerbs40_firmwarerbr10rbs10_firmwareex6410_firmwarerbs20rbs50_firmwarerbs50yr9000ex6200v2_firmwareex6400v2ex6100v2ex7700_firmwarer7800rax120_firmwarerbs10wnr2000v5r7800_firmwareex6100v2_firmwarerbk20_firmwareex6400xr700xr450ex6200v2rbk20ex6400_firmwareex7300_firmwarerbs20_firmwared7800ex6150v2ex8000rbk40ex7320_firmwarerbr20rbk40_firmwarerax120xr500ex6400v2_firmwareex6420ex7300v2d7800_firmwareex8000_firmwareex6250rbr10_firmwarerbr40rbs50rbr50_firmwarerbr50ex7700lbr20rbr20_firmwareex7320rbk50lbr20_firmwarerbk50_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45588
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.14% / 35.42%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:42
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs850rbk752_firmwarerbk752rbs750_firmwarerbr750rbs750rbs850_firmwarerbr850rbk852_firmwarerbr750_firmwarerbk852rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45569
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.14% / 35.42%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:46
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs850rbk752_firmwarerbk752rbs750_firmwarerbr750rbs750rbs850_firmwarerbr850rbk852_firmwarerbr750_firmwarerbk852rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-28445
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 61.72%
||
7 Day CHG~0.00%
Published-25 Jul, 2022 | 14:10
Updated-16 Sep, 2024 | 17:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Command Injection

This affects all versions of package npm-help. The injection point is located in line 13 in index.js file in export.latestVersion() function.

Action-Not Available
Vendor-npm-help_projectn/a
Product-npm-helpnpm-help
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45533
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.14% / 34.08%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:55
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects EX6120 before 1.0.0.66, EX6130 before 1.0.0.46, EX7000 before 1.0.1.106, EX7500 before 1.0.1.76, EX3700 before 1.0.0.94, EX3800 before 1.0.0.94, RBR850 before 4.6.3.9, RBS850 before 4.6.3.9, and RBK852 before 4.6.3.9.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-ex7500ex6130_firmwarerbs850_firmwarerbr850ex3800_firmwareex7000ex3700ex7500_firmwarerbs850ex3800ex3700_firmwareex7000_firmwareex6120rbk852_firmwarerbk852ex6130ex6120_firmwarerbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-46227
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-13.88% / 94.05%
||
7 Day CHG~0.00%
Published-04 Feb, 2022 | 01:33
Updated-04 Aug, 2024 | 05:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function proxy_client.asp. This vulnerability allows attackers to execute arbitrary commands via the proxy_srv, proxy_srvport, proxy_lanip, proxy_lanport parameters.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-di-7200gv2_firmwaredi-7200gv2n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45570
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.08% / 23.82%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:46
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs850rbk752_firmwarerbk752rbs750_firmwarerbr750rbs750rbs850_firmwarerbr850rbk852_firmwarerbr750_firmwarerbk852rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45566
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.14% / 35.42%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:48
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs850rbk752_firmwarerbk752rbs750_firmwarerbr750rbs750rbs850_firmwarerbr850rbk852_firmwarerbr750_firmwarerbk852rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-5444
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.56% / 67.24%
||
7 Day CHG~0.00%
Published-02 Jun, 2025 | 12:00
Updated-10 Jun, 2025 | 15:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 RP_UpgradeFWByBBS os command injection

A vulnerability has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 and classified as critical. Affected by this vulnerability is the function RP_UpgradeFWByBBS of the file /goform/RP_UpgradeFWByBBS. The manipulation of the argument type/ch/ssidhex/security/extch/pwd/mode/ip/nm/gw leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Linksys Holdings, Inc.
Product-re6350re6350_firmwarere6500re7000_firmwarere6300_firmwarere6500_firmwarere6300re6250_firmwarere9000_firmwarere7000re6250re9000RE7000RE6350RE9000RE6500RE6300RE6250
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-28436
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-7.3||HIGH
EPSS-0.46% / 63.33%
||
7 Day CHG~0.00%
Published-25 Jul, 2022 | 14:09
Updated-17 Sep, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Command Injection

This affects all versions of package google-cloudstorage-commands.

Action-Not Available
Vendor-google-cloudstorage-commands_projectn/a
Product-google-cloudstorage-commandsgoogle-cloudstorage-commands
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45621
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-1.53% / 80.56%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:34
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 3.2.18.2, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, EX3700 before 1.0.0.94, EX3800 before 1.0.0.94, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7000 before 1.0.1.104, EX7500 before 1.0.0.74, LAX20 before 1.1.6.28, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6300v2 before 1.0.4.52, R6400 before 1.0.1.70, R6400v2 before 1.0.4.106, R6700v3 before 1.0.4.106, R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, R7100LG before 1.0.0.72, R7850 before 1.0.5.74, R7900 before 1.0.4.46, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, R8300 before 1.0.2.154, R8500 before 1.0.2.154, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, XR1000 before 1.0.0.58, and XR300 before 1.0.3.68.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-cbr40_firmwareeax80r6300v2_firmwarerax15lax20r6400_firmwarer6300v2r7100lgex3700rax50r6900p_firmwareex7500_firmwarer7100lg_firmwarerax45r8300r8500_firmwarers400r7960prax40v2_firmwarer7000_firmwareeax80_firmwarer6700v3rax20r6700v3_firmwareex6130r7900prax20_firmwareeax20_firmwaremr60rax35v2rax43_firmwarerax40v2cbr750rbs850_firmwarer6400v2rbr850rax43rax80_firmwarer7000cbr750_firmwarecbr40rbk752_firmwareex3800r7900_firmwareex3700_firmwareex7000_firmwareex6120rbk852r7900p_firmwarems60lax20_firmwarer8000_firmwarexr1000_firmwarerax80xr1000ex7500rs400_firmwarer8000rax75ex7000r6900pex3800_firmwarer7900r8000prbs850ms60_firmwarerbr750r8000p_firmwarer7850rax200r7000p_firmwarerax200_firmwarer8500ex6130_firmwarerbs750_firmwarer7850_firmwaremr60_firmwarer8300_firmwarexr300rbr750_firmwareeax20r7000pr6400v2_firmwarexr300_firmwarerax35v2_firmwarerbk752rbs750r7960p_firmwarerax15_firmwarerax75_firmwarerax50_firmwarerbk852_firmwarerax45_firmwarer6400ex6120_firmwarerbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45583
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.14% / 35.42%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:43
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs850rbk752_firmwarerbk752rbs750_firmwarerbr750rbs750rbs850_firmwarerbr850rbk852_firmwarerbr750_firmwarerbk852rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-55591
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-5.76% / 90.12%
||
7 Day CHG+1.59%
Published-18 Aug, 2025 | 00:00
Updated-21 Aug, 2025 | 14:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK-A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability in the devicemac parameter in the formMapDel endpoint.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a3002ra3002r_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45542
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.11% / 29.47%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:53
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RAX200 before 1.0.4.120, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rax200_firmwarerbs850rax80rax200rbs850_firmwarerax75_firmwarerax75rbr850rax80_firmwarerbk852_firmwarerbk852rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45550
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.6||MEDIUM
EPSS-0.08% / 24.52%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:51
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.78, D6100 before 1.0.0.63, D6220 before 1.0.0.52, D6400 before 1.0.0.86, D7800 before 1.0.1.56, D8500 before 1.0.3.44, DGN2200Bv4 before 1.0.0.109, DGN2200v4 before 1.0.0.110, R6250 before 1.0.4.34, R6300v2 before 1.0.4.34, R6400 before 1.0.1.46, R6400v2 before 1.0.2.66, R6700 before 1.0.2.6, R6700v3 before 1.0.2.66, R6900 before 1.0.2.4, R6900P before 1.3.1.64, R7000 before 1.0.9.42, R7000P before 1.3.1.64, R7100LG before 1.0.0.50, R7300 before 1.0.0.70, R7900 before 1.0.3.8, R7900P before 1.4.1.30, R8000 before 1.0.4.28, R8000P before 1.4.1.30, R8300 before 1.0.2.128, R8500 before 1.0.2.128, WNDR3400v3 before 1.0.1.24, WNR3500Lv2 before 1.2.0.62, and XR500 before 2.3.2.56.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r7300d6000_firmwarer7300_firmwarer8000r6400_firmwared7800r6900pr7100lgr7900r8000pr6900p_firmwarewndr3400d3600_firmwared6220r7100lg_firmwarer8300r8500_firmwaredgn2200r7000_firmwared6100_firmwarer8000p_firmwared6400_firmwared3600xr500_firmwared6220_firmwarer6300_firmwared8500_firmwaredgn2200b_firmwarer6250_firmwarer7900pxr500r7000p_firmwared7800_firmwarer8500d8500wndr3400_firmwaredgn2200br6700r8300_firmwarer7000wnr3500l_firmwared6000r6900d6400r7000pwnr3500ldgn2200_firmwarer6900_firmwarer7900_firmwared6100r6300r6400r6700_firmwarer7900p_firmwarer8000_firmwarer6250n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45568
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.21% / 43.42%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:47
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs850rbk752_firmwarerbk752rbs750_firmwarerbr750rbs750rbs850_firmwarerbr850rbk852_firmwarerbr750_firmwarerbk852rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45538
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.46% / 63.13%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:54
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RAX75 before 1.0.3.106, RAX80 before 1.0.3.106, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rax80rbs750_firmwarerbs850_firmwarerax75rbr850rax80_firmwarerbr750_firmwarerbs850rbk752_firmwarerbk752rbr750rbs750rax75_firmwarerbk852_firmwarerbk852rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2022-24144
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-12.70% / 93.73%
||
7 Day CHG~0.00%
Published-04 Feb, 2022 | 01:33
Updated-03 Aug, 2024 | 04:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function WanParameterSetting. This vulnerability allows attackers to execute arbitrary commands via the gateway, dns1, and dns2 parameters.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ax3ax3_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45614
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-1.53% / 80.56%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:36
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7000v2 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX43 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX35v2 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, and XR1000 before 1.0.0.58.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-xr1000_firmwarerax80xr1000rax15rax75lax20mk62rax50rbs850d7000v2ms60_firmwarerax45rax40v2_firmwarerbr750rax20rax200lax20_firmwarerax20_firmwarerax200_firmwarerbs750_firmwaremk62_firmwaremr60rax35v2rax43_firmwarerax40v2mr60_firmwared7000v2_firmwarerbs850_firmwarerbr850rax43rax80_firmwarerbr750_firmwarerbk752_firmwarerax35v2_firmwarerbk752rbs750rax15_firmwarerax75_firmwarerax50_firmwarerax45_firmwarerbk852_firmwarerbk852ms60rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45536
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.16% / 37.86%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:54
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RAX75 before 1.0.3.106, RAX80 before 1.0.3.106, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rax80rbs750_firmwarerbs850_firmwarerax75rbr850rax80_firmwarerbr750_firmwarerbs850rbk752_firmwarerbk752rbr750rbs750rax75_firmwarerbk852_firmwarerbk852rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-28908
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-7.77% / 91.60%
||
7 Day CHG~0.00%
Published-24 May, 2021 | 12:44
Updated-04 Aug, 2024 | 16:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to nagios.

Action-Not Available
Vendor-n/aNagios Enterprises, LLC
Product-fusionn/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • ...
  • 17
  • 18
  • Next
Details not found