Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-34885

Summary
Assigner-lenovo
Assigner Org ID-da227ddf-6e25-4b41-b023-0f976dcaca4b
Published At-30 Jan, 2023 | 21:43
Updated At-27 Mar, 2025 | 18:49
Rejected At-
Credits

An improper input sanitization vulnerability in the Motorola MR2600 router could allow a local user with elevated permissions to execute arbitrary code.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:lenovo
Assigner Org ID:da227ddf-6e25-4b41-b023-0f976dcaca4b
Published At:30 Jan, 2023 | 21:43
Updated At:27 Mar, 2025 | 18:49
Rejected At:
▼CVE Numbering Authority (CNA)

An improper input sanitization vulnerability in the Motorola MR2600 router could allow a local user with elevated permissions to execute arbitrary code.

Affected Products
Vendor
Motorola Mobility LLC. (Lenovo Group Limited)Motorola
Product
MR2600 Router
Default Status
unaffected
Versions
Affected
  • Versions prior to 1.0.18
Problem Types
TypeCWE IDDescription
CWECWE-20CWE-20 Improper Input Validation
Type: CWE
CWE ID: CWE-20
Description: CWE-20 Improper Input Validation
Metrics
VersionBase scoreBase severityVector
3.17.2HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Motorola recommends updating the Motorola MR2600 router to software version 1.0.18.

Configurations
Workarounds
Exploits
Credits
finder
Motorola thanks Jiaqian Peng from Institute of Information Engineering, Chinese Academy of Science for reporting this vulnerability.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://help.motorolanetwork.com/hc/en-us/articles/8161908477595
N/A
Hyperlink: https://help.motorolanetwork.com/hc/en-us/articles/8161908477595
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://help.motorolanetwork.com/hc/en-us/articles/8161908477595
x_transferred
Hyperlink: https://help.motorolanetwork.com/hc/en-us/articles/8161908477595
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@lenovo.com
Published At:30 Jan, 2023 | 22:15
Updated At:21 Jul, 2023 | 21:05

An improper input sanitization vulnerability in the Motorola MR2600 router could allow a local user with elevated permissions to execute arbitrary code.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.7MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Secondary3.17.2HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Motorola Mobility LLC. (Lenovo Group Limited)
motorola
>>mr2600_firmware>>Versions before 1.0.18(exclusive)
cpe:2.3:o:motorola:mr2600_firmware:*:*:*:*:*:*:*:*
Motorola Mobility LLC. (Lenovo Group Limited)
motorola
>>mr2600>>-
cpe:2.3:h:motorola:mr2600:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE-20Secondarypsirt@lenovo.com
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-20
Type: Secondary
Source: psirt@lenovo.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://help.motorolanetwork.com/hc/en-us/articles/8161908477595psirt@lenovo.com
Patch
Vendor Advisory
Hyperlink: https://help.motorolanetwork.com/hc/en-us/articles/8161908477595
Source: psirt@lenovo.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

299Records found
CVE-2023-20626
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 2.02%
||
7 Day CHG~0.00%
Published-07 Mar, 2023 | 00:00
Updated-06 Mar, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In msdc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07405223; Issue ID: ALPS07405223.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6853mt6893mt8768androidmt6768mt6781mt6889mt6833mt6873mt6739mt6765mt8766mt6761mt6883mt8797mt6885mt6779mt8791mt6877mt8667mt8675mt8765mt6771mt8666mt8789mt8785mt6785MT6739, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6877, MT6883, MT6885, MT6889, MT6893, MT8666, MT8667, MT8675, MT8765, MT8766, MT8768, MT8785, MT8789, MT8791, MT8797
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-20
Improper Input Validation
CVE-2023-20026
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.40% / 59.58%
||
7 Day CHG~0.00%
Published-19 Jan, 2023 | 01:33
Updated-12 Mar, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320 and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to improper validation of user input within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to gain root-level privileges and access unauthorized data. To exploit this vulnerability, an attacker would need to have valid administrative credentials on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv042_firmwarerv042grv042rv016rv082rv042g_firmwarerv016_firmwarerv082_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-20636
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 3.64%
||
7 Day CHG~0.00%
Published-07 Mar, 2023 | 00:00
Updated-06 Mar, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07292593; Issue ID: ALPS07292593.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-androidmt6985mt8781mt6895mt8168MT6895, MT6985, MT8168, MT8781
CWE ID-CWE-20
Improper Input Validation
CVE-2023-20639
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 3.64%
||
7 Day CHG~0.00%
Published-07 Mar, 2023 | 00:00
Updated-06 Mar, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628587; Issue ID: ALPS07628587.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt8768androidmt8781mt6983mt6879mt8765mt8786mt8791tmt6895mt8797mt8766mt8788mt8321mt8789MT6879, MT6895, MT6983, MT8321, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797
CWE ID-CWE-20
Improper Input Validation
CVE-2023-20564
Matching Score-4
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-4
Assigner-Advanced Micro Devices Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 5.72%
||
7 Day CHG~0.00%
Published-15 Aug, 2023 | 21:07
Updated-08 Oct, 2024 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may permit a privileged attacker to perform memory reads/writes potentially leading to a loss of confidentiality or arbitrary kernel execution.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.Microsoft Corporation
Product-ryzen_master_monitoring_sdkwindows_11ryzen_masterwindows_10Ryzen™ Masterryzen
CWE ID-CWE-20
Improper Input Validation
CVE-2023-20621
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 0.92%
||
7 Day CHG~0.00%
Published-07 Mar, 2023 | 00:00
Updated-06 Mar, 2025 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In tinysys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664755; Issue ID: ALPS07664755.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6895mt6893mt6789mt6771androidmt6739mt6885mt6761mt6983mt6762mt6765mt6879mt6883MT6739, MT6761, MT6762, MT6765, MT6771, MT6789, MT6879, MT6883, MT6885, MT6893, MT6895, MT6983
CWE ID-CWE-20
Improper Input Validation
CVE-2023-20009
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 47.45%
||
7 Day CHG+0.02%
Published-16 Feb, 2023 | 15:25
Updated-02 Aug, 2024 | 08:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Web UI and administrative CLI of the Cisco Secure Email Gateway (ESA) and Cisco Secure Email and Web Manager (SMA) could allow an authenticated remote attacker and or authenticated local attacker to escalate their privilege level and gain root access. The attacker has to have a valid user credential with at least a [[privilege of operator - validate actual name]]. The vulnerability is due to the processing of a specially crafted SNMP configuration file. An attacker could exploit this vulnerability by authenticating to the targeted device and uploading a specially crafted SNMP configuration file that when uploaded could allow for the execution of commands as root. An exploit could allow the attacker to gain root access on the device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-secure_email_and_web_manageremail_security_applianceCisco Secure Email and Web ManagerCisco Secure Email
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-20708
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 1.15%
||
7 Day CHG~0.00%
Published-15 May, 2023 | 00:00
Updated-24 Jan, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07581655; Issue ID: ALPS07581655.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6895mt6983mt6757cdmt6769androidmt6877mt8768mt8791tmt6768mt6763mt6739mt6785mt8185mt8766mt6891mt6789mt8797mt8667mt6757cmt6885mt6779mt6757mt8781mt6781mt6853tmt6855mt8789mt6889mt6893mt6833mt6762mt6765mt6735mt8666mt8791mt8385mt6879mt6731mt6757chmt8321mt8786mt6873mt6753mt6853mt8788mt6883mt6737mt6771mt8765mt6875mt6761mt6580MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8185, MT8321, MT8385, MT8666, MT8667, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CWE ID-CWE-20
Improper Input Validation
CVE-2023-20642
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 3.64%
||
7 Day CHG~0.00%
Published-07 Mar, 2023 | 00:00
Updated-06 Mar, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628586; Issue ID: ALPS07628586.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt8768androidmt8781mt6983mt6879mt8765mt8786mt8791tmt6895mt8797mt8766mt8788mt8321mt8789MT6879, MT6895, MT6983, MT8321, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797
CWE ID-CWE-20
Improper Input Validation
CVE-2023-20638
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 3.64%
||
7 Day CHG~0.00%
Published-07 Mar, 2023 | 00:00
Updated-06 Mar, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628537; Issue ID: ALPS07628537.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-androidmt6855mt6853tmt8781mt6833mt6739mt6779mt6885mt6763mt6789mt6875mt6769mt6895mt6761mt8789mt6785mt6853mt6893mt6753mt8768mt6768mt6781mt6889mt6983mt8786mt6873mt6765mt6762mt8766mt8788mt6883mt8797mt6877mt6879mt8765mt8791tmt6771mt8321MT6739, MT6753, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8321, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797
CWE ID-CWE-20
Improper Input Validation
CVE-2023-20634
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 0.45%
||
7 Day CHG~0.00%
Published-07 Mar, 2023 | 00:00
Updated-06 Mar, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In widevine, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07635697; Issue ID: ALPS07635697.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6853mt6893mt8768mt8789androidmt6768mt6781mt6855mt6853tmt6889mt6833mt8786mt6873mt6765mt6762mt8788mt6883mt8797mt6885mt6779mt6789mt6875mt6877mt6769mt6879mt6891mt6785MT6762, MT6765, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT8768, MT8786, MT8788, MT8789, MT8797
CWE ID-CWE-20
Improper Input Validation
CVE-2023-20650
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 3.64%
||
7 Day CHG~0.00%
Published-07 Mar, 2023 | 00:00
Updated-05 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In apu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629577; Issue ID: ALPS07629577.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6853mt6889mt6875mt6873mt6853tmt6877mt6885mt6983mt6895mt6891mt6879mt6883androidmt6893MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983
CWE ID-CWE-20
Improper Input Validation
CVE-2023-20720
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 3.45%
||
7 Day CHG~0.00%
Published-15 May, 2023 | 00:00
Updated-24 Jan, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In pqframework, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629586; Issue ID: ALPS07629586.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6895mt6983mt8673androidmt8195mt8167mt8168MT6895, MT6983, MT8167, MT8168, MT8195, MT8673
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-20
Improper Input Validation
CVE-2023-20045
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.04% / 12.05%
||
7 Day CHG~0.00%
Published-19 Jan, 2023 | 01:39
Updated-02 Aug, 2024 | 08:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web-based management interface of Cisco Small Business RV160 and RV260 Series VPN Routers could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands using root-level privileges on the affected device. To exploit this vulnerability, the attacker must have valid Administrator-level credentials on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv160_vpn_routerrv160w_wireless-ac_vpn_routerrv160_vpn_router_firmwarerv260p_vpn_router_with_poerv160w_wireless-ac_vpn_router_firmwarerv260_vpn_routerrv260_vpn_router_firmwarerv260p_vpn_router_with_poe_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-20
Improper Input Validation
CVE-2023-20643
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 3.64%
||
7 Day CHG~0.00%
Published-07 Mar, 2023 | 00:00
Updated-06 Mar, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628584; Issue ID: ALPS07628584.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6853mt8321mt6893mt8768mt8789androidmt6768mt6781mt8781mt6833mt8786mt6873mt6739mt6765mt6762mt8766mt8788mt8797mt6875mt6877mt6769mt8765mt8791tmt6761mt6891mt6785MT6739, MT6761, MT6762, MT6765, MT6768, MT6769, MT6781, MT6785, MT6833, MT6853, MT6873, MT6875, MT6877, MT6891, MT6893, MT8321, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797
CWE ID-CWE-20
Improper Input Validation
CVE-2023-20707
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 2.72%
||
7 Day CHG~0.00%
Published-15 May, 2023 | 00:00
Updated-24 Jan, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628556; Issue ID: ALPS07628556.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6895mt6757cdmt6769androidmt6877mt8768mt8791tmt6768mt6763mt6739mt6785mt8766mt6891mt6789mt6757cmt6885mt6779mt6757mt8781mt6781mt6853tmt6855mt8789mt6889mt6893mt6833mt6762mt6765mt6735mt6879mt6757chmt8321mt8786mt6873mt6753mt6853mt8788mt6883mt6737mt6771mt8765mt6875mt6761MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT8321, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CWE ID-CWE-20
Improper Input Validation
CVE-2023-20612
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 11.47%
||
7 Day CHG~0.00%
Published-06 Feb, 2023 | 00:00
Updated-26 Mar, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629571; Issue ID: ALPS07629571.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6895mt6769mt8765mt6877mt6739mt6785mt6781mt6855mt8321mt6885mt6889mt6875mt6779mt8768mt8766mt6833mt6768mt6765androidmt6893mt8786mt8788mt8791mt6883mt6853mt8385mt6761mt6762mt6983mt8789mt6771mt6879mt8791tmt6789mt6891mt8797mt6873MT6739, MT6761, MT6762, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8321, MT8385, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797
CWE ID-CWE-20
Improper Input Validation
CVE-2023-20640
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 3.64%
||
7 Day CHG~0.00%
Published-07 Mar, 2023 | 00:00
Updated-06 Mar, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629573; Issue ID: ALPS07629573.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt8791androidmt6983mt6879mt8791tmt6895mt8797MT6879, MT6895, MT6983, MT8791, MT8791T, MT8797
CWE ID-CWE-20
Improper Input Validation
CVE-2023-20641
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 3.64%
||
7 Day CHG~0.00%
Published-07 Mar, 2023 | 00:00
Updated-06 Mar, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629574; Issue ID: ALPS07629574.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt8791androidmt6983mt6879mt8791tmt6895mt8797MT6879, MT6895, MT6983, MT8791, MT8791T, MT8797
CWE ID-CWE-20
Improper Input Validation
CVE-2021-1454
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.11% / 29.63%
||
7 Day CHG~0.00%
Published-24 Mar, 2021 | 20:06
Updated-08 Nov, 2024 | 23:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE SD-WAN Software Parameter Injection Vulnerabilities

Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system with root privileges. These vulnerabilities are due to insufficient input validation of certain CLI commands. An attacker could exploit these vulnerabilities by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated as an administrative user to execute the affected commands. A successful exploit could allow the attacker to access the underlying operating system with root privileges.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeios_xe_sd-wanCisco IOS XE Software
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2020-1619
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-6||MEDIUM
EPSS-0.04% / 10.44%
||
7 Day CHG~0.00%
Published-08 Apr, 2020 | 19:25
Updated-17 Sep, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: QFX10K Series, EX9200 Series, MX Series, PTX Series: Privilege escalation vulnerability in NG-RE.

A privilege escalation vulnerability in Juniper Networks QFX10K Series, EX9200 Series, MX Series, and PTX Series with Next-Generation Routing Engine (NG-RE), allows a local authenticated high privileged user to access the underlying WRL host. This issue only affects QFX10K Series with NG-RE, EX9200 Series with NG-RE, MX Series with NG-RE and PTX Series with NG-RE; which uses vmhost. This issue affects Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S6; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3; 17.2 versions prior to 17.2R1-S9, 17.2R3-S3; 17.3 versions prior to 17.3R2-S5, 17.3R3-S7; 17.4 versions prior to 17.4R2-S7, 17.4R3; 18.1 versions prior to 18.1R3-S4; 18.2 versions prior to 18.2R3; 18.2X75 versions prior to 18.2X75-D50; 18.3 versions prior to 18.3R2; 18.4 versions prior to 18.4R2. To identify whether the device has NG-RE with vmhost, customer can run the following command: > show vmhost status Compute cluster: rainier-re-cc Compute Node: rainier-re-cn, Online If the "show vmhost status" is not supported, then the device does not have NG-RE with vmhost.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junosJunos OS
CWE ID-CWE-264
Not Available
CWE ID-CWE-20
Improper Input Validation
CVE-2024-3101
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 23.97%
||
7 Day CHG~0.00%
Published-10 Apr, 2024 | 17:08
Updated-09 Jul, 2025 | 19:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege Escalation via Improper Input Validation in mintplex-labs/anything-llm

In mintplex-labs/anything-llm, an improper input validation vulnerability allows attackers to escalate privileges by deactivating 'Multi-User Mode'. By sending a specially crafted curl request with the 'multi_user_mode' parameter set to false, an attacker can deactivate 'Multi-User Mode'. This action permits the creation of a new admin user without requiring a password, leading to unauthorized administrative access.

Action-Not Available
Vendor-mintplexlabsmintplex-labsmintplexlabs
Product-anythingllmmintplex-labs/anything-llmanythingllm
CWE ID-CWE-20
Improper Input Validation
CVE-2024-31212
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.32% / 54.16%
||
7 Day CHG+0.04%
Published-04 Apr, 2024 | 23:02
Updated-17 Jan, 2025 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL injection in index_chart_data action

InstantCMS is a free and open source content management system. A SQL injection vulnerability affects instantcms v2.16.2 in which an attacker with administrative privileges can cause the application to execute unauthorized SQL code. The vulnerability exists in index_chart_data action, which receives an input from user and passes it unsanitized to the core model `filterFunc` function that further embeds this data in an SQL statement. This allows attackers to inject unwanted SQL code into the statement. The `period` should be escaped before inserting it in the query. As of time of publication, a patched version is not available.

Action-Not Available
Vendor-instantcmsinstantsoftinstantcms
Product-instantcmsicms2icms2
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE ID-CWE-20
Improper Input Validation
CVE-2020-15375
Matching Score-4
Assigner-Brocade Communications Systems, LLC
ShareView Details
Matching Score-4
Assigner-Brocade Communications Systems, LLC
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 14.80%
||
7 Day CHG~0.00%
Published-11 Dec, 2020 | 20:34
Updated-04 Aug, 2024 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Brocade Fabric OS versions before v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g contain an improper input validation weakness in the command line interface when secccrypptocfg is invoked. The vulnerability could allow a local authenticated user to run arbitrary commands and perform escalation of privileges.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-fabric_operating_systemBrocade Fabric OS
CWE ID-CWE-20
Improper Input Validation
CVE-2022-4573
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 4.96%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 14:34
Updated-06 Sep, 2024 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An SMI handler input validation vulnerability in the ThinkPad X1 Fold Gen 1 could allow an attacker with local access and elevated privileges to execute arbitrary code.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkpad_x1_fold_gen_1thinkpad_x1_fold_gen_1_firmwareThinkPad X1 Fold Gen 1thinkpad_x1_fold_gen_1
CWE ID-CWE-20
Improper Input Validation
CVE-2022-20314
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 0.53%
||
7 Day CHG~0.00%
Published-11 Aug, 2022 | 15:24
Updated-03 Aug, 2024 | 02:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In KeyChain, there is a possible spoof keychain chooser activity request due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-191876118

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-20
Improper Input Validation
CVE-2023-20637
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 3.64%
||
7 Day CHG~0.00%
Published-07 Mar, 2023 | 00:00
Updated-06 Mar, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628588; Issue ID: ALPS07628588.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt8768androidmt8781mt6983mt6879mt8765mt8786mt8791tmt6895mt8797mt8766mt8788mt8321mt8789MT6879, MT6895, MT6983, MT8321, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797
CWE ID-CWE-20
Improper Input Validation
CVE-2022-46372
Matching Score-4
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Matching Score-4
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-7.2||HIGH
EPSS-0.06% / 17.74%
||
7 Day CHG~0.00%
Published-12 Jan, 2023 | 00:00
Updated-08 Apr, 2025 | 14:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Alotcer - AR7088H-A Authenticated Command execution

Alotcer - AR7088H-A firmware version 16.10.3 Command execution Improper validation of unspecified input field may allow Authenticated command execution.

Action-Not Available
Vendor-alotceriotAlotcer
Product-ar7088h-aar7088h-a_firmwareAR7088H-A
CWE ID-CWE-20
Improper Input Validation
CVE-2023-20613
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 11.47%
||
7 Day CHG~0.00%
Published-06 Feb, 2023 | 00:00
Updated-26 Mar, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628614; Issue ID: ALPS07628614.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6895mt6769mt8765mt6877mt6739mt6785mt6781mt6855mt8321mt6885mt6889mt6875mt6779mt8768mt8766mt6833mt6768mt6765androidmt6893mt8786mt8788mt8791mt6883mt6853mt8385mt6761mt6762mt6983mt8789mt6771mt6879mt8791tmt6789mt6891mt8797mt6873MT6739, MT6761, MT6762, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8321, MT8385, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797
CWE ID-CWE-20
Improper Input Validation
CVE-2022-43863
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 13.06%
||
7 Day CHG~0.00%
Published-22 Mar, 2023 | 21:25
Updated-25 Feb, 2025 | 20:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM QRadar SIEM privilege escalation

IBM QRadar SIEM 7.4 and 7.5 is vulnerable to privilege escalation, allowing a user with some admin capabilities to gain additional admin capabilities. IBM X-Force ID: 239425.

Action-Not Available
Vendor-Linux Kernel Organization, IncIBM Corporation
Product-qradar_security_information_and_event_managerlinux_kernelQRadar SIEM
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-42500
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 0.21%
||
7 Day CHG~0.00%
Published-24 Mar, 2023 | 00:00
Updated-25 Feb, 2025 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In OEM_OnRequest of sced.cpp, there is a possible shell command execution due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239701389References: N/A

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-20
Improper Input Validation
CVE-2020-3204
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.06% / 18.55%
||
7 Day CHG~0.00%
Published-03 Jun, 2020 | 17:40
Updated-15 Nov, 2024 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS and IOS XE Software Tcl Arbitrary Code Execution Vulnerability

A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker with privileged EXEC credentials to execute arbitrary code on the underlying operating system (OS) with root privileges. The vulnerability is due to insufficient input validation of data passed to the Tcl interpreter. An attacker could exploit this vulnerability by loading malicious Tcl code on an affected device. A successful exploit could allow the attacker to cause memory corruption or execute the code with root privileges on the underlying OS of the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeiosCisco IOS 12.2(53)SE1
CWE ID-CWE-20
Improper Input Validation
CVE-2024-25641
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-86.11% / 99.35%
||
7 Day CHG~0.00%
Published-13 May, 2024 | 13:28
Updated-13 Feb, 2025 | 17:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cacti RCE vulnerability when importing packages

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permission to execute arbitrary PHP code on the web server. The vulnerability is located within the `import_package()` function defined into the `/lib/import.php` script. The function blindly trusts the filename and file content provided within the XML data, and writes such files into the Cacti base path (or even outside, since path traversal sequences are not filtered). This can be exploited to write or overwrite arbitrary files on the web server, leading to execution of arbitrary PHP code or other security impacts. Version 1.2.27 contains a patch for this issue.

Action-Not Available
Vendor-Fedora ProjectThe Cacti Group, Inc.
Product-cactifedoracacticacti
CWE ID-CWE-20
Improper Input Validation
CVE-2024-23386
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 7.26%
||
7 Day CHG~0.00%
Published-04 Nov, 2024 | 10:04
Updated-16 Nov, 2024 | 04:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Input Validation in Video

memory corruption when WiFi display APIs are invoked with large random inputs.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-fastconnect_7800snapdragon_8_gen_1_mobile_platformwsa8830wcd9380_firmwaresdm429wfastconnect_6900snapdragon_429_mobile_platformfastconnect_6900_firmwarewcn3660bwsa8830_firmwarewsa8835wcn3620_firmwaresdm429w_firmwarewcn3660b_firmwarewsa8835_firmwarewcn3620wcd9380snapdragon_429_mobile_platform_firmwarefastconnect_7800_firmwaresnapdragon_8_gen_1_mobile_platform_firmwareSnapdragonwsa8830_firmwarewcd9380_firmwarewcn3620_firmwaresdm429w_firmwarewcn3660b_firmwarewsa8835_firmwaresnapdragon_429_mobile_platform_firmwarefastconnect_7800_firmwarefastconnect_6900_firmwaresnapdragon_8_gen_1_mobile_platform_firmware
CWE ID-CWE-20
Improper Input Validation
CVE-2022-37336
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.9||HIGH
EPSS-0.02% / 4.41%
||
7 Day CHG~0.00%
Published-11 Aug, 2023 | 02:37
Updated-02 Oct, 2024 | 13:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in BIOS firmware for some Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-nuc_10_performance_kit_nuc10i3fnhfnuc_10_performance_kit_nuc10i5fnhj_firmwarenuc_10_performance_kit_nuc10i3fnk_firmwarenuc_10_performance_kit_nuc10i7fnh_firmwarenuc_10_performance_kit_nuc10i7fnkn_firmwarenuc_10_performance_kit_nuc10i7fnhc_firmwarenuc_10_performance_mini_pc_nuc10i3fnhja_firmwarenuc_10_performance_kit_nuc10i7fnhnuc_10_performance_kit_nuc10i5fnhf_firmwarenuc_10_performance_mini_pc_nuc10i5fnhcanuc_10_performance_kit_nuc10i5fnhnuc_10_performance_kit_nuc10i7fnk_firmwarenuc_10_performance_kit_nuc10i5fnk_firmwarenuc_10_performance_kit_nuc10i3fnknuc_10_performance_kit_nuc10i7fnhnnuc_10_performance_mini_pc_nuc10i5fnkpanuc_10_performance_kit_nuc10i7fnknnuc_10_performance_kit_nuc10i5fnhjnuc_10_performance_mini_pc_nuc10i7fnhaanuc_10_performance_kit_nuc10i5fnh_firmwarenuc_10_performance_kit_nuc10i5fnhfnuc_10_performance_kit_nuc10i5fnkp_firmwarenuc_10_performance_kit_nuc10i5fnkpnuc_10_performance_kit_nuc10i5fnhnnuc_10_performance_mini_pc_nuc10i7fnkpa_firmwarenuc_10_performance_kit_nuc10i3fnhnuc_10_performance_mini_pc_nuc10i7fnhja_firmwarenuc_10_performance_mini_pc_nuc10i7fnkpanuc_10_performance_kit_nuc10i3fnhn_firmwarenuc_10_performance_mini_pc_nuc10i5fnhca_firmwarenuc_10_performance_mini_pc_nuc10i3fnhjanuc_10_performance_kit_nuc10i5fnknuc_10_performance_kit_nuc10i7fnkpnuc_10_performance_kit_nuc10i3fnhnnuc_10_performance_mini_pc_nuc10i7fnhjanuc_10_performance_kit_nuc10i7fnkp_firmwarenuc_10_performance_kit_nuc10i3fnhf_firmwarenuc_10_performance_mini_pc_nuc10i3fnhfa_firmwarenuc_10_performance_kit_nuc10i7fnhcnuc_10_performance_mini_pc_nuc10i7fnhaa_firmwarenuc_10_performance_kit_nuc10i7fnhn_firmwarenuc_10_performance_kit_nuc10i3fnh_firmwarenuc_10_performance_kit_nuc10i7fnknuc_10_performance_mini_pc_nuc10i5fnhjanuc_10_performance_mini_pc_nuc10i5fnkpa_firmwarenuc_10_performance_kit_nuc10i5fnknnuc_10_performance_mini_pc_nuc10i3fnhfanuc_10_performance_kit_nuc10i3fnkn_firmwarenuc_10_performance_mini_pc_nuc10i5fnhja_firmwarenuc_10_performance_kit_nuc10i5fnkn_firmwarenuc_10_performance_kit_nuc10i5fnhn_firmwarenuc_10_performance_kit_nuc10i3fnknIntel(R) NUC
CWE ID-CWE-20
Improper Input Validation
CVE-2022-38123
Matching Score-4
Assigner-Secomea A/S
ShareView Details
Matching Score-4
Assigner-Secomea A/S
CVSS Score-8.7||HIGH
EPSS-0.15% / 35.87%
||
7 Day CHG~0.00%
Published-06 Dec, 2022 | 15:58
Updated-23 Apr, 2025 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insufficient validation of plugin files

Improper Input Validation of plugin files in Administrator Interface of Secomea GateManager allows a server administrator to inject code into the GateManager interface. This issue affects: Secomea GateManager versions prior to 10.0.

Action-Not Available
Vendor-Secomea A/S
Product-gatemanagerGateManager
CWE ID-CWE-20
Improper Input Validation
CVE-2024-22429
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.05% / 14.30%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 15:20
Updated-30 Jan, 2025 | 15:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to arbitrary code execution.

Action-Not Available
Vendor-Dell Inc.
Product-latitude_3189_firmwarelatitude_5590latitude_12_rugged_extreme_7214latitude_5480latitude_5488_firmwarelatitude_3190_2-in-1latitude_5424_rugged_firmwareoptiplex_3050precision_5530_2-in-1_firmwareembedded_box_pc_3000_firmwarelatitude_5290_firmwarelatitude_13_3380latitude_5490_firmwarelatitude_3300optiplex_7450_all-in-one_firmwarelatitude_5488optiplex_7450_all-in-onelatitude_5480_firmwarelatitude_5288_firmwarelatitude_3190latitude_3189edge_gateway_3000latitude_5400wyse_7040_thin_clientlatitude_3390_2-in-1latitude_5280_firmwarewyse_5070embedded_box_pc_3000latitude_7285_2-in-1_firmwareoptiplex_3050_firmwarelatitude_7390_2-in-1_firmwareprecision_3520latitude_7290_firmwareprecision_3420_tower_firmwarelatitude_5414_rugged_firmwarelatitude_5400_firmwareoptiplex_5050_firmwarelatitude_3190_firmwareembedded_box_pc_5000precision_5820_towerprecision_3620_tower_firmwarelatitude_7424_rugged_extremelatitude_7480_firmwareprecision_7720_firmwareprecision_3620_towerprecision_7520latitude_7212_rugged_extreme_tablet_firmwarelatitude_7280latitude_7380_firmwarelatitude_5414_ruggedlatitude_7212_rugged_extreme_tabletlatitude_3180latitude_3190_2-in-1_firmwarelatitude_5424_ruggedlatitude_7280_firmwarelatitude_3300_firmwarelatitude_3180_firmwareprecision_3520_firmwarelatitude_7390_2-in-1edge_gateway_5000_firmwarelatitude_5288precision_5520edge_gateway_5000latitude_5290_2-in-1precision_5820_tower_firmwarelatitude_7285_2-in-1latitude_7390_firmwarelatitude_7490latitude_5290_2-in-1_firmwarelatitude_5290latitude_7290latitude_13_3380_firmwarelatitude_5420_ruggededge_gateway_3000_firmwarelatitude_5590_firmwareprecision_7720latitude_5490precision_7520_firmwarelatitude_5280precision_5530_2-in-1embedded_box_pc_5000_firmwarelatitude_5420_rugged_firmwarelatitude_7414_rugged_firmwareprecision_5520_firmwarewyse_5070_firmwarelatitude_3390_2-in-1_firmwarelatitude_5580latitude_7490_firmwareoptiplex_5050latitude_5580_firmwarelatitude_7390wyse_7040_thin_client_firmwarelatitude_7424_rugged_extreme_firmwareoptiplex_3050_all-in-one_firmwareoptiplex_3050_all-in-onelatitude_7380latitude_7414_ruggedprecision_3420_towerlatitude_12_rugged_extreme_7214_firmwarelatitude_7480CPG BIOSedge_gateway_3000_firmwareprecision_3620_towerlatitude_3180_firmwarelatitude_3189_firmwarelatitude_5280_firmwarelatitude_5424_firmwarelatitude_3300_firmwarelatitude_13_3380latitude_12_rugged_extreme_7214_firmwarelatitude_7212_rugged_extreme_tablet_firmwareprecision_3420_towerlatitude_3390_2-in-1wyse_5070latitude_7414_rugged_extreme_firmwarelatitude_5414_firmware
CWE ID-CWE-20
Improper Input Validation
CVE-2022-34152
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.7||HIGH
EPSS-0.04% / 11.69%
||
7 Day CHG~0.00%
Published-11 Nov, 2022 | 15:48
Updated-05 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC Kits before version TY0070 may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-nuc_board_de3815tybe_firmwarenuc_board_de3815tybenuc_kit_de3815tykhenuc_kit_de3815tykhe_firmwareIntel(R) NUC Boards, Intel(R) NUC Kits
CWE ID-CWE-20
Improper Input Validation
CVE-2022-33945
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-8.2||HIGH
EPSS-0.07% / 20.52%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 19:05
Updated-14 Aug, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in some Intel(R) Server board and Intel(R) Server System BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-compute_module_hns2600bps24compute_module_hns2600bpblc24rserver_board_s2600bpsserver_board_s2600bpqrcompute_module_hns2600bps_firmwarecompute_module_hns2600bpq24_firmwarecompute_module_hns2600bpq_firmwarecompute_module_hns2600bpblc24_firmwareserver_board_s2600bpqr_firmwareserver_system_vrn2224bphy6compute_module_hns2600bpq24r_firmwarecompute_module_hns2600bps24rcompute_module_hns2600bpbserver_board_s2600bpb_firmwarecompute_module_hns2600bpsrcompute_module_liquid-cooled_hns2600bpbrctserver_system_m70klp4s2uhhserver_system_vrn2224bphy6_firmwarecompute_module_hns2600bpblc_firmwarecompute_module_hns2600bpblcrcompute_module_hns2600bpbr_firmwareserver_system_m20ntp1ur304server_system_vrn2224bpaf6compute_module_hns2600bpqrcompute_module_hns2600bpbrserver_system_vrn2224bpaf6_firmwarecompute_module_hns2600bpb_firmwareserver_board_m20ntp2sbserver_board_m10jnp2sb_firmwareserver_board_s2600bpbrserver_system_m70klp4s2uhh_firmwareserver_board_m70klp2sbcompute_module_hns2600bps24_firmwarecompute_module_hns2600bps24r_firmwareserver_system_zsb2224bpaf2compute_module_hns2600bpsr_firmwarecompute_module_hns2600bpb24_firmwareserver_system_mcb2208wfaf5_firmwarecompute_module_liquid-cooled_hns2600bpbrct_firmwareserver_board_s2600bpbr_firmwarecompute_module_hns2600bpqcompute_module_hns2600bpblcr_firmwareserver_board_s2600bpbcompute_module_hns2600bpblc24server_system_zsb2224bphy1_firmwareserver_system_m20ntp1ur304_firmwareserver_board_m70klp2sb_firmwarecompute_module_hns2600bpblc24r_firmwareserver_board_s2600bpqserver_board_m10jnp2sbserver_system_zsb2224bpaf1server_board_s2600bpq_firmwarecompute_module_hns2600bpblcserver_system_zsb2224bpaf1_firmwareserver_board_s2600bpsrcompute_module_hns2600bpqr_firmwareserver_board_s2600bps_firmwarecompute_module_hns2600bpsserver_board_s2600bpsr_firmwarecompute_module_hns2600bpb24server_system_zsb2224bphy1server_system_zsb2224bpaf2_firmwarecompute_module_hns2600bpq24rcompute_module_hns2600bpq24server_board_m20ntp2sb_firmwareserver_system_mcb2208wfaf5Intel(R) Server board and Intel(R) Server System BIOS firmwareserver_system_m70klp_familyserver_board_m10jnp2sb_familyserver_board_s2600bp_familyserver_m20ntp_family
CWE ID-CWE-20
Improper Input Validation
CVE-2024-21519
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-6.6||MEDIUM
EPSS-0.24% / 46.75%
||
7 Day CHG~0.00%
Published-22 Jun, 2024 | 05:00
Updated-01 Aug, 2024 | 22:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This affects versions of the package opencart/opencart from 4.0.0.0. An Arbitrary File Creation issue was identified via the database restoration functionality. By injecting PHP code into the database, an attacker with admin privileges can create a backup file with an arbitrary filename (including the extension), within /system/storage/backup. **Note:** It is less likely for the created file to be available within the web root, as part of the security recommendations for the application suggest moving the storage path outside of the web root.

Action-Not Available
Vendor-opencartn/aopencart
Product-opencartopencart/opencartopencart
CWE ID-CWE-20
Improper Input Validation
CVE-2022-1108
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 25.38%
||
7 Day CHG~0.00%
Published-22 Apr, 2022 | 20:30
Updated-02 Aug, 2024 | 23:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability due to improper buffer validation in the SMI handler LenovoFlashDeviceInterface in Thinkpad X1 Fold Gen 1 could be exploited by an attacker with local access and elevated privileges to execute arbitrary code.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkpad_x1_fold_gen_1thinkpad_x1_fold_gen_1_firmwareThinkPad BIOS
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-0550
Matching Score-4
Assigner-Nozomi Networks Inc.
ShareView Details
Matching Score-4
Assigner-Nozomi Networks Inc.
CVSS Score-8.6||HIGH
EPSS-0.48% / 63.99%
||
7 Day CHG~0.00%
Published-24 Mar, 2022 | 14:15
Updated-20 Sep, 2024 | 11:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated RCE on logo report upload in Guardian/CMC before 22.0.0

Improper Input Validation vulnerability in custom report logo upload in Nozomi Networks Guardian, and CMC allows an authenticated attacker with admin or report manager roles to execute unattended commands on the appliance using web server user privileges. This issue affects: Nozomi Networks Guardian versions prior to 22.0.0. Nozomi Networks CMC versions prior to 22.0.0.

Action-Not Available
Vendor-nozominetworksNozomi Networks
Product-cmcguardianGuardianCMC
CWE ID-CWE-20
Improper Input Validation
CVE-2024-20034
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-7.2||HIGH
EPSS-0.09% / 27.22%
||
7 Day CHG~0.00%
Published-04 Mar, 2024 | 02:43
Updated-22 Apr, 2025 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In battery, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08488849; Issue ID: ALPS08488849.

Action-Not Available
Vendor-MediaTek Inc.Google LLC
Product-mt8167mt8798mt6768mt8168mt6855mt8789mt8321mt8765mt8786mt8768mt8188mt6765mt8797mt6761androidmt8788mt6895mt8791tmt8781mt8766MT6761, MT6765, MT6768, MT6855, MT6895, MT8167, MT8168, MT8188, MT8321, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797, MT8798mt6855mt8765mt8188mt8788mt8791tmt8167mt6765mt6895mt8168mt8798mt8768mt8789mt8781mt6761mt8797mt8321mt6768mt8786mt8766
CWE ID-CWE-20
Improper Input Validation
CVE-2024-20056
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 0.82%
||
7 Day CHG~0.00%
Published-06 May, 2024 | 02:51
Updated-30 Apr, 2025 | 16:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In preloader, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08528185; Issue ID: ALPS08528185.

Action-Not Available
Vendor-rdkcentralMediaTek Inc.Google LLCOpenWrt
Product-mt6880mt6855mt6886mt8678mt6761mt6890mt6989mt6895mt6789mt6873mt6897androidmt6985mt6853mt6739openwrtmt6768mt8673mt6835mt6885mt6893mt6765mt6833mt8666mt6983mt8676mt8667mt6785mt6781rdk-bMT6739, MT6761, MT6765, MT6768, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6880, MT6885, MT6886, MT6890, MT6893, MT6895, MT6897, MT6983, MT6985, MT6989, MT8666, MT8667, MT8673, MT8676, MT8678mt6895mt6886mt6785mt6765mt8676mt6739mt6880mt6835mt6989mt8673mt8667mt6893mt6789mt6873mt6761mt6890mt6781mt8666mt6833mt6985mt6768mt6885mt6983mt6855mt6897mt6853
CWE ID-CWE-20
Improper Input Validation
CVE-2022-0551
Matching Score-4
Assigner-Nozomi Networks Inc.
ShareView Details
Matching Score-4
Assigner-Nozomi Networks Inc.
CVSS Score-8.6||HIGH
EPSS-0.48% / 63.99%
||
7 Day CHG~0.00%
Published-24 Mar, 2022 | 14:15
Updated-20 Sep, 2024 | 11:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated RCE on project configuration import in Guardian/CMC before 22.0.0

Improper Input Validation vulnerability in project file upload in Nozomi Networks Guardian and CMC allows an authenticated attacker with admin or import manager roles to execute unattended commands on the appliance using web server user privileges. This issue affects: Nozomi Networks Guardian versions prior to 22.0.0. Nozomi Networks CMC versions prior to 22.0.0.

Action-Not Available
Vendor-nozominetworksNozomi Networksnozominetworks
Product-cmcguardianGuardianCMCcmcguardian
CWE ID-CWE-20
Improper Input Validation
CVE-2024-0158
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-5.1||MEDIUM
EPSS-0.04% / 13.16%
||
7 Day CHG~0.00%
Published-02 Jul, 2024 | 06:20
Updated-01 Aug, 2024 | 17:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability to modify a UEFI variable, leading to denial of service and escalation of privileges

Action-Not Available
Vendor-Dell Inc.
Product-inspiron_24_5410_all-in-onelatitude_5401optiplex_7770_all-in-onexps_15_9510_firmwareinspiron_7300_firmwarelatitude_3520alienware_m18_r2inspiron_13_5330precision_3561_firmwareinspiron_3030sxps_17_9710_firmwareoptiplex_tower_plus_7010_firmwareprecision_7770_firmwareprecision_7560vostro_14_3440inspiron_14_plus_7430alienware_x14_r2latitude_7380_firmwareoptiplex_all-in-one_7410_firmwarevostro_3888xps_13_9315inspiron_7490vostro_3888_firmwareoptiplex_5090_small_form_factor_firmwareprecision_7540wyse_7040_thin_clientvostro_3030s_firmwareinspiron_15_3511_firmwarewyse_5070latitude_9420alienware_x16_r1precision_5470_firmwarelatitude_5590optiplex_5080inspiron_5502latitude_5511latitude_7390_2-in-1inspiron_7501optiplex_xe4_tower_firmwareprecision_5530_2-in-1chengming_3911_firmwareprecision_5550vostro_14_3430_firmwarexps_17_9700inspiron_16_7630_2-in-1optiplex_3000_microoptiplex_7000_microprecision_7720latitude_5300vostro_3400latitude_3380_firmwareg3_3500optiplex_3000_tower_firmwareprecision_5530_firmwareoptiplex_5050optiplex_micro_7010_firmwarelatitude_7320latitude_7300alienware_m18_r1precision_3620_towerprecision_3431_toweroptiplex_3060_firmwarelatitude_3420latitude_7490_firmwareoptiplex_tower_7010precision_5520latitude_5310_2-in-1_firmwareprecision_3570inspiron_7490_firmwareinspiron_5409latitude_7400latitude_5591optiplex_5270_all-in-one_firmwarelatitude_5430_ruggedlatitude_5531_firmwareoptiplex_5050_firmwareprecision_7520_firmwareoptiplex_7071_firmwarealienware_x16_r2inspiron_14_5410precision_3570_firmwareoptiplex_5070latitude_3400precision_5770_firmwareinspiron_14_7430_2-in-1latitude_3420_firmwareg5_5000vostro_14_5410precision_5480inspiron_14_5420_firmwareoptiplex_3090_firmwareg15_5520_firmwarelatitude_3530inspiron_7506_2-in-1_firmwarexps_13_plus_9320alienware_m16_r1optiplex_7000_small_form_factor_firmwarelatitude_7320_detachable_firmwarelatitude_9410optiplex_7400_all-in-oneoptiplex_7070optiplex_7080_firmwarevostro_16_5630latitude_5420_rugged_firmwarelatitude_5310latitude_5530precision_7680latitude_5431_firmwarelatitude_3301latitude_5420_ruggedoptiplex_7090_ultra_firmwareoptiplex_7450_all-in-one_firmwareg16_7620precision_3450chengming_3900latitude_7390_2-in-1_firmwarelatitude_5495inspiron_5400latitude_7330_firmwarelatitude_7480_firmwarexps_15_9520_firmwarevostro_3020_small_desktopprecision_5680_firmwarevostro_5090precision_5560latitude_7640latitude_3190vostro_15_3520_firmwareoptiplex_5400_all-in-one_firmwarelatitude_7430_firmwarelatitude_3330_firmwarelatitude_5540inspiron_3881_firmwarelatitude_5488latitude_5521vostro_15_3510latitude_7380optiplex_5480_all-in-one_firmwareoptiplex_7000_tower_firmwareprecision_3540precision_5570_firmwareinspiron_3910xps_9315_2-in-1inspiron_3580_firmwarelatitude_7520optiplex_7400_all-in-one_firmwarewyse_5070_firmwarelatitude_3310precision_7520latitude_5290_2-in-1g7_7700_firmwarewyse_5470_all-in-one_firmwareprecision_7820_toweroptiplex_3090latitude_7290latitude_3340vostro_7620_firmwarelatitude_7212_rugged_extreme_tablet_firmwareinspiron_16_7620_2-in-1inspiron_5402latitude_5430_firmwareprecision_7540_firmwarelatitude_7480latitude_7285_2-in-1_firmwarevostro_3401_firmwarevostro_3881wyse_5470_firmwareedge_gateway_5000_firmwareinspiron_24_5411_all-in-one_firmwareinspiron_5593latitude_5420_firmwareprecision_3561inspiron_14_7420_2-in-1precision_5820_tower_firmwareinspiron_3493_firmwareoptiplex_3000_towerlatitude_5440_firmwarelatitude_3190_2-in-1_firmwareprecision_3460_xe_small_form_factor_firmwarevostro_5301precision_7875_tower_firmwarexps_15_9510inspiron_16_plus_7620latitude_7210_2-in-1optiplex_xe3_firmwarevostro_5880precision_3260_compactoptiplex_7070_firmwarealienware_m15_r7_firmwarealienware_m15_r6_firmwareoptiplex_5270_all-in-oneoptiplex_xe3latitude_3301_firmwarelatitude_5491latitude_3140_firmwarelatitude_9520_firmwareprecision_5560_firmwarelatitude_5330vostro_3690_firmwarelatitude_5520_firmwareoptiplex_5480_all-in-oneinspiron_24_5410_all-in-one_firmwarelatitude_7280latitude_5400latitude_5410precision_7865_towerprecision_3541xps_8940latitude_9440_2-in-1precision_7730_firmwareprecision_3551latitude_5401_firmwareoptiplex_all-in-one_7410optiplex_3000_small_form_factor_firmwareprecision_5820_towerprecision_7730inspiron_16_7610_firmwarelatitude_7414_rugged_firmwarevostro_5301_firmwarevostro_5890latitude_7230_rugged_extreme_firmwareembedded_box_pc_3000alienware_m18_r1_firmwareoptiplex_7770_all-in-one_firmwarelatitude_5400_firmwareg16_7630latitude_9330_firmwareinspiron_7700_all-in-oneoptiplex_7460_all_in_one_firmwarelatitude_rugged_7220ex_firmwareinspiron_13_5320precision_3440vostro_5402optiplex_tower_7010_firmwareoptiplex_7090_ultrag5_5000_firmwareoptiplex_7470_all-in-oneprecision_7960_tower_firmwareprecision_3550_firmwarelatitude_3310_firmwarevostro_3690g16_7620_firmwareprecision_3460_small_form_factor_firmwarexps_9315_2-in-1_firmwarelatitude_7530optiplex_3050_firmwareoptiplex_7490_all-in-onevostro_7500alienware_m15_r7precision_7740_firmwarelatitude_7285_2-in-1optiplex_5055_a-serial_firmwareoptiplex_5090_towervostro_15_3530g16_7630_firmwarevostro_3681latitude_3440precision_7920_towerprecision_7780latitude_7400_2-in-1_firmwarevostro_15_7510precision_3530latitude_5411_firmwarelatitude_3510_firmwareinspiron_3593inspiron_13_5310_firmwareoptiplex_7070_ultrainspiron_15_5518_firmwareprecision_7740optiplex_tower_plus_7010precision_5530latitude_7310_firmwareinspiron_16_5640_firmwareoptiplex_3000_thin_clientoptiplex_5055_ryzen_cpu_firmwareinspiron_7306_2-in-1latitude_7530_firmwareoptiplex_3050_all-in-onexps_13_9310_firmwarexps_13_7390_firmwareoptiplex_3280_all-in-oneinspiron_16_plus_7630precision_5760_firmwareinspiron_14_7440_2-in-1vostro_14_3420latitude_3180_firmwareprecision_3580_firmwarevostro_3681_firmwarevostro_3580_firmwarevostro_5890_firmwareinspiron_3910_firmwareinspiron_5406_2-in-1alienware_x16_r2_firmwareprecision_7760_firmwarelatitude_5300_2-in-1_firmwarexps_13_9305_firmwareinspiron_5410optiplex_7760_all-in-onelatitude_7280_firmwarevostro_15_7510_firmwareg7_7700vostro_5502edge_gateway_3000latitude_5280latitude_3540_firmwareoptiplex_7780_all-in-oneinspiron_3501_firmwareinspiron_27_7720_all-in-one_firmwarelatitude_5300_firmwarewyse_7040_thin_client_firmwareinspiron_3880latitude_5480_firmwareoptiplex_7000_xe_microprecision_3930_rackprecision_7865_tower_firmwareprecision_7550xps_17_9720latitude_7440_firmwareoptiplex_small_form_factor_7010inspiron_15_3530_firmwareinspiron_14_plus_7420latitude_5320_firmwareprecision_3581optiplex_3080xps_13_9315_firmwareinspiron_15_3530optiplex_7450_all-in-oneprecision_5750xps_13_9300_firmwareinspiron_27_7710_all-in-one_firmwareoptiplex_7460_all_in_oneprecision_5570vostro_16_5640latitude_7310inspiron_14_5410_firmwarelatitude_5421_firmwarelatitude_7330_rugged_laptopinspiron_7500g15_5511precision_5760latitude_3390_2-in-1_firmwareoptiplex_7480_all-in-onechengming_3990_firmwarelatitude_7414_ruggedprecision_3520_firmwareprecision_3551_firmwareinspiron_3020_small_desktop_firmwarelatitude_9430optiplex_7070_ultra_firmwarevostro_3400_firmwareoptiplex_7060latitude_5290_firmwarelatitude_7424_rugged_extremeoptiplex_7480_all-in-one_firmwareg5_5090_firmwarelatitude_7390latitude_5440vostro_3500precision_3240_compactoptiplex_5055_ryzen_cpuprecision_7750_firmwarelatitude_3520_firmwarevostro_3401vostro_3480_firmwarechengming_3991_firmwareinspiron_16_7630_2-in-1_firmwareprecision_5680inspiron_14_5418inspiron_7400latitude_9430_firmwareprecision_3650_tower_firmwarevostro_14_3420_firmwareinspiron_24_5411_all-in-oneoptiplex_7470_all-in-one_firmwareprecision_3630_tower_firmwarelatitude_7340_firmwarexps_13_9310_2-in-1latitude_7440inspiron_5400_firmwarelatitude_5424_ruggedlatitude_5488_firmwareinspiron_14_5440vostro_15_3520optiplex_7760_all-in-one_firmwarelatitude_9510_2in1inspiron_7500_firmwareprecision_3541_firmwareg5_5500latitude_7330inspiron_14_5420inspiron_7506_2-in-1optiplex_5055_ryzen_apu_firmwarelatitude_5330_firmwareg7_7500precision_3650_towervostro_3881_firmwarelatitude_7200_2-in-1latitude_5511_firmwarelatitude_3430_firmwareoptiplex_5055_a-serialvostro_14_3440_firmwareinspiron_5493precision_7960_towerprecision_3550inspiron_3891_firmwareoptiplex_3090_ultra_firmwareprecision_5480_firmwarexps_13_7390_2-in-1_firmwarelatitude_7420_firmwareoptiplex_5070_firmwareprecision_5860_tower_firmwarelatitude_3390_2-in-1latitude_3310_2-in-1optiplex_3090_ultraoptiplex_5090_tower_firmwarelatitude_5490vostro_5620_firmwareinspiron_16_7610latitude_7330_rugged_laptop_firmwarelatitude_3190_2-in-1optiplex_7071edge_gateway_5000inspiron_3891xps_13_9305optiplex_7000_xe_micro_firmwarelatitude_9410_firmwarelatitude_5280_firmwarelatitude_3180inspiron_7706_2-in-1_firmwareinspiron_13_5330_firmwarelatitude_12_rugged_extreme_7214_firmwarelatitude_5300_2-in-1latitude_7424_rugged_extreme_firmwarelatitude_7220_rugged_extremeoptiplex_3070_firmwareg15_5511_firmwarelatitude_7410_firmwareprecision_3660optiplex_5260_all-in-oneprecision_7720_firmwarelatitude_5310_2-in-1vostro_16_5640_firmwareoptiplex_7090_tower_firmwarevostro_3910inspiron_15_7510_firmwareinspiron_14_5418_firmwareg5_5500_firmwareinspiron_3020_desktoplatitude_7390_firmwarelatitude_5500_firmwarelatitude_5410_firmwarelatitude_5430vostro_5090_firmwarexps_13_7390latitude_3530_firmwarelatitude_3400_firmwarevostro_3890latitude_3510precision_3560_firmwareprecision_3520latitude_5495_firmwareinspiron_3880_firmwareg5_5090optiplex_3050precision_5860_towerprecision_7820_tower_firmwareoptiplex_5080_firmwareinspiron_14_5430inspiron_14_7420_2-in-1_firmwareinspiron_5493_firmwarexps_17_9700_firmwareinspiron_3480_firmwareinspiron_15_7510latitude_7030_rugged_extreme_firmwarelatitude_5530_firmwareoptiplex_7000_micro_firmwareprecision_5470optiplex_5060_firmwareinspiron_16_5630_firmwareoptiplex_3050_all-in-one_firmwarevostro_16_5630_firmwarevostro_3590precision_3470_firmwareoptiplex_small_form_factor_plus_7010inspiron_15_5510vostro_3020_tower_desktop_firmwareinspiron_16_plus_7620_firmwareprecision_7530_firmwarevostro_3583_firmwarelatitude_3190_firmwareoptiplex_5000_tower_firmwareoptiplex_micro_7010optiplex_xe4_towerlatitude_5430_rugged_firmwarexps_13_9300xps_15_9500latitude_5500precision_7550_firmwarelatitude_3500_firmwarechengming_3900_firmwarechengming_3991latitude_5288_firmwareprecision_3260_xe_compact_firmwareprecision_3260_xe_compactinspiron_7501_firmwareoptiplex_5090_small_form_factorg15_5510_firmwarelatitude_5290_2-in-1_firmwarelatitude_7220_rugged_extreme_firmwarelatitude_5501latitude_7400_firmwarevostro_3501vostro_5320_firmwarevostro_15_5510precision_3450_firmwarechengming_3990inspiron_15_3520_firmwareprecision_3460_small_form_factorinspiron_5301precision_3581_firmwarelatitude_5340optiplex_7090_towervostro_3583latitude_5491_firmwareprecision_3470vostro_5880_firmwareprecision_3480xps_17_9710inspiron_3493precision_5750_firmwareoptiplex_small_form_factor_plus_7010_firmwareprecision_7875_toweroptiplex_3060optiplex_5060latitude_5520latitude_3410_firmwarewyse_5470_all-in-oneprecision_7680_firmwarevostro_13_5310_firmwareinspiron_7400_firmwareprecision_3260_compact_firmwarelatitude_7640_firmwareoptiplex_5400_all-in-onelatitude_3320inspiron_3030s_firmwareprecision_3530_firmwareprecision_3580latitude_3540xps_13_9310_2-in-1_firmwarealienware_x14_r2_firmwarelatitude_5580_firmwarevostro_5320latitude_3189vostro_3580inspiron_3020_small_desktopprecision_7750latitude_3430embedded_box_pc_5000embedded_box_pc_3000_firmwarelatitude_3320_firmwareinspiron_3580optiplex_5490_all-in-one_firmwareoptiplex_7080g15_5510inspiron_15_5518vostro_7500_firmwarevostro_14_3430xps_17_9730latitude_9330inspiron_16_7620_2-in-1_firmwarelatitude_5480inspiron_15_3511latitude_7230_rugged_extremelatitude_9440_2-in-1_firmwarelatitude_5414_rugged_firmwarelatitude_5424_rugged_firmwareinspiron_15_3520optiplex_5000_small_form_factor_firmwarechengming_3910_firmwarelatitude_7300_firmwarelatitude_5421inspiron_16_5630latitude_9420_firmwareinspiron_24_5420_all-in-onelatitude_5510inspiron_5401_aio_firmwarelatitude_7030_rugged_extremewyse_5470latitude_7340optiplex_5090_micro_firmwarevostro_3501_firmwareinspiron_3593_firmwareinspiron_14_plus_7430_firmwareoptiplex_7780_all-in-one_firmwarevostro_3710_firmwareprecision_3440_firmwareprecision_5530_2-in-1_firmwareoptiplex_5000_micro_firmwareprecision_3640_firmwarelatitude_3310_2-in-1_firmwareinspiron_16_5620latitude_5320latitude_3330vostro_13_5310optiplex_7000_small_form_factorlatitude_7410latitude_5501_firmwareprecision_3571xps_13_7390_2-in-1optiplex_3280_all-in-one_firmwarexps_15_9500_firmwarelatitude_5411optiplex_5090_microlatitude_12_rugged_extreme_7214precision_7760vostro_3020_tower_desktopxps_17_9720_firmwarealienware_x16_r1_firmwareinspiron_7306_2-in-1_firmwarevostro_3500_firmwarelatitude_7320_detachablelatitude_9520inspiron_5509optiplex_5055_ryzen_apulatitude_3189_firmwarevostro_3590_firmwareinspiron_5406_2-in-1_firmwareinspiron_27_7710_all-in-onelatitude_7420latitude_5290inspiron_7706_2-in-1precision_7670precision_5550_firmwareg7_7500_firmwareinspiron_16_5640inspiron_24_5420_all-in-one_firmwarelatitude_3120_firmwarelatitude_5590_firmwareinspiron_16_plus_7630_firmwareinspiron_16_5620_firmwareprecision_7670_firmwareg15_5530inspiron_5301_firmwarealienware_m18_r2_firmwareprecision_3571_firmwareinspiron_14_5440_firmwareprecision_5540vostro_5620inspiron_3480latitude_7520_firmwarelatitude_5431precision_3930_rack_firmwareoptiplex_3000_thin_client_firmwarevostro_3710latitude_5420precision_3480_firmwareinspiron_7300inspiron_3793_firmwareprecision_3430_tower_firmwareinspiron_5402_firmwareprecision_7560_firmwareoptiplex_micro_plus_7010latitude_3300_firmwarelatitude_3440_firmwarexps_15_9530_firmwarexps_17_9730_firmwarelatitude_7400_2-in-1precision_7770latitude_7210_2-in-1_firmwarexps_13_9310latitude_5510_firmwarelatitude_3340_firmwareinspiron_5410_firmwarelatitude_7212_rugged_extreme_tabletoptiplex_5000_microinspiron_15_5510_firmwareinspiron_14_7430_2-in-1_firmwarevostro_5502_firmwareprecision_3540_firmwarelatitude_3380xps_15_9530latitude_7430g3_3500_firmwareprecision_3431_tower_firmwareoptiplex_3000_small_form_factoroptiplex_3080_firmwarexps_13_plus_9320_firmwarelatitude_3410optiplex_small_form_factor_7010_firmwarevostro_5402_firmwarevostro_15_3510_firmwareprecision_3420_towerinspiron_7700_all-in-one_firmwareinspiron_3881optiplex_7490_all-in-one_firmwarevostro_14_5410_firmwarevostro_15_3530_firmwarelatitude_5531precision_3660_firmwarevostro_3020_small_desktop_firmwareprecision_3420_tower_firmwarechengming_3910optiplex_3000_micro_firmwareoptiplex_5000_small_form_factorprecision_7780_firmwarelatitude_5490_firmwarelatitude_5591_firmwareinspiron_3501inspiron_13_5310latitude_3140latitude_3500latitude_5310_firmwarelatitude_9510_2in1_firmwareinspiron_3793inspiron_27_7720_all-in-oneprecision_3430_towerlatitude_5540_firmwareprecision_5520_firmwarealienware_m15_r6vostro_3890_firmwarexps_15_7590latitude_3300latitude_5580precision_3620_tower_firmwareedge_gateway_3000_firmwareoptiplex_micro_plus_7010_firmwareinspiron_5401_firmwareprecision_5540_firmwareprecision_3460_xe_small_form_factorvostro_15_5510_firmwarexps_15_9520latitude_7320_firmwareoptiplex_5490_all-in-oneinspiron_14_7440_2-in-1_firmwarexps_8940_firmwarelatitude_3120vostro_3480g15_5530_firmwareprecision_3560inspiron_5401_aioprecision_3640optiplex_5260_all-in-one_firmwarelatitude_rugged_7220exinspiron_5509_firmwareinspiron_5593_firmwarelatitude_7200_2-in-1_firmwareprecision_3630_toweralienware_m16_r1_firmwareinspiron_14_5430_firmwareinspiron_3020_desktop_firmwarelatitude_5414_ruggedoptiplex_3070inspiron_13_5320_firmwarevostro_3910_firmwarelatitude_7290_firmwareprecision_5770chengming_3911precision_7530vostro_7620inspiron_5502_firmwarexps_15_7590_firmwareembedded_box_pc_5000_firmwareinspiron_5409_firmwareinspiron_14_plus_7420_firmwareg15_5520latitude_5340_firmwarelatitude_7490latitude_5288optiplex_7000_toweroptiplex_7060_firmwareprecision_3240_compact_firmwarelatitude_5521_firmwareoptiplex_5000_towerinspiron_5401precision_7920_tower_firmwarevostro_3030sCPG BIOS
CWE ID-CWE-20
Improper Input Validation
CVE-2024-12912
Matching Score-4
Assigner-ASUSTeK Computer Incorporation
ShareView Details
Matching Score-4
Assigner-ASUSTeK Computer Incorporation
CVSS Score-7.2||HIGH
EPSS-0.25% / 47.99%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 09:05
Updated-06 Jan, 2025 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper input insertion vulnerability in AiCloud on certain router models may lead to arbitrary command execution. Refer to the '01/02/2025 ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for more information.

Action-Not Available
Vendor-ASUS (ASUSTeK Computer Inc.)
Product-Router
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-20
Improper Input Validation
CVE-2021-4211
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 10.91%
||
7 Day CHG~0.00%
Published-22 Apr, 2022 | 20:30
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability in the SMI callback function used in the SMBIOS event log driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code.

Action-Not Available
Vendor-Lenovo Group Limited
Product-a340-24ickthinkcentre_m90a_\(gen_2\)thinkcentre_m90a_\(gen_2\)_firmwarev30a-24imlthinkcentre_m910xideacentre_aio_3-27itl6_firmwarethinkcentre_m720eideacentre_aio_3-22ada6ideacentre_aio_3-27itl6se30_firmwareideacentre_aio_3-22ada6_firmwarethinkstation_p320a340-22icb_firmwarethinkcentre_m800thinkstation_p320_tinyv410z_firmwareideacentre_510s-07icbthinkcentre_m900thinkcentre_m910sthinkcentre_m710q_firmwarethinkstation_p320_firmwarev520thinkcentre_m710ethinkcentre_m710t_firmwarethinkcentre_m75n_firmwarethinkstation_p310_firmwarethinkcentre_m910qthinkstation_p310thinkcentre_m720e_firmwareideacentre_5-14iob6v530-15icb_firmwareideacentre_510s-07ick_firmwarev530s-07icb_firmwarethinkcentre_m810zthinkcentre_m800_firmwarethinkcentre_m75nthinkcentre_m810z_firmwareideacentre_5-14iob6_firmwarethinkcentre_m710qideacentre_aio_3-22itl6_firmwarethinkcentre_m710tv30a-24iml_firmwarethinkcentre_m70a_firmwarea340-22ickv530-15icrideacentre_aio_3-24ada6_firmwarev530s-07icbthinkcentre_m710e_firmwarethinkcentre_m900_firmwarev530-15icba540-27icbv520s_firmwareideacentre_aio_3-22iil5_firmwareideacentre_510s-07icb_firmwarea340-24ick_firmwarev410zthinkstation_p320_tiny_firmwarea340-24icb_firmwareideacentre_creator_5-14iob6se30thinkcentre_m900x_firmwarea540-27icb_firmwarethinkcentre_m700_tinyv30a-22imlv520_firmwareideacentre_aio_3-24itl6thinkcentre_m710q_\(10yc\)ideacentre_aio_3-24ada6a540-24icbthinkcentre_m70av30a-22iml_firmwarethinkcentre_m820z_firmwareideacentre_aio_3-24itl6_firmwarev530s-07icr_firmwarev540-24iwl_firmwareideacentre_510s-07icka540-24icb_firmwarev530s-07icrthinkcentre_m710s_firmwareideacentre_aio_3-22iil5thinkcentre_m910x_firmwarethinkcentre_m910s_firmwarethinkcentre_m820zthinkcentre_m910t_firmwarev50t-13iob_g2_firmwarev50t-13iob_g2a340-22icbthinkcentre_m710sideacentre_gaming_5-14iob6_firmwarethinkcentre_m900xideacentre_aio_3-24iil5thinkcentre_m710q_\(10yc\)_firmwareideacentre_gaming_5-14iob6v520sideacentre_aio_3-22itl6thinkcentre_m910tv530-15icr_firmwareideacentre_aio_3-24iil5_firmwarethinkcentre_m700_tiny_firmwarethinkcentre_m600_firmwareideacentre_creator_5-14iob6_firmwarea340-24icbv540-24iwlthinkcentre_m600thinkcentre_m910q_firmwarea340-22ick_firmwareBIOS
CWE ID-CWE-20
Improper Input Validation
CVE-2021-4210
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 30.04%
||
7 Day CHG~0.00%
Published-22 Apr, 2022 | 20:30
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability in the SMI callback function used in the NVME driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkstation_p520_firmwareideacentre_aio_3-27itl6_firmwarethinkcentre_m910zideacentre_aio_3-27itl6ideacentre_aio_3-22ada6ideacentre_aio_3-22ada6_firmwarethinkcentre_m800v410z_firmwarethinkcentre_m900ideacentre_g5-14imb05_firmwarethinkstation_p520thinkcentre_m90a_gen2v50t-13imbthinkcentre_x1thinkcentre_m700thinkcentre_m75n_firmwarethinkstation_p310_firmwarethinkstation_p310thinkedge_se30thinkcentre_m700_firmwarethinkcentre_m810zthinkcentre_m800_firmwarethinkcentre_m75nthinkcentre_m810z_firmwareideacentre_aio_3-22itl6_firmwarethinkedge_se30_firmwarethinkcentre_m70a_firmwareideacentre_aio_3-24ada6_firmwarethinkcentre_m900_firmwarea540-27icbstadia_ggp-120_firmwareideacentre_aio_3-22iil5_firmwarev410zstadia_ggp-120ideacentre_c5-14imb05thinkcentre_m900x_firmwarea540-27icb_firmwareideacentre_5-14imb05thinkcentre_m700_tinyideacentre_aio_3-24itl6thinkstation_p520c_firmwarethinkcentre_m90a_gen2_firmwareideacentre_c5-14imb05_firmwarea540-24icbthinkcentre_m70aideacentre_aio_3-24ada6thinkcentre_m820z_firmwareideacentre_aio_3-24itl6_firmwarev540-24iwl_firmwarea540-24icb_firmwareideacentre_aio_3-22iil5ideacentre_5-14imb05_firmwarev50t-13imb_firmwarethinkcentre_m820zthinkcentre_m900xideacentre_aio_3-24iil5thinkcentre_m910z_firmwareideacentre_aio_3-22itl6ideacentre_g5-14imb05thinkcentre_x1_firmwareideacentre_aio_3-24iil5_firmwarethinkcentre_m700_tiny_firmwarev540-24iwlthinkstation_p520cBIOS
CWE ID-CWE-20
Improper Input Validation
CVE-2021-40120
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.48% / 64.19%
||
7 Day CHG~0.00%
Published-04 Nov, 2021 | 15:35
Updated-07 Nov, 2024 | 21:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV Series Routers Command Injection Vulnerability

A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker with administrative privileges to inject arbitrary commands into the underlying operating system and execute them using root-level privileges. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious input to a specific field in the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system as a user with root-level privileges.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv325application_extension_platformrv320rv042rv042grv082rv016ios_xrCisco Small Business RV Series Router Firmware
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found