Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-44606

Summary
Assigner-jpcert
Assigner Org ID-ede6fdc4-6654-4307-a26d-3331c018e2ce
Published At-07 Dec, 2022 | 00:00
Updated At-23 Apr, 2025 | 13:59
Rejected At-
Credits

OS command injection vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:jpcert
Assigner Org ID:ede6fdc4-6654-4307-a26d-3331c018e2ce
Published At:07 Dec, 2022 | 00:00
Updated At:23 Apr, 2025 | 13:59
Rejected At:
▼CVE Numbering Authority (CNA)

OS command injection vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings.

Affected Products
Vendor
UNIMO Technology Co., Ltd
Product
UDR-JA1604/UDR-JA1608/UDR-JA1616
Versions
Affected
  • firmware versions 71x10.1.107112.43A and earlier
Problem Types
TypeCWE IDDescription
textN/AOS Command Injection
Type: text
CWE ID: N/A
Description: OS Command Injection
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.unimo.co.jp/table_notice/index.php?act=1&resid=1666831567-004418
N/A
https://jvn.jp/en/vu/JVNVU94514762/index.html
N/A
Hyperlink: http://www.unimo.co.jp/table_notice/index.php?act=1&resid=1666831567-004418
Resource: N/A
Hyperlink: https://jvn.jp/en/vu/JVNVU94514762/index.html
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.unimo.co.jp/table_notice/index.php?act=1&resid=1666831567-004418
x_transferred
https://jvn.jp/en/vu/JVNVU94514762/index.html
x_transferred
Hyperlink: http://www.unimo.co.jp/table_notice/index.php?act=1&resid=1666831567-004418
Resource:
x_transferred
Hyperlink: https://jvn.jp/en/vu/JVNVU94514762/index.html
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-78CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Type: CWE
CWE ID: CWE-78
Description: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Metrics
VersionBase scoreBase severityVector
3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:vultures@jpcert.or.jp
Published At:07 Dec, 2022 | 04:15
Updated At:23 Apr, 2025 | 14:15

OS command injection vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
unimo
unimo
>>udr-ja1604_firmware>>Versions before 71x10.1.107114.43a(exclusive)
cpe:2.3:o:unimo:udr-ja1604_firmware:*:*:*:*:*:*:*:*
unimo
unimo
>>udr-ja1604>>-
cpe:2.3:h:unimo:udr-ja1604:-:*:*:*:*:*:*:*
unimo
unimo
>>udr-ja1608_firmware>>Versions before 71x10.1.107114.43a(exclusive)
cpe:2.3:o:unimo:udr-ja1608_firmware:*:*:*:*:*:*:*:*
unimo
unimo
>>udr-ja1608>>-
cpe:2.3:h:unimo:udr-ja1608:-:*:*:*:*:*:*:*
unimo
unimo
>>udr-ja1616_firmware>>Versions before 71x10.1.107114.43a(exclusive)
cpe:2.3:o:unimo:udr-ja1616_firmware:*:*:*:*:*:*:*:*
unimo
unimo
>>udr-ja1616>>-
cpe:2.3:h:unimo:udr-ja1616:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-78Primarynvd@nist.gov
CWE-78Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-78
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-78
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.unimo.co.jp/table_notice/index.php?act=1&resid=1666831567-004418vultures@jpcert.or.jp
Vendor Advisory
https://jvn.jp/en/vu/JVNVU94514762/index.htmlvultures@jpcert.or.jp
Third Party Advisory
http://www.unimo.co.jp/table_notice/index.php?act=1&resid=1666831567-004418af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://jvn.jp/en/vu/JVNVU94514762/index.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Hyperlink: http://www.unimo.co.jp/table_notice/index.php?act=1&resid=1666831567-004418
Source: vultures@jpcert.or.jp
Resource:
Vendor Advisory
Hyperlink: https://jvn.jp/en/vu/JVNVU94514762/index.html
Source: vultures@jpcert.or.jp
Resource:
Third Party Advisory
Hyperlink: http://www.unimo.co.jp/table_notice/index.php?act=1&resid=1666831567-004418
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://jvn.jp/en/vu/JVNVU94514762/index.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

1056Records found
CVE-2025-8748
Matching Score-4
Assigner-1b7e193f-2525-49a1-b171-84af8827c9eb
ShareView Details
Matching Score-4
Assigner-1b7e193f-2525-49a1-b171-84af8827c9eb
CVSS Score-8.8||HIGH
EPSS-0.44% / 63.41%
||
7 Day CHG~0.00%
Published-08 Aug, 2025 | 11:09
Updated-05 Nov, 2025 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OS command injection in MiR robots and MiR fleet via crafted HTTP requests

MiR software versions prior to version 3.0.0 are affected by a command injection vulnerability. A malicious HTTP request crafted by an authenticated user could allow the execution of arbitrary commands on the underlying operating system.

Action-Not Available
Vendor-Mobile Industrial Robots
Product-MiR FleetMiR Robots
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-64140
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-8.8||HIGH
EPSS-0.04% / 11.45%
||
7 Day CHG~0.00%
Published-29 Oct, 2025 | 13:29
Updated-22 Dec, 2025 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Azure CLI Plugin 0.9 and earlier does not restrict which commands it executes on the Jenkins controller, allowing attackers with Item/Configure permission to execute arbitrary shell commands.

Action-Not Available
Vendor-Jenkins
Product-azure_cliJenkins Azure CLI Plugin
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-6104
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-2.00% / 83.87%
||
7 Day CHG~0.00%
Published-16 Jun, 2025 | 03:31
Updated-16 Jun, 2025 | 18:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wifi-soft UniBox Controller pms_check.php os command injection

A vulnerability, which was classified as critical, was found in Wifi-soft UniBox Controller up to 20250506. This affects an unknown part of the file /billing/pms_check.php. The manipulation of the argument ipaddress leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Wifi-soft
Product-UniBox Controller
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-43890
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.39% / 80.56%
||
7 Day CHG~0.00%
Published-02 Oct, 2023 | 00:00
Updated-20 Sep, 2024 | 19:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the diagnostic tools page. This vulnerability is exploited via a crafted HTTP request.

Action-Not Available
Vendor-n/aNetis Systems Co., Ltd.
Product-n3mn3m_firmwaren/an3m_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-6103
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-2.00% / 83.87%
||
7 Day CHG~0.00%
Published-16 Jun, 2025 | 03:00
Updated-16 Jun, 2025 | 18:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wifi-soft UniBox Controller test_accesscodelogin.php os command injection

A vulnerability, which was classified as critical, has been found in Wifi-soft UniBox Controller up to 20250506. Affected by this issue is some unknown functionality of the file /billing/test_accesscodelogin.php. The manipulation of the argument Password leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Wifi-soft
Product-UniBox Controller
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-7154
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-5.71% / 90.51%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 00:32
Updated-16 Jul, 2025 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK N200RE cstecgi.cgi sub_41A0F8 os command injection

A vulnerability, which was classified as critical, has been found in TOTOLINK N200RE 9.3.5u.6095_B20200916/9.3.5u.6139_B20201216. Affected by this issue is the function sub_41A0F8 of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument Hostname leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-n200ren200re_firmwareN200RE
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-43959
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-7.99% / 92.17%
||
7 Day CHG~0.00%
Published-17 Oct, 2023 | 00:00
Updated-16 Sep, 2024 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in YeaLinkSIP-T19P-E2 v.53.84.0.15 allows a remote privileged attacker to execute arbitrary code via a crafted request the ping function of the diagnostic component.

Action-Not Available
Vendor-n/aYealink Network Technology Co., Ltd
Product-sip-t19p-e2sip-t19p-e2_firmwaren/asip-t19p-e2_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-57457
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.18% / 39.70%
||
7 Day CHG-0.01%
Published-08 Oct, 2025 | 00:00
Updated-08 Oct, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An OS Command Injection vulnerability in the Admin panel in Curo UC300 5.42.1.7.1.63R1 allows local attackers to inject arbitrary OS Commands via the "IP Addr" parameter.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-56107
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.06% / 17.96%
||
7 Day CHG~0.00%
Published-11 Dec, 2025 | 00:00
Updated-26 Dec, 2025 | 14:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the submit_wifi in file /usr/lib/lua/luci/controller/admin/common_quick_config.lua.

Action-Not Available
Vendor-n/aRuijie Networks Co., Ltd.
Product-rg-bcr600wrg-bcr600w_firmwaren/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-56102
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.60% / 69.63%
||
7 Day CHG~0.00%
Published-11 Dec, 2025 | 00:00
Updated-27 Jan, 2026 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OS Command Injection vulnerability in Ruijie RG-EW1800GX B11P226_EW1800GX_10223121 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.lua.

Action-Not Available
Vendor-n/aRuijie Networks Co., Ltd.
Product-rg-ew1800gx_firmwarerg-ew1800gxrg-ew300r_firmwarerg-ew300rn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-56108
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.29% / 52.21%
||
7 Day CHG~0.00%
Published-11 Dec, 2025 | 00:00
Updated-26 Jan, 2026 | 22:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V1_09241521 allowing attackers to execute arbitrary commands via a crafted POST request to the pwdmodify in file /usr/lib/lua/luci/modules/common.lua.

Action-Not Available
Vendor-n/aRuijie Networks Co., Ltd.
Product-rg-ew300_prorg-ew300_pro_firmwarerg-eap602_firmwarerg-est310_firmwarerg-est310x30_pro_firmwarerg-est350rg-eap602x30_prorg-est350_firmwaren/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-56082
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.23% / 45.57%
||
7 Day CHG~0.00%
Published-11 Dec, 2025 | 00:00
Updated-26 Dec, 2025 | 14:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the check_changes in file /usr/lib/lua/luci/controller/admin/common.lua.

Action-Not Available
Vendor-n/aRuijie Networks Co., Ltd.
Product-rg-bcr600wrg-bcr600w_firmwaren/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-56092
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.16% / 36.63%
||
7 Day CHG~0.00%
Published-11 Dec, 2025 | 00:00
Updated-29 Jan, 2026 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OS Command Injection vulnerability in Ruijie X30 PRO V1 X30-PRO-V1_09241521 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.lua.

Action-Not Available
Vendor-n/aRuijie Networks Co., Ltd.
Product-rg-ew300t_firmwarex30_pro_firmwarerg-ew300tx30_pron/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-56114
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.81% / 74.44%
||
7 Day CHG~0.00%
Published-11 Dec, 2025 | 00:00
Updated-07 Jan, 2026 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OS Command Injection vulnerability in Ruijie M18 EW_3.0(1)B11P226_M18_10223116 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_config/config_retain.lua.

Action-Not Available
Vendor-n/aRuijie Networks Co., Ltd.
Product-rg-ew1300gm18-ew_firmwarem18-ewrg-ew1300g_firmwaren/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-56101
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.21% / 42.95%
||
7 Day CHG~0.00%
Published-11 Dec, 2025 | 00:00
Updated-27 Jan, 2026 | 18:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OS Command Injection vulnerability in Ruijie M18 EW_3.0(1)B11P226_M18_10223116 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.lua.

Action-Not Available
Vendor-n/aRuijie Networks Co., Ltd.
Product-rg-ew1200rm18-ew_firmwarem18-ewrg-ew1200r_firmwaren/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-56091
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.16% / 36.62%
||
7 Day CHG~0.00%
Published-11 Dec, 2025 | 00:00
Updated-27 Jan, 2026 | 17:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OS Command Injection vulnerability in Ruijie RG-EW1800GX B11P226_EW1800GX_10223121 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_config/config_retain.lua.

Action-Not Available
Vendor-n/aRuijie Networks Co., Ltd.
Product-rg-ew1800gx_firmwarerg-ew1800gxrg-ew300r_firmwarerg-ew300rn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-56077
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.60% / 69.63%
||
7 Day CHG~0.00%
Published-11 Dec, 2025 | 00:00
Updated-26 Dec, 2025 | 14:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OS Command Injection vulnerability in Ruijie RG-RAP2200(E) 247 2200 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_sta/nbr_cwmp.lua.

Action-Not Available
Vendor-n/aRuijie Networks Co., Ltd.
Product-reyee_osrg-eap162\(g\)rg-rap2200\(e\)rg-rap2200\(e\)_firmwarerg-rap1260n/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-56090
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.16% / 36.62%
||
7 Day CHG~0.00%
Published-11 Dec, 2025 | 00:00
Updated-27 Jan, 2026 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OS Command Injection vulnerability in Ruijie RG-EW1200G PRO RG-EW1200G PRO V1.00/V2.00/V3.00/V4.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_config/config_retain.lua.

Action-Not Available
Vendor-n/aRuijie Networks Co., Ltd.
Product-rg-ew1200g_pro_firmwarerg-ew1200rrg-ew1200g_prorg-ew1200r_firmwaren/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-56084
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.07% / 22.30%
||
7 Day CHG~0.00%
Published-11 Dec, 2025 | 00:00
Updated-11 Feb, 2026 | 19:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OS Command Injection vulnerability in Ruijie RG-EW1800GX PRO B11P226_EW1800GX-PRO_10223117 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_sta/nbr_cwmp.lua.

Action-Not Available
Vendor-n/aRuijie Networks Co., Ltd.
Product-rg-eap602_firmwarerg-est310_v2_firmwarerg-ew300_proreyee_osrg-est350_v2rg-eap602rg-yst250f_firmwarerg-est310_v2rg-yst250fn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-56087
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.07% / 22.30%
||
7 Day CHG~0.00%
Published-11 Dec, 2025 | 00:00
Updated-26 Dec, 2025 | 14:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the run_tcpdump in file /usr/lib/lua/luci/controller/admin/common_tcpdump.lua.

Action-Not Available
Vendor-n/aRuijie Networks Co., Ltd.
Product-rg-bcr600wrg-bcr600w_firmwaren/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-56109
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.97% / 76.81%
||
7 Day CHG~0.00%
Published-11 Dec, 2025 | 00:00
Updated-26 Jan, 2026 | 20:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the action_wireless in file /usr/lib/lua/luci/control/admin/wireless.lua.

Action-Not Available
Vendor-n/aRuijie Networks Co., Ltd.
Product-rg-bcr860_firmwarerg-bcr860n/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-56093
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.50% / 66.26%
||
7 Day CHG~0.00%
Published-11 Dec, 2025 | 00:00
Updated-27 Jan, 2026 | 17:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V1_09241521 allowing attackers to execute arbitrary commands via a crafted POST request to the setWisp in file /usr/lib/lua/luci/modules/wireless.lua.

Action-Not Available
Vendor-n/aRuijie Networks Co., Ltd.
Product-rg-ew300_prorg-ew300_pro_firmwarerg-eap602_firmwarex30_pro_firmwarerg-eap602x30_pron/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-56127
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.52% / 81.44%
||
7 Day CHG~0.00%
Published-11 Dec, 2025 | 00:00
Updated-18 Dec, 2025 | 02:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the get_wanobj in file /usr/lib/lua/luci/controller/admin/common.lua.

Action-Not Available
Vendor-n/aRuijie Networks Co., Ltd.
Product-rg-bcr600w_firmwarerg-bcr600wn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-5571
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-3.59% / 87.89%
||
7 Day CHG~0.00%
Published-04 Jun, 2025 | 05:31
Updated-15 Jul, 2025 | 17:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DCS-932L setSystemAdmin os command injection

A vulnerability was found in D-Link DCS-932L 2.18.01. It has been classified as critical. Affected is the function setSystemAdmin of the file /setSystemAdmin. The manipulation of the argument AdminID leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-D-Link Corporation
Product-dcs-932ldcs-932l_firmwareDCS-932L
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-56096
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.18% / 38.86%
||
7 Day CHG~0.00%
Published-11 Dec, 2025 | 00:00
Updated-26 Dec, 2025 | 14:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the restart_modules in file /usr/lib/lua/luci/controller/admin/common.lua.

Action-Not Available
Vendor-n/aRuijie Networks Co., Ltd.
Product-rg-bcr600wrg-bcr600w_firmwaren/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-56111
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.52% / 81.44%
||
7 Day CHG~0.00%
Published-11 Dec, 2025 | 00:00
Updated-07 Jan, 2026 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the network_set_wan_conf in file /usr/lib/lua/luci/controller/admin/netport.lua.

Action-Not Available
Vendor-n/aRuijie Networks Co., Ltd.
Product-rg-bcr860rg-bcr860_firmwaren/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-56106
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.16% / 36.62%
||
7 Day CHG~0.00%
Published-11 Dec, 2025 | 00:00
Updated-26 Jan, 2026 | 19:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OS Command Injection vulnerability in Ruijie RG-EW1800GX B11P226_EW1800GX_10223121 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_sta/nbr_cwmp.lua.

Action-Not Available
Vendor-n/aRuijie Networks Co., Ltd.
Product-rg-est350rg-ew1800gxrg-est350_firmwarerg-ew1800gx_firmwaren/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-56110
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.97% / 76.81%
||
7 Day CHG~0.00%
Published-11 Dec, 2025 | 00:00
Updated-26 Jan, 2026 | 19:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the action_deal_update in file /usr/lib/lua/luci/controller/api/rcmsAPI.lua.

Action-Not Available
Vendor-n/aRuijie Networks Co., Ltd.
Product-rg-bcr860_firmwarerg-bcr860n/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-56083
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.23% / 45.57%
||
7 Day CHG~0.00%
Published-11 Dec, 2025 | 00:00
Updated-11 Feb, 2026 | 19:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V1_09241521 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_sta/nbr_networkId_merge.lua.

Action-Not Available
Vendor-n/aRuijie Networks Co., Ltd.
Product-rg-eap602_firmwarerg-est310_v2_firmwarerg-ew300_proreyee_osrg-est350_v2rg-eap602rg-yst250f_firmwarerg-est310_v2rg-yst250fn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-56095
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.16% / 36.62%
||
7 Day CHG~0.00%
Published-11 Dec, 2025 | 00:00
Updated-27 Jan, 2026 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OS Command Injection vulnerability in Ruijie RG-EW1200G PRO RG-EW1200G PRO V1.00/V2.00/V3.00/V4.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_sta/nbr_cwmp.lua.

Action-Not Available
Vendor-n/aRuijie Networks Co., Ltd.
Product-rg-ew1200g_pro_firmwarerg-eap602_firmwarerg-ew1200g_prorg-eap602n/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-56079
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.60% / 69.63%
||
7 Day CHG~0.00%
Published-11 Dec, 2025 | 00:00
Updated-26 Dec, 2025 | 14:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OS Command Injection vulnerability in Ruijie RG-EW1300G EW1300G V1.00/V2.00/V4.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.lua.

Action-Not Available
Vendor-n/aRuijie Networks Co., Ltd.
Product-be50_firmwarerg-ew1300g_firmwarebe50rg-ew1300gn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-56099
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.18% / 38.86%
||
7 Day CHG~0.00%
Published-11 Dec, 2025 | 00:00
Updated-11 Feb, 2026 | 19:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OS Command Injection vulnerability in Ruijie RG-YST AP_3.0(1)B11P280YST250F allowing attackers to execute arbitrary commands via a crafted POST request to the pwdmodify in file /usr/lib/lua/luci/modules/common.lua.

Action-Not Available
Vendor-n/aRuijie Networks Co., Ltd.
Product-rg-eap602_firmwarerg-est310_v2_firmwarerg-ew300_proreyee_osrg-est350_v2rg-eap602rg-yst250f_firmwarerg-est310_v2rg-yst250fn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-56088
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.25% / 48.05%
||
7 Day CHG~0.00%
Published-11 Dec, 2025 | 00:00
Updated-26 Jan, 2026 | 20:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the action_service in file /usr/lib/lua/luci/controller/admin/service.lua.

Action-Not Available
Vendor-n/aRuijie Networks Co., Ltd.
Product-rg-bcr860_firmwarerg-bcr860n/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-55211
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.06% / 19.34%
||
7 Day CHG~0.00%
Published-15 Sep, 2025 | 21:00
Updated-13 Feb, 2026 | 21:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FreePBX Post-Authenticated Command Injection

FreePBX is an open-source web-based graphical user interface. From 17.0.19.11 to before 17.0.21, authenticated users of the Administrator Control Panel (ACP) can run arbitrary shell commands by maliciously changing languages of the framework module. This vulnerability is fixed in 17.0.21.

Action-Not Available
Vendor-Sangoma Technologies Corp.FreePBX
Product-freepbxframework
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-56098
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.60% / 69.63%
||
7 Day CHG~0.00%
Published-11 Dec, 2025 | 00:00
Updated-27 Jan, 2026 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V1_09241521 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.lua.

Action-Not Available
Vendor-n/aRuijie Networks Co., Ltd.
Product-rg-ew300_prox30_prorg-ew300_pro_firmwarex30_pro_firmwaren/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-56130
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.96% / 76.66%
||
7 Day CHG~0.00%
Published-11 Dec, 2025 | 00:00
Updated-31 Dec, 2025 | 01:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OS Command Injection vulnerability in Ruijie RG-S1930 S1930SWITCH_3.0(1)B11P230 allowing attackers to execute arbitrary commands via a crafted POST request to the module_update in file /usr/local/lua/dev_config/ace_sw.lua.

Action-Not Available
Vendor-n/aRuijie Networks Co., Ltd.
Product-rg-nbs5100-24gt4sfp_firmwarerg-s1930_firmwarerg-s1930rg-nbs5100-24gt4sfpn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-56086
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.16% / 36.63%
||
7 Day CHG~0.00%
Published-11 Dec, 2025 | 00:00
Updated-26 Dec, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OS Command Injection vulnerability in Ruijie RG-EW1200 EW_3.0(1)B11P227_EW1200_11130208RG-EW1200 V1.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.lua.

Action-Not Available
Vendor-n/aRuijie Networks Co., Ltd.
Product-rg-x60_firmwarerg-ew1200rg-ew1200_firmwarerg-x60n/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-56094
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.25% / 48.05%
||
7 Day CHG~0.00%
Published-11 Dec, 2025 | 00:00
Updated-27 Jan, 2026 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V1_09241521 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/host_access_delay.lua.

Action-Not Available
Vendor-n/aRuijie Networks Co., Ltd.
Product-rg-ew300_prox30_prorg-ew300_pro_firmwarex30_pro_firmwaren/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-56085
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.60% / 69.63%
||
7 Day CHG~0.00%
Published-11 Dec, 2025 | 00:00
Updated-26 Dec, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OS Command Injection vulnerability in Ruijie RG-EW1200 EW_3.0(1)B11P227_EW1200_11130208RG-EW1200 V1.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_config/config_retain.lua.

Action-Not Available
Vendor-n/aRuijie Networks Co., Ltd.
Product-rg-ew1200rg-ew300_prorg-ew1200_firmwarerg-ew300_pro_firmwaren/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-56097
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.60% / 69.63%
||
7 Day CHG~0.00%
Published-11 Dec, 2025 | 00:00
Updated-27 Jan, 2026 | 17:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OS Command Injection vulnerability in Ruijie RG-EW1800GX PRO B11P226_EW1800GX-PRO_10223117 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_config/config_retain.lua.

Action-Not Available
Vendor-n/aRuijie Networks Co., Ltd.
Product-rg-ew300n_firmwarerg-ew1800gx_pro_firmwarerg-ew1800gx_prorg-ew300nn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-56123
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.81% / 74.44%
||
7 Day CHG~0.00%
Published-11 Dec, 2025 | 00:00
Updated-27 Jan, 2026 | 17:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OS Command Injection vulnerability in Ruijie RG-EW1200G PRO RG-EW1200G PRO V1.00/V2.00/V3.00/V4.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.lua.

Action-Not Available
Vendor-n/aRuijie Networks Co., Ltd.
Product-rg-ew1200g_pro_firmwarerg-ew1300g_firmwarerg-ew1200g_prorg-ew1300gn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-56120
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.60% / 69.63%
||
7 Day CHG~0.00%
Published-11 Dec, 2025 | 00:00
Updated-23 Dec, 2025 | 15:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OS Command Injection vulnerability in Ruijie X60 PRO X60_10212014RG-X60 PRO V1.00/V2.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_config/config_retain.lua.

Action-Not Available
Vendor-n/aRuijie Networks Co., Ltd.
Product-rg-ew1200_firmwarerg-x60_pro_firmwarerg-ew1200rg-x60_pron/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-43068
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.34% / 56.87%
||
7 Day CHG~0.00%
Published-05 Oct, 2023 | 17:16
Updated-19 Sep, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the restricted shell in SSH. An authenticated remote attacker could potentially exploit this vulnerability, leading to execute arbitrary commands.

Action-Not Available
Vendor-Dell Inc.
Product-smartfabric_storage_softwareDell SmartFabric Storage Software
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-56129
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.27% / 79.75%
||
7 Day CHG~0.00%
Published-11 Dec, 2025 | 00:00
Updated-15 Dec, 2025 | 20:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the action_diagnosis in file /usr/lib/lua/luci/controller/admin/diagnosis.lua.

Action-Not Available
Vendor-n/aRuijie Networks Co., Ltd.
Product-rg-bcr860_firmwarerg-bcr860n/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-56122
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.60% / 69.63%
||
7 Day CHG~0.00%
Published-11 Dec, 2025 | 00:00
Updated-23 Dec, 2025 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OS Command Injection vulnerability in Ruijie RG-EW1800GX PRO B11P226_EW1800GX-PRO_10223117 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.lua.

Action-Not Available
Vendor-n/aRuijie Networks Co., Ltd.
Product-rg-ew300n_firmwarerg-ew1800gxrg-ew1800gx_pro_firmwarerg-ew1800gx_prorg-ew300nrg-ew1800gx_firmwaren/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-56089
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.60% / 69.63%
||
7 Day CHG~0.00%
Published-11 Dec, 2025 | 00:00
Updated-27 Jan, 2026 | 18:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OS Command Injection vulnerability in Ruijie M18 EW_3.0(1)B11P226_M18_10223116 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_sta/nbr_cwmp.lua.

Action-Not Available
Vendor-n/aRuijie Networks Co., Ltd.
Product-rg-ew300g_prom18-ew_firmwarerg-ew300g_pro_firmwarem18-ewn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-56118
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.60% / 69.63%
||
7 Day CHG~0.00%
Published-11 Dec, 2025 | 00:00
Updated-23 Dec, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OS Command Injection vulnerability in Ruijie X60 PRO X60_10212014RG-X60 PRO V1.00/V2.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_sta/nbr_cwmp.lua.

Action-Not Available
Vendor-n/aRuijie Networks Co., Ltd.
Product-rg-ew3200gxrg-ew3200gx_firmwarerg-x60_pro_firmwarerg-x60_pron/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-6898
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-1.15% / 78.72%
||
7 Day CHG~0.00%
Published-30 Jun, 2025 | 08:02
Updated-14 Jul, 2025 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DI-7300G+ in proxy_client.asp os command injection

A vulnerability, which was classified as critical, has been found in D-Link DI-7300G+ 19.12.25A1. Affected by this issue is some unknown functionality of the file in proxy_client.asp. The manipulation of the argument proxy_srv/proxy_lanport/proxy_lanip/proxy_srvport leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-D-Link Corporation
Product-di-7300g\+_firmwaredi-7300g\+DI-7300G+
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-53949
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-7||HIGH
EPSS-0.19% / 40.53%
||
7 Day CHG+0.05%
Published-09 Dec, 2025 | 17:19
Updated-26 Feb, 2026 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortisandboxFortiSandbox
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-4249
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.8||HIGH
EPSS-0.54% / 67.76%
||
7 Day CHG~0.00%
Published-08 Nov, 2023 | 22:51
Updated-16 Jan, 2025 | 21:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zavio IP Camera Stack-Based Buffer Overflow

Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 has a command injection vulnerability in their implementation of their binaries and handling of network requests.

Action-Not Available
Vendor-zavioZavio
Product-cf7201cf7300cb5220cf7501cf7500_firmwarecb3211_firmwarecf7300_firmwarecb3212cf7501_firmwareb8220_firmwarecb3212_firmwarecb6231_firmwareb8520cb5220_firmwarecb6231b8220cd321b8520_firmwarecb3211cf7201_firmwarecf7500cd321_firmwareIP Camera B8220IP Camera CB3212IP Camera CB5220IP Camera CD321IP Camera CB3211IP Camera CF7300IP Camera CB6231IP Camera CF7201IP Camera CF7500IP Camera CF7501IP Camera B8520
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
  • Previous
  • 1
  • 2
  • ...
  • 11
  • 12
  • 13
  • ...
  • 21
  • 22
  • Next
Details not found