Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-29120

Summary
Assigner-ASRG
Assigner Org ID-c15abc07-96a9-4d11-a503-5d621bfe42ba
Published At-05 Nov, 2024 | 15:22
Updated At-05 Nov, 2024 | 19:00
Rejected At-
Credits

Unauthorized Remote Command Execution in Enel X Juicebox

Waybox Enel X web management application could be used to execute arbitrary OS commands and provide administrator’s privileges over the Waybox system.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:ASRG
Assigner Org ID:c15abc07-96a9-4d11-a503-5d621bfe42ba
Published At:05 Nov, 2024 | 15:22
Updated At:05 Nov, 2024 | 19:00
Rejected At:
▼CVE Numbering Authority (CNA)
Unauthorized Remote Command Execution in Enel X Juicebox

Waybox Enel X web management application could be used to execute arbitrary OS commands and provide administrator’s privileges over the Waybox system.

Affected Products
Vendor
Enel X
Product
JuiceBox Pro 3.0 22kW Cellular
Modules
  • Web Manager interface
Default Status
unaffected
Versions
Affected
  • From 0 through 2.1.1.0_JB3VU096A (custom)
Problem Types
TypeCWE IDDescription
CWECWE-78CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Type: CWE
CWE ID: CWE-78
Description: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Metrics
VersionBase scoreBase severityVector
3.19.6CRITICAL
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 9.6
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-88CAPEC-88 OS Command Injection
CAPEC ID: CAPEC-88
Description: CAPEC-88 OS Command Injection
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Danila Parnishchev (PCAutomotive)
finder
Anna Breeva (PCAutomotive)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf
N/A
Hyperlink: https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
enel_x
Product
juicebox_pro3.0_22kw_cellular
CPEs
  • cpe:2.3:a:enel_x:juicebox_pro3.0_22kw_cellular:*:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 0 through 2.1.1.0_JB3VU096A (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@asrg.io
Published At:05 Nov, 2024 | 16:15
Updated At:08 Nov, 2024 | 16:09

Waybox Enel X web management application could be used to execute arbitrary OS commands and provide administrator’s privileges over the Waybox system.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary3.19.6CRITICAL
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.6
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CPE Matches
enelx
enelx
>>waybox_pro_firmware>>Versions before 2.1.1.0_jb3vu096a(exclusive)
cpe:2.3:o:enelx:waybox_pro_firmware:*:*:*:*:*:*:*:*
enelx
enelx
>>waybox_pro>>3.0
cpe:2.3:h:enelx:waybox_pro:3.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-78Primarynvd@nist.gov
CWE-78Secondarycve@asrg.io
CWE ID: CWE-78
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-78
Type: Secondary
Source: cve@asrg.io
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdfcve@asrg.io
Vendor Advisory
Hyperlink: https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf
Source: cve@asrg.io
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

132Records found
CVE-2020-10882
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-45.82% / 97.54%
||
7 Day CHG~0.00%
Published-25 Mar, 2020 | 19:15
Updated-04 Aug, 2024 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tdpServer service, which listens on UDP port 20002 by default. When parsing the slave_mac parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the root user. Was ZDI-CAN-9650.

Action-Not Available
Vendor-TP-Link Systems Inc.
Product-ac1750ac1750_firmwareArcher A7
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-21126
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.70% / 71.09%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 15:51
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wac505_firmwarewac510_firmwarewac505wac510n/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-21130
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.70% / 70.98%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 17:35
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wac505_firmwarewac510_firmwarewac505wac510n/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-27004
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-31.35% / 96.61%
||
7 Day CHG~0.00%
Published-15 Mar, 2022 | 21:56
Updated-12 Sep, 2024 | 13:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the Tunnel 6in4 function via the remote6in4 parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a7000r_firmwarex5000r_firmwarex5000ra7000rn/aa7000r_firmwarex5000r_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-27005
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-46.71% / 97.58%
||
7 Day CHG~0.00%
Published-15 Mar, 2022 | 21:56
Updated-12 Sep, 2024 | 13:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the setWanCfg function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a7000r_firmwarex5000r_firmwarex5000ra7000rn/aa7000r_firmwarex5000r_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-26670
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-8.8||HIGH
EPSS-5.77% / 90.12%
||
7 Day CHG~0.00%
Published-07 Apr, 2022 | 18:22
Updated-17 Sep, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DIR-878 - Command Injection

D-Link DIR-878 has inadequate filtering for special characters in the webpage input field. An unauthenticated LAN attacker can perform command injection attack to execute arbitrary system commands to control the system or disrupt service.

Action-Not Available
Vendor-D-Link Corporation
Product-dir-878dir-878_firmwareDIR-878
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-25597
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.19% / 41.25%
||
7 Day CHG+0.01%
Published-07 Apr, 2022 | 18:22
Updated-16 Sep, 2024 | 20:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ASUS RT-AC86U - Command Injection

ASUS RT-AC86U’s LPD service has insufficient filtering for special characters in the user request, which allows an unauthenticated LAN attacker to perform command injection attack, execute arbitrary commands and disrupt or terminate service.

Action-Not Available
Vendor-ASUS (ASUSTeK Computer Inc.)
Product-rt-ac86u_firmwarert-ac86uRT-AC86U
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-20142
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-8.8||HIGH
EPSS-7.77% / 91.58%
||
7 Day CHG~0.00%
Published-09 Dec, 2021 | 15:23
Updated-03 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An unauthenticated command injection vulnerability exists in the parameters of operation 41 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the controller_server service on port 9999.

Action-Not Available
Vendor-gryphonconnectn/a
Product-gryphon_tower_firmwaregryphon_towerGryphon Tower router
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-50216
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.82% / 82.12%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 02:14
Updated-10 Mar, 2025 | 16:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link G416 awsfile tar File Handling Command Injection Remote Code Execution Vulnerability

D-Link G416 awsfile tar File Handling Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21810.

Action-Not Available
Vendor-D-Link Corporation
Product-g416g416_firmwareG416g416
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-22986
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.22% / 44.35%
||
7 Day CHG~0.00%
Published-31 Mar, 2022 | 07:20
Updated-03 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netcommunity OG410X and OG810X series (Netcommunity OG410Xa, OG410Xi, OG810Xa, and OG810Xi firmware Ver.2.28 and earlier) allow an attacker on the adjacent network to execute an arbitrary OS command via a specially crafted config file.

Action-Not Available
Vendor-ntt-eastNIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION (NTT East) and NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION (NTT West)
Product-og810xa_firmwareog410xi_firmwareog810xaog810xiog410xa_firmwareog810xi_firmwareog410xiog410xaNetcommunity OG410X and OG810X series
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-1602
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-7.1||HIGH
EPSS-0.24% / 47.18%
||
7 Day CHG~0.00%
Published-15 Jan, 2020 | 08:40
Updated-16 Sep, 2024 | 16:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS and Junos OS Evolved: A vulnerability in JDHCPD allows an attacker to send crafted IPv4 packets may take over the code execution of the JDHCPD process.

When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv4 packets who may remotely take over the code execution of the JDHDCP process. This issue affect IPv4 JDHCPD services. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D592; 16.1 versions prior to 16.1R7-S6; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R2-S8, 17.2R3-S3; 17.3 versions prior to 17.3R3-S6; 17.4 versions prior to 17.4R2-S7, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3-S2; 18.2X75 versions prior to 18.2X75-D60; 18.3 versions prior to 18.3R1-S6, 18.3R2-S2, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S3, 19.2R2*. and All versions prior to 19.3R1 on Junos OS Evolved. This issue do not affect versions of Junos OS prior to 15.1, or JDHCPD operating as a local server in non-relay mode.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junosJunos OSJunos OS Evolved
CWE ID-CWE-416
Use After Free
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-1605
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-8.8||HIGH
EPSS-0.21% / 42.81%
||
7 Day CHG~0.00%
Published-15 Jan, 2020 | 08:40
Updated-17 Sep, 2024 | 00:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS and Junos OS Evolved: A vulnerability in JDHCPD allows an attacker to send crafted IPv4 packets and arbitrarily execute commands on the target device.

When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv4 packets who may then arbitrarily execute commands as root on the target device. This issue affects IPv4 JDHCPD services. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D592; 16.1 versions prior to 16.1R7-S6; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R2-S8, 17.2R3-S3; 17.3 versions prior to 17.3R3-S6; 17.4 versions prior to 17.4R2-S7, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3-S2; 18.2X75 versions prior to 18.2X75-D60; 18.3 versions prior to 18.3R1-S6, 18.3R2-S2, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S3, 19.2R2*. and All versions prior to 19.3R1 on Junos OS Evolved. This issue do not affect versions of Junos OS prior to 15.1, or JDHCPD operating as a local server in non-relay mode.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junosJunos OSJunos OS Evolved
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-44403
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.73% / 81.70%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 02:13
Updated-12 Mar, 2025 | 17:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-1325 HNAP SetWLanRadioSettings Channel Command Injection Remote Code Execution Vulnerability

D-Link DAP-1325 HNAP SetWLanRadioSettings Channel Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of a request parameter provided to the HNAP1 SOAP endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18822.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-1325_firmwaredap-1325DAP-1325dap-1325
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-1609
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-8.8||HIGH
EPSS-0.20% / 42.60%
||
7 Day CHG~0.00%
Published-15 Jan, 2020 | 08:40
Updated-16 Sep, 2024 | 19:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS and Junos OS Evolved: A vulnerability in JDHCPD allows an attacker to send crafted IPv6 packets and arbitrarily execute commands on the target device.

When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv6 packets who may then arbitrarily execute commands as root on the target device. This issue affects IPv6 JDHCPD services. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D592; 16.1 versions prior to 16.1R7-S6; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R2-S8, 17.2R3-S3; 17.3 versions prior to 17.3R3-S6; 17.4 versions prior to 17.4R2-S7, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3-S2; 18.2X75 versions prior to 18.2X75-D60; 18.3 versions prior to 18.3R1-S6, 18.3R2-S2, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S3, 19.2R2*. and All versions prior to 19.3R1 on Junos OS Evolved. This issue do not affect versions of Junos OS prior to 15.1, or JDHCPD operating as a local server in non-relay mode.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junosJunos OSJunos OS Evolved
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-25757
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.52% / 65.78%
||
7 Day CHG~0.00%
Published-15 Dec, 2020 | 19:27
Updated-04 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A lack of input validation and access controls in Lua CGIs on D-Link DSR VPN routers may result in arbitrary input being passed to system command APIs, resulting in arbitrary command execution with root privileges. This affects DSR-150, DSR-250, DSR-500, and DSR-1000AC with firmware 3.14 and 3.17.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dsr-500_firmwaredsr-1000_firmwaredsr-500dsr-500n_firmwaredsr-150dsr-250ndsr-150ndsr-250n_firmwaredsr-1000n_firmwaredsr-250dsr-150n_firmwaredsr-500acdsr-1000ac_firmwaredsr-150_firmwaredsr-1000dsr-1000acdsr-500ac_firmwaredsr-500ndsr-250_firmwaredsr-1000nn/a
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-41191
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.47% / 80.08%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 02:11
Updated-12 Mar, 2025 | 17:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-1325 HNAP SetAPLanSettings Mode Command Injection Remote Code Execution Vulnerability

D-Link DAP-1325 HNAP SetAPLanSettings Mode Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of a request parameter provided to the HNAP1 SOAP endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18811.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-1325_firmwaredap-1325DAP-1325dap-1325_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-38568
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.13% / 33.61%
||
7 Day CHG~0.00%
Published-06 Sep, 2023 | 09:23
Updated-26 Sep, 2024 | 20:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504' allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands.

Action-Not Available
Vendor-TP-Link Systems Inc.
Product-archer_a10archer_a10_firmwareArcher A10archer_a10_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-53939
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-2.78% / 85.48%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 00:00
Updated-03 Dec, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. The /cgi-bin/luci/admin/opsw/Dual_freq_un_apple endpoint is vulnerable to command injection through the 2.4 GHz and 5 GHz name parameters, allowing an attacker to execute arbitrary commands on the device (with root-level permissions) via crafted input.

Action-Not Available
Vendor-n/avicture
Product-n/arx1800_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-35723
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.66% / 70.22%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 01:57
Updated-15 May, 2025 | 12:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DIR-X3260 prog.cgi SOAPAction Command Injection Remote Code Execution Vulnerability

D-Link DIR-X3260 prog.cgi SOAPAction Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the SOAPAction request header provided to the prog.cgi endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20983.

Action-Not Available
Vendor-D-Link Corporation
Product-dir-x3260_firmwaredir-x3260DIR-X3260dir-x3260
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-51023
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.34% / 55.62%
||
7 Day CHG~0.00%
Published-05 Nov, 2024 | 00:00
Updated-07 May, 2025 | 14:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR_823G 1.0.2B05 was discovered to contain a command injection vulnerability via the Address parameter in the SetNetworkTomographySettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-823g_firmwaredir-823gn/adir_823g_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-50852
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-7.98% / 91.72%
||
7 Day CHG~0.00%
Published-13 Nov, 2024 | 00:00
Updated-21 Nov, 2024 | 16:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSetUSBPartitionUmount function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-g3g3_firmwaren/ag3
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-34139
Matching Score-4
Assigner-Zyxel Corporation
ShareView Details
Matching Score-4
Assigner-Zyxel Corporation
CVSS Score-8.8||HIGH
EPSS-0.22% / 44.33%
||
7 Day CHG~0.00%
Published-17 Jul, 2023 | 17:36
Updated-29 Oct, 2024 | 16:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A command injection vulnerability in the Free Time WiFi hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.36 Patch 2 and VPN series firmware versions 4.20 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-usg_flex_50w_firmwarezywall_vpn_300zywall_vpn_50_firmwarezywall_vpn_50usg_flex_200usg_flex_500_firmwareusg_2200-vpn_firmwareusg_flex_100usg_flex_100w_firmwarezywall_vpn300_firmwareusg_flex_100_firmwareusg_flex_200_firmwareusg_2200-vpnusg_flex_50wzywall_vpn50usg_flex_50_firmwarezywall_vpn300zywall_vpn100_firmwarezywall_vpn_300_firmwarezywall_vpn100usg_flex_700_firmwarezywall_vpn_100zywall_vpn2susg_flex_700zywall_vpn2s_firmwareusg_flex_100wzywall_vpn50_firmwareusg_flex_500usg_flex_50zywall_vpn_100_firmwareUSG FLEX series firmwareVPN series firmwarevpn_firmwareusg_flex_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-33012
Matching Score-4
Assigner-Zyxel Corporation
ShareView Details
Matching Score-4
Assigner-Zyxel Corporation
CVSS Score-8.8||HIGH
EPSS-5.08% / 89.39%
||
7 Day CHG~0.00%
Published-17 Jul, 2023 | 17:23
Updated-05 Mar, 2025 | 18:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN series firmware versions 5.00 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands by using a crafted GRE configuration when the cloud management mode is enabled.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-zywall_vpn_300zywall_atp700zywall_atp700_firmwarezywall_vpn_50_firmwarezywall_atp800zywall_vpn_50usg_flex_200zywall_atp100_firmwareusg_flex_500_firmwareusg_2200-vpn_firmwareusg_flex_100usg_flex_100w_firmwarezywall_vpn300_firmwareusg_flex_200_firmwareusg_2200-vpnzywall_atp200zywall_vpn50zywall_vpn100_firmwarezywall_vpn100usg_flex_700zywall_atp100w_firmwareusg_flex_100wzywall_atp800_firmwareusg_flex_50w_firmwarezywall_atp200_firmwareusg_20w-vpnzywall_atp500usg_20w-vpn_firmwarezywall_atp100usg_flex_100_firmwarezywall_atp100wzywall_atp500_firmwareusg_flex_50wusg_flex_50_firmwarezywall_vpn300zywall_vpn_300_firmwareusg_flex_700_firmwarezywall_vpn_100zywall_vpn2szywall_vpn2s_firmwarezywall_vpn50_firmwareusg_flex_500usg_flex_50zywall_vpn_100_firmwareUSG FLEX 50(W) series firmwareATP series firmwareVPN series firmwareUSG20(W)-VPN series firmwareUSG FLEX series firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-53940
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.39% / 79.61%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 00:00
Updated-03 Dec, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. Certain /cgi-bin/luci/admin endpoints are vulnerable to command injection. Attackers can exploit this by sending crafted payloads through parameters intended for the ping utility, enabling arbitrary command execution with root-level permissions on the device.

Action-Not Available
Vendor-n/avicture
Product-n/arx1800_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-48826
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-3.14% / 86.34%
||
7 Day CHG~0.00%
Published-28 Oct, 2024 | 00:00
Updated-17 Mar, 2025 | 14:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC7 v.15.03.06.44 ate_iwpriv_set has pre-authentication command injection allowing remote attackers to execute arbitrary code.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac7ac7_firmwaren/aac7_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-27256
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.56% / 67.15%
||
7 Day CHG~0.00%
Published-05 Mar, 2021 | 20:00
Updated-03 Aug, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the rc_service parameter provided to apply_save.cgi. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12355.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-br500_firmwarerbk12rbk43sbr500ex6150v2_firmwarer8900_firmwarerbr40_firmwarerbk23_firmwarerbk14_firmwarerbk15_firmwareex6410ex6420_firmwareex7300v2_firmwarebr200_firmwareex6250_firmwarerbk53_firmwarexr500_firmwarexr700_firmwarerbk15xr450_firmwareex7300rbk12_firmwarerbs40rbs50y_firmwarer8900rbs40_firmwarer9000_firmwarerbr10rbs10_firmwarerbk43_firmwareex6410_firmwarerbs20rbs50_firmwarerbs50yr9000ex6400v2ex6100v2ex7700_firmwarer7800rbk23rbs10r7800_firmwareex6100v2_firmwarerbk20_firmwarexr450xr700ex6400rbk43s_firmwarerbk20ex6400_firmwarerbk14ex7300_firmwarerbk44_firmwarerbs20_firmwarebr200d7800rbk44ex6150v2ex8000rbk40ex7320_firmwarerbr20rbk40_firmwarerbk13xr500ex6400v2_firmwareex6420ex7300v2d7800_firmwarerbk43ex8000_firmwareex6250rbr10_firmwarerbr40rbs50rbr50_firmwarerbr50ex7700rbk13_firmwarelbr20rbr20_firmwareex7320rbk50rbk53lbr20_firmwarerbk50_firmwareR7800
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-20731
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.33% / 55.01%
||
7 Day CHG~0.00%
Published-09 Jun, 2021 | 01:05
Updated-03 Aug, 2024 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WSR-1166DHP3 firmware Ver.1.16 and prior and WSR-1166DHP4 firmware Ver.1.02 and prior allow an attacker to execute arbitrary OS commands with root privileges via unspecified vectors.

Action-Not Available
Vendor-BUFFALO INC.
Product-wsr-1166dhp3_firmwarewsr-1166dhp4wsr-1166dhp3wsr-1166dhp4_firmwareWSR-1166DHP3 and WSR-1166DHP4
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-20140
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-8.8||HIGH
EPSS-7.77% / 91.58%
||
7 Day CHG~0.00%
Published-09 Dec, 2021 | 15:22
Updated-03 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An unauthenticated command injection vulnerability exists in the parameters of operation 10 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the controller_server service on port 9999.

Action-Not Available
Vendor-gryphonconnectn/a
Product-gryphon_tower_firmwaregryphon_towerGryphon Tower router
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-20139
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-8.8||HIGH
EPSS-7.77% / 91.58%
||
7 Day CHG~0.00%
Published-09 Dec, 2021 | 15:24
Updated-03 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An unauthenticated command injection vulnerability exists in the parameters of operation 3 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the controller_server service on port 9999.

Action-Not Available
Vendor-gryphonconnectn/a
Product-gryphon_tower_firmwaregryphon_towerGryphon Tower router
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-20141
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-8.8||HIGH
EPSS-7.77% / 91.58%
||
7 Day CHG~0.00%
Published-09 Dec, 2021 | 15:23
Updated-03 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An unauthenticated command injection vulnerability exists in the parameters of operation 32 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the controller_server service on port 9999.

Action-Not Available
Vendor-gryphonconnectn/a
Product-gryphon_tower_firmwaregryphon_towerGryphon Tower router
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-20138
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-8.8||HIGH
EPSS-8.18% / 91.83%
||
7 Day CHG~0.00%
Published-09 Dec, 2021 | 15:24
Updated-03 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An unauthenticated command injection vulnerability exists in multiple parameters in the Gryphon Tower router’s web interface at /cgi-bin/luci/rc. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the web interface.

Action-Not Available
Vendor-gryphonconnectn/a
Product-gryphon_tower_firmwaregryphon_towerGryphon Tower router
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-33343
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-7.87% / 91.65%
||
7 Day CHG~0.00%
Published-26 Apr, 2024 | 00:00
Updated-02 Aug, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-822+ V1.0.5 was found to contain a command injection in ChgSambaUserSettings function of prog.cgi, which allows remote attackers to execute arbitrary commands via shell.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-n/adir-822_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found