Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-34420

Summary
Assigner-lenovo
Assigner Org ID-da227ddf-6e25-4b41-b023-0f976dcaca4b
Published At-26 Jun, 2023 | 19:45
Updated At-04 Dec, 2024 | 14:33
Rejected At-
Credits

A valid, authenticated LXCA user with elevated privileges may be able to execute command injections through crafted calls to a specific web API.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:lenovo
Assigner Org ID:da227ddf-6e25-4b41-b023-0f976dcaca4b
Published At:26 Jun, 2023 | 19:45
Updated At:04 Dec, 2024 | 14:33
Rejected At:
▼CVE Numbering Authority (CNA)

A valid, authenticated LXCA user with elevated privileges may be able to execute command injections through crafted calls to a specific web API.

Affected Products
Vendor
Lenovo Group LimitedLenovo
Product
Lenovo XClarity Administrator
Default Status
unaffected
Versions
Affected
  • Versions prior to 4.0
Problem Types
TypeCWE IDDescription
CWECWE-78CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Type: CWE
CWE ID: CWE-78
Description: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Metrics
VersionBase scoreBase severityVector
3.17.2HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Update LXCA to version 4.0 or later.

Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.lenovo.com/us/en/product_security/LEN-98715
N/A
Hyperlink: https://support.lenovo.com/us/en/product_security/LEN-98715
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.lenovo.com/us/en/product_security/LEN-98715
x_transferred
Hyperlink: https://support.lenovo.com/us/en/product_security/LEN-98715
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@lenovo.com
Published At:26 Jun, 2023 | 20:15
Updated At:06 Jul, 2023 | 18:19

A valid, authenticated LXCA user with elevated privileges may be able to execute command injections through crafted calls to a specific web API.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.2HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Secondary3.17.2HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Lenovo Group Limited
lenovo
>>xclarity_administrator>>Versions before 4.0.0(exclusive)
cpe:2.3:a:lenovo:xclarity_administrator:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-78Primarynvd@nist.gov
CWE-78Secondarypsirt@lenovo.com
CWE ID: CWE-78
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-78
Type: Secondary
Source: psirt@lenovo.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://support.lenovo.com/us/en/product_security/LEN-98715psirt@lenovo.com
Vendor Advisory
Hyperlink: https://support.lenovo.com/us/en/product_security/LEN-98715
Source: psirt@lenovo.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

552Records found
CVE-2021-3617
Matching Score-10
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-10
Assigner-Lenovo Group Ltd.
CVSS Score-7.2||HIGH
EPSS-1.32% / 79.07%
||
7 Day CHG~0.00%
Published-17 Aug, 2021 | 16:25
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow command injection by setting a specially crafted network configuration. This vulnerability is the same as CNVD-2020-68652.

Action-Not Available
Vendor-Lenovo Group Limited
Product-smart_camera_x5_firmwaresmart_camera_x5smart_camera_x3_firmwaresmart_camera_x3smart_camera_c2esmart_camera_c2e_firmwareSmart Camera X3, X5, and C2E firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-38510
Matching Score-10
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-10
Assigner-Lenovo Group Ltd.
CVSS Score-7.2||HIGH
EPSS-1.18% / 77.89%
||
7 Day CHG~0.00%
Published-26 Jul, 2024 | 19:45
Updated-02 Aug, 2024 | 04:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation vulnerability was discovered in the SSH captive command shell interface that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads.

Action-Not Available
Vendor-Lenovo Group Limited
Product-XClarity Controllerthinksystem_sr670_firmwarethinksystem_sr530_firmwarethinkagile_hx3375_firmwarethinksystem_sr570_firmwarethinksystem_sr675_v3_firmwarethinksystem_sr850_v2_firmwarethinksystem_sr665_firmwarethinksystem_sd630_v2_firmwarethinkagile_hx2330_firmwarethinksystem_sd665_v3_firmwarethinksystem_sr665_v3_firmwarethinkagile_hx3520-g_firmwarethinkagile_hx3521-g_firmwarethinkagile_mx3530-h_firmwarethinksystem_sr850_v3_firmwarethinksystem_st250_v2_firmwarethinkagile_vx1320_firmwarethinksystem_sr158_firmwarethinkagile_vx3320_firmwarethinkagile_mx3331-h_firmwarethinkagile_hx7530_firmwarethinksystem_sr645_v3_firmwarethinkagile_mx3531-f_firmwarethinkagile_vx7530_firmwarethinkagile_hx1331_firmwarethinksystem_sr650_firmwarethinksystem_sd650-n_v2_firmwarethinksystem_sn550_v2_firmwarethinksystem_sr860_v3_firmwarethinkagile_vx5520_firmwarethinkagile_hx_enclosure_certified_node_firmwarethinksystem_st550_firmwarethinkagile_hx1521-r_firmwarethinkagile_mx1020_firmwarethinkagile_hx7520_firmwarethinksystem_sr860_firmwarethinksystem_sr650_v2_firmwarethinksystem_sr150_firmwarethinkagile_hx7820_firmwarethinkagile_vx7320_n_firmwarethinksystem_sn850_firmwarethinkagile_hx1021_edg_firmwarethinkstation_p920_workstation_firmwarethinkagile_hx3720_firmwarethinkagile_hx7521_firmwarethinkagile_vx2320_firmwarethinksystem_sr250_v2_firmwarethinkagile_mx3330-h_firmwarethinkagile_hx2720-e_firmwarethinksystem_st250_firmwarethinksystem_sd650_dual_node_tray_firmwarethinkagile_hx5530_firmwarethinkagile_vx7820_firmwarethinkagile_hx5520-c_firmwarethinkagile_hx3330_firmwarethinksystem_sd530_firmwarethinksystem_st658_v3_firmwarethinksystem_sr670_v2_firmwarethinkagile_hx3321_firmwarethinksystem_sr630_v3_firmwarethinkagile_hx5521-c_firmwarethinkagile_mx3331-f_firmwarethinksystem_sr655_v3_firmwarethinkagile_hx2320-e_firmwarethinksystem_sn550_firmwarethinkagile_hx3331thinksystem_sr250_firmwarethinksystem_sr258_firmwarethinkagile_vx3520-g_firmwarethinksystem_se350_firmwarethinkagile_vx3720_firmwarethinkagile_hx1520-r_firmwarethinksystem_sr630_firmwarethinkagile_hx2321_firmwarethinkagile_vx7520_n_firmwarethinkagile_hx3721_firmwarethinksystem_sr860_v2_firmwarethinkagile_mx3330-f_firmwarethinksystem_sr550_firmwarethinksystem_sr850p_firmwarethinksystem_sr635_firmwarethinkagile_hx1321_firmwarethinkagile_hx1320_firmwarethinkagile_hx7531_firmwarethinksystem_sd650_v3_firmwarethinksystem_sr258_v2_firmwarethinkagile_vx3331_firmwarethinkagile_hx3320_firmwarethinkagile_vx7520_firmwarethinksystem_sr950_firmwarethinkagile_hx2331_firmwarethinkagile_vx2330_firmwarethinkagile_mx3530_f_firmwarethinksystem_st650_v2_firmwarethinksystem_st258_v2_firmwarethinkagile_vx3530-g_firmwarethinksystem_sr630_v2_firmwarethinksystem_st258_firmwarethinksystem_st650_v3_firmwarethinkagile_hx3376_firmwarethinkagile_hx5531_firmwarethinkagile_vx7330_firmwarethinkagile_vx7531_firmwarethinksystem_sr850_firmwarethinkagile_hx7821_firmwarethinkagile_vx5530_firmwarethinkagile_vx3330_firmwarethinksystem_sr590_firmwarethinksystem_st658_v2_firmwarethinksystem_sr645_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-38508
Matching Score-10
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-10
Assigner-Lenovo Group Ltd.
CVSS Score-7.2||HIGH
EPSS-1.63% / 81.16%
||
7 Day CHG~0.00%
Published-26 Jul, 2024 | 19:44
Updated-02 Aug, 2024 | 04:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation vulnerability was discovered in the web interface or SSH captive command shell interface of XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via a specially crafted request.

Action-Not Available
Vendor-Lenovo Group Limited
Product-XClarity Controllerthinksystem_sr670_firmwarethinksystem_sr530_firmwarethinkagile_hx3375_firmwarethinksystem_sr570_firmwarethinksystem_sr675_v3_firmwarethinksystem_sr850_v2_firmwarethinksystem_sr665_firmwarethinksystem_sd630_v2_firmwarethinkagile_hx2330_firmwarethinksystem_sd665_v3_firmwarethinksystem_sr665_v3_firmwarethinkagile_hx3520-g_firmwarethinkagile_hx3521-g_firmwarethinkagile_mx3530-h_firmwarethinksystem_sr850_v3_firmwarethinksystem_st250_v2_firmwarethinkagile_vx1320_firmwarethinksystem_sr158_firmwarethinkagile_vx3320_firmwarethinkagile_mx3331-h_firmwarethinkagile_hx7530_firmwarethinksystem_sr645_v3_firmwarethinkagile_mx3531-f_firmwarethinkagile_vx7530_firmwarethinkagile_hx1331_firmwarethinksystem_sr650_firmwarethinksystem_sd650-n_v2_firmwarethinksystem_sn550_v2_firmwarethinksystem_sr860_v3_firmwarethinkagile_vx5520_firmwarethinkagile_hx_enclosure_certified_node_firmwarethinksystem_st550_firmwarethinkagile_hx1521-r_firmwarethinkagile_mx1020_firmwarethinkagile_hx7520_firmwarethinksystem_sr860_firmwarethinksystem_sr650_v2_firmwarethinksystem_sr150_firmwarethinkagile_hx7820_firmwarethinkagile_vx7320_n_firmwarethinksystem_sn850_firmwarethinkagile_hx1021_edg_firmwarethinkstation_p920_workstation_firmwarethinkagile_hx3720_firmwarethinkagile_hx7521_firmwarethinkagile_vx2320_firmwarethinksystem_sr250_v2_firmwarethinkagile_mx3330-h_firmwarethinkagile_hx2720-e_firmwarethinksystem_st250_firmwarethinksystem_sd650_dual_node_tray_firmwarethinkagile_hx5530_firmwarethinkagile_vx7820_firmwarethinkagile_hx5520-c_firmwarethinkagile_hx3330_firmwarethinksystem_sd530_firmwarethinksystem_st658_v3_firmwarethinksystem_sr670_v2_firmwarethinkagile_hx3321_firmwarethinksystem_sr630_v3_firmwarethinkagile_hx5521-c_firmwarethinkagile_mx3331-f_firmwarethinksystem_sr655_v3_firmwarethinkagile_hx2320-e_firmwarethinksystem_sn550_firmwarethinkagile_hx3331thinksystem_sr250_firmwarethinksystem_sr258_firmwarethinkagile_vx3520-g_firmwarethinksystem_se350_firmwarethinkagile_vx3720_firmwarethinkagile_hx1520-r_firmwarethinksystem_sr630_firmwarethinkagile_hx2321_firmwarethinkagile_vx7520_n_firmwarethinkagile_hx3721_firmwarethinksystem_sr860_v2_firmwarethinkagile_mx3330-f_firmwarethinksystem_sr550_firmwarethinksystem_sr850p_firmwarethinksystem_sr635_firmwarethinkagile_hx1321_firmwarethinkagile_hx1320_firmwarethinkagile_hx7531_firmwarethinksystem_sd650_v3_firmwarethinksystem_sr258_v2_firmwarethinkagile_vx3331_firmwarethinkagile_hx3320_firmwarethinkagile_vx7520_firmwarethinksystem_sr950_firmwarethinkagile_hx2331_firmwarethinkagile_vx2330_firmwarethinkagile_mx3530_f_firmwarethinksystem_st650_v2_firmwarethinksystem_st258_v2_firmwarethinkagile_vx3530-g_firmwarethinksystem_sr630_v2_firmwarethinksystem_st258_firmwarethinksystem_st650_v3_firmwarethinkagile_hx3376_firmwarethinkagile_hx5531_firmwarethinkagile_vx7330_firmwarethinkagile_vx7531_firmwarethinksystem_sr850_firmwarethinkagile_hx7821_firmwarethinkagile_vx5530_firmwarethinkagile_vx3330_firmwarethinksystem_sr590_firmwarethinksystem_st658_v2_firmwarethinksystem_sr645_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-38512
Matching Score-10
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-10
Assigner-Lenovo Group Ltd.
CVSS Score-7.2||HIGH
EPSS-1.63% / 81.16%
||
7 Day CHG~0.00%
Published-26 Jul, 2024 | 19:45
Updated-02 Aug, 2024 | 04:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands.

Action-Not Available
Vendor-Lenovo Group Limited
Product-XClarity Controllerthinksystem_sr670_firmwarethinksystem_sr530_firmwarethinkagile_hx3375_firmwarethinksystem_sr570_firmwarethinksystem_sr675_v3_firmwarethinksystem_sr850_v2_firmwarethinksystem_sr665_firmwarethinksystem_sd630_v2_firmwarethinkagile_hx2330_firmwarethinksystem_sd665_v3_firmwarethinksystem_sr665_v3_firmwarethinkagile_hx3520-g_firmwarethinkagile_hx3521-g_firmwarethinkagile_mx3530-h_firmwarethinksystem_sr850_v3_firmwarethinksystem_st250_v2_firmwarethinkagile_vx1320_firmwarethinksystem_sr158_firmwarethinkagile_vx3320_firmwarethinkagile_mx3331-h_firmwarethinkagile_hx7530_firmwarethinksystem_sr645_v3_firmwarethinkagile_mx3531-f_firmwarethinkagile_vx7530_firmwarethinkagile_hx1331_firmwarethinksystem_sr650_firmwarethinksystem_sd650-n_v2_firmwarethinksystem_sn550_v2_firmwarethinksystem_sr860_v3_firmwarethinkagile_vx5520_firmwarethinkagile_hx_enclosure_certified_node_firmwarethinksystem_st550_firmwarethinkagile_hx1521-r_firmwarethinkagile_mx1020_firmwarethinkagile_hx7520_firmwarethinksystem_sr860_firmwarethinksystem_sr650_v2_firmwarethinksystem_sr150_firmwarethinkagile_hx7820_firmwarethinkagile_vx7320_n_firmwarethinksystem_sn850_firmwarethinkagile_hx1021_edg_firmwarethinkstation_p920_workstation_firmwarethinkagile_hx3720_firmwarethinkagile_hx7521_firmwarethinkagile_vx2320_firmwarethinksystem_sr250_v2_firmwarethinkagile_mx3330-h_firmwarethinkagile_hx2720-e_firmwarethinksystem_st250_firmwarethinksystem_sd650_dual_node_tray_firmwarethinkagile_hx5530_firmwarethinkagile_vx7820_firmwarethinkagile_hx5520-c_firmwarethinkagile_hx3330_firmwarethinksystem_sd530_firmwarethinksystem_st658_v3_firmwarethinksystem_sr670_v2_firmwarethinkagile_hx3321_firmwarethinksystem_sr630_v3_firmwarethinkagile_hx5521-c_firmwarethinkagile_mx3331-f_firmwarethinksystem_sr655_v3_firmwarethinkagile_hx2320-e_firmwarethinksystem_sn550_firmwarethinkagile_hx3331thinksystem_sr250_firmwarethinksystem_sr258_firmwarethinkagile_vx3520-g_firmwarethinksystem_se350_firmwarethinkagile_vx3720_firmwarethinkagile_hx1520-r_firmwarethinksystem_sr630_firmwarethinkagile_hx2321_firmwarethinkagile_vx7520_n_firmwarethinkagile_hx3721_firmwarethinksystem_sr860_v2_firmwarethinkagile_mx3330-f_firmwarethinksystem_sr550_firmwarethinksystem_sr850p_firmwarethinksystem_sr635_firmwarethinkagile_hx1321_firmwarethinkagile_hx1320_firmwarethinkagile_hx7531_firmwarethinksystem_sd650_v3_firmwarethinksystem_sr258_v2_firmwarethinkagile_vx3331_firmwarethinkagile_hx3320_firmwarethinkagile_vx7520_firmwarethinksystem_sr950_firmwarethinkagile_hx2331_firmwarethinkagile_vx2330_firmwarethinkagile_mx3530_f_firmwarethinksystem_st650_v2_firmwarethinksystem_st258_v2_firmwarethinkagile_vx3530-g_firmwarethinksystem_sr630_v2_firmwarethinksystem_st258_firmwarethinksystem_st650_v3_firmwarethinkagile_hx3376_firmwarethinkagile_hx5531_firmwarethinkagile_vx7330_firmwarethinkagile_vx7531_firmwarethinksystem_sr850_firmwarethinkagile_hx7821_firmwarethinkagile_vx5530_firmwarethinkagile_vx3330_firmwarethinksystem_sr590_firmwarethinksystem_st658_v2_firmwarethinksystem_sr645_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-38511
Matching Score-10
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-10
Assigner-Lenovo Group Ltd.
CVSS Score-7.2||HIGH
EPSS-1.18% / 77.89%
||
7 Day CHG~0.00%
Published-26 Jul, 2024 | 19:45
Updated-02 Aug, 2024 | 04:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation vulnerability was discovered in an upload processing functionality of XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads.

Action-Not Available
Vendor-Lenovo Group Limited
Product-XClarity Controllerthinksystem_sr670_firmwarethinksystem_sr530_firmwarethinkagile_hx3375_firmwarethinksystem_sr570_firmwarethinksystem_sr675_v3_firmwarethinksystem_sr850_v2_firmwarethinksystem_sr665_firmwarethinksystem_sd630_v2_firmwarethinkagile_hx2330_firmwarethinksystem_sd665_v3_firmwarethinksystem_sr665_v3_firmwarethinkagile_hx3520-g_firmwarethinkagile_hx3521-g_firmwarethinkagile_mx3530-h_firmwarethinksystem_sr850_v3_firmwarethinksystem_st250_v2_firmwarethinkagile_vx1320_firmwarethinksystem_sr158_firmwarethinkagile_vx3320_firmwarethinkagile_mx3331-h_firmwarethinkagile_hx7530_firmwarethinksystem_sr645_v3_firmwarethinkagile_mx3531-f_firmwarethinkagile_vx7530_firmwarethinkagile_hx1331_firmwarethinksystem_sr650_firmwarethinksystem_sd650-n_v2_firmwarethinksystem_sn550_v2_firmwarethinksystem_sr860_v3_firmwarethinkagile_vx5520_firmwarethinkagile_hx_enclosure_certified_node_firmwarethinksystem_st550_firmwarethinkagile_hx1521-r_firmwarethinkagile_mx1020_firmwarethinkagile_hx7520_firmwarethinksystem_sr860_firmwarethinksystem_sr650_v2_firmwarethinksystem_sr150_firmwarethinkagile_hx7820_firmwarethinkagile_vx7320_n_firmwarethinksystem_sn850_firmwarethinkagile_hx1021_edg_firmwarethinkstation_p920_workstation_firmwarethinkagile_hx3720_firmwarethinkagile_hx7521_firmwarethinkagile_vx2320_firmwarethinksystem_sr250_v2_firmwarethinkagile_mx3330-h_firmwarethinkagile_hx2720-e_firmwarethinksystem_st250_firmwarethinksystem_sd650_dual_node_tray_firmwarethinkagile_hx5530_firmwarethinkagile_vx7820_firmwarethinkagile_hx5520-c_firmwarethinkagile_hx3330_firmwarethinksystem_sd530_firmwarethinksystem_st658_v3_firmwarethinksystem_sr670_v2_firmwarethinkagile_hx3321_firmwarethinksystem_sr630_v3_firmwarethinkagile_hx5521-c_firmwarethinkagile_mx3331-f_firmwarethinksystem_sr655_v3_firmwarethinkagile_hx2320-e_firmwarethinksystem_sn550_firmwarethinkagile_hx3331thinksystem_sr250_firmwarethinksystem_sr258_firmwarethinkagile_vx3520-g_firmwarethinksystem_se350_firmwarethinkagile_vx3720_firmwarethinkagile_hx1520-r_firmwarethinksystem_sr630_firmwarethinkagile_hx2321_firmwarethinkagile_vx7520_n_firmwarethinkagile_hx3721_firmwarethinksystem_sr860_v2_firmwarethinkagile_mx3330-f_firmwarethinksystem_sr550_firmwarethinksystem_sr850p_firmwarethinksystem_sr635_firmwarethinkagile_hx1321_firmwarethinkagile_hx1320_firmwarethinkagile_hx7531_firmwarethinksystem_sd650_v3_firmwarethinksystem_sr258_v2_firmwarethinkagile_vx3331_firmwarethinkagile_hx3320_firmwarethinkagile_vx7520_firmwarethinksystem_sr950_firmwarethinkagile_hx2331_firmwarethinkagile_vx2330_firmwarethinkagile_mx3530_f_firmwarethinksystem_st650_v2_firmwarethinksystem_st258_v2_firmwarethinkagile_vx3530-g_firmwarethinksystem_sr630_v2_firmwarethinksystem_st258_firmwarethinksystem_st650_v3_firmwarethinkagile_hx3376_firmwarethinkagile_hx5531_firmwarethinkagile_vx7330_firmwarethinkagile_vx7531_firmwarethinksystem_sr850_firmwarethinkagile_hx7821_firmwarethinkagile_vx5530_firmwarethinkagile_vx3330_firmwarethinksystem_sr590_firmwarethinksystem_st658_v2_firmwarethinksystem_sr645_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-2659
Matching Score-10
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-10
Assigner-Lenovo Group Ltd.
CVSS Score-7.2||HIGH
EPSS-0.32% / 54.11%
||
7 Day CHG~0.00%
Published-15 Apr, 2024 | 18:00
Updated-27 Aug, 2025 | 20:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A command injection vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user with elevated privileges to execute system commands when performing a specific administrative function.

Action-Not Available
Vendor-Lenovo Group Limited
Product-SMM, SMM2, FPCsystem_management_module_firmwarefan_power_controller
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-4855
Matching Score-10
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-10
Assigner-Lenovo Group Ltd.
CVSS Score-7.2||HIGH
EPSS-0.27% / 50.58%
||
7 Day CHG~0.00%
Published-15 Apr, 2024 | 17:58
Updated-02 Aug, 2024 | 07:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A command injection vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user with elevated privileges to execute unauthorized commands via IPMI.

Action-Not Available
Vendor-Lenovo Group Limited
Product-SMM, SMM2, FPCsystem_management_module_firmwarefan_power_controller
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-8279
Matching Score-10
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-10
Assigner-Lenovo Group Ltd.
CVSS Score-7.2||HIGH
EPSS-1.18% / 77.89%
||
7 Day CHG~0.00%
Published-13 Sep, 2024 | 17:27
Updated-14 Sep, 2024 | 11:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads.

Action-Not Available
Vendor-Lenovo Group Limited
Product-VX7531 Certified Node (ThinkAgile) XCCHX7820 Appliance (ThinkAgile) XCCSR250 V2 (ThinkSystem) XCCVX5530 Appliance (ThinkAgile) XCCHX2331 Certified Node (ThinkAgile) XCCSR650 (ThinkSystem) XCCVX3530-G Appliance (ThinkAgile) XCCHX5531 Certified Node (ThinkAgile) XCCHX5530 Appliance (ThinkAgile) XCCVX7320 N (ThinkAgile) XCCHX1321 Certified Node (ThinkAgile) XCCVX635 V3 Integrated System (ThinkAgile) XCCVX7330 Appliance (Thinkagile) XCCST250 V3 (ThinkSystem) XCCSR258 V2 (ThinkSystem) XCCSE455 V3 (ThinkEdge) XCCSR150 (ThinkSystem) XCCHX Enclosure Certified Node (ThinkAgile) XCCSR630 V3 (ThinkSystem) XCCSR665 V3 (ThinkSystem) XCCVX 1SE Certified Node (ThinkAgile) XCCSE360 V2 (ThinkEdge) XCCHX7530 Appl for SAP HANA (ThinkAgile) XCCSR250 V3 (ThinkSystem) XCCSD650-N V2 (ThinkSystem) XCCHX1521-R Certified Node (ThinkAgile) XCCSR650 V3 (ThinkSystem) XCCSR860 V3 (ThinkSystem) XCCVX3320 (ThinkAgile) XCCHX5520-C Appliance (ThinkAgile) XCCSN850 (ThinkSystem) XCCSR655 V3 (ThinkSystem) XCCSR850P (ThinkSystem) XCCSD665 V3 (ThinkSystem) XCCST550 (ThinkSystem) XCCHX5521 Certified Node (ThinkAgile) XCCST250 V2 (ThinkSystem) XCCSR570 (ThinkSystem) XCCHX3331 Node SAP HANA (ThinkAgile) XCCSR630 V2 (ThinkSystem) XCCHX3330 Appliance (ThinkAgile) XCCHX3376 Certified Node (ThinkAgile) XCCSD550 V3 (ThinkSystem) XCCSR850 V2 (ThinkSystem) XCCST258 V2 (ThinkSystem) XCCSR850 (ThinkSystem) XCCSR675 V3 (ThinkSystem) XCCMX3331-F All-flash Certified node (ThinkAgile) XCCHX7531 Certified Node (ThinkAgile) XCCVX 2U4N Certified Node (ThinkAgile) XCCVX645 V3 Certified Node (ThinkAgile) XCCSR258 V3 (ThinkSystem) XCCHX1021 Edge Certified Node 3yr (ThinkAgile) XCCSR650 V2 (ThinkSystem) XCCVX3520-G (ThinkAgile) XCCVX7820 (ThinkAgile) XCCHX7530 Appliance (ThinkAgile) XCCST250 (ThinkSystem) XCCSE450 (ThinkEdge) XCCSD650 V3 (ThinkSystem) XCCSD650 DWC Dual Node Tray (ThinkSystem) XCCP920 Rack Workstation (ThinkStation) XCCVX5520 (ThinkAgile) XCCSN550 (ThinkSystem) XCCSR645 V3 (ThinkSystem) XCCVX655 V3 Integrated System (ThinkAgile) XCCMX3330-H Hybrid Appliance (ThinkAgile) XCCHX3321 Certified Node (ThinkAgile) XCCHX5520 Appliance (ThinkAgile) XCCHX7531 Node SAP HANA (ThinkAgile) XCCVX645 V3 Integrated System (ThinkAgile) XCCHX5521-C Certified Node (ThinkAgile) XCCSR860 (ThinkSystem) XCCSE350 V2 (ThinkEdge) XCCVX665 V3 Certified Node (ThinkAgile) XCCSR665 (ThinkSystem) XCCVX655 V3 Certified Node (ThinkAgile) XCCST658 V3 (ThinkSystem) XCCHX1320 Appliance (ThinkAgile) XCCVX2320 (ThinkAgile) XCCMX3530 F All flash Appliance (ThinkAgile) XCCST258 (ThinkSystem) XCCSE350 (ThinkSystem) XCCST658 V2 (ThinkSystem) XCCSR530 (ThinkSystem) XCCHX7520 Appliance (ThinkAgile) XCCSD530 V3 (ThinkSystem) XCCVX3330 Appliance (ThinkAgile) XCCSR670 V2 (ThinkSystem) XCCSR860 V2 (ThinkSystem) XCCHX2720-E Appliance (ThinkAgile) XCCHX2330 Appliance (ThinkAgile) XCCMX Edge Appliance - MX1020 (ThinkAgile) XCCSD650 V2 (ThinkSystem) XCCSR850 V3 (ThinkSystem) XCCHX3375 Appliance (ThinkAgile) XCCST650 V2 (ThinkSystem) XCCST258 V3 (ThinkSystem) XCCSR670 (ThinkSystem) XCCHX1331 Certified Node (ThinkAgile) XCCVX2330 Appliance (ThinkAgile) XCCVX3720 (ThinkAgile) XCCSR158 (ThinkSystem) XCCHX3331 Certified Node (ThinkAgile) XCCSD530 (ThinkSystem) XCCMX3330-F All-flash Appliance (ThinkAgile) XCCHX1520-R Appliance (ThinkAgile) XCCSR950 V3 (ThinkSystem) XCCHX3320 Appliance (ThinkAgile) XCCSR550 (ThinkSystem) XCCSR950 (ThinkSystem) XCCSR635 V3 (ThinkSystem) XCCThinkAgile MX1021 on SE350 XCCSR250 (ThinkSystem) XCCVX665 V3 Integrated System (ThinkAgile) XCCHX2321 Certified Node (ThinkAgile) XCCHX3521-G Certified Node (ThinkAgile) XCCHX3520-G Appliance (ThinkAgile) XCCHX3720 Appliance (ThinkAgile) XCCHX3721 Certified Node (ThinkAgile) XCCVX 4U Certified Node (ThinkAgile) XCCSN550 V2 (ThinkSystem) XCCHX7521 Certified Node (ThinkAgile) XCCSR645 (ThinkSystem) XCCST650 V3 (ThinkSystem) XCCMX3331-H Hybrid Certified node (ThinkAgile) XCCMX3530-H Hybrid Appliance (ThinkAgile) XCCVX3331 Certified Node (ThinkAgile) XCCMX3531 H Hybrid Certified node (ThinkAgile) XCCSR590 (ThinkSystem) XCCHX2320-E Appliance (ThinkAgile) XCCVX1320 (ThinkAgile) XCCVX7530 Appliance (ThinkAgile) XCCMX3531-F All-flash Certified node (ThinkAgile) XCCVX7520 (ThinkAgile) XCCHX7821 Certified Node (ThinkAgile) XCCVX7520 N (ThinkAgile) XCCSR258 (ThinkSystem) XCCSR630 (ThinkSystem) XCCSD630 V2 (ThinkSystem) XCCthinkedge_se455_v3_firmwarethinkagile_hx3375_firmwarethinksystem_sr675_v3_firmwarethinksystem_sd630_v2_firmwarethinkagile_hx1320_firmwarethinksystem_sr630_v3_firmwarethinksystem_sd530_v3_firmwarethinkagile_hx7820_firmwarethinksystem_sr635_v3_firmwarethinkedge_se350_v2_firmwarethinkagile_hx1021_edge_certified_node_3yr_firmwarethinksystem_sr850_v3_firmwarethinksystem_sr950_v3_firmwarethinkedge_se450__firmwarethinkagile_hx7530_firmwarethinksystem_st250_v3_firmwarethinksystem_st650_v3_firmwarethinkagile_hx_enclosure_certified_node_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-8278
Matching Score-10
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-10
Assigner-Lenovo Group Ltd.
CVSS Score-7.2||HIGH
EPSS-1.44% / 79.89%
||
7 Day CHG~0.00%
Published-13 Sep, 2024 | 17:27
Updated-14 Sep, 2024 | 11:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands.

Action-Not Available
Vendor-Lenovo Group Limited
Product-VX7531 Certified Node (ThinkAgile) XCCHX7820 Appliance (ThinkAgile) XCCSR250 V2 (ThinkSystem) XCCVX5530 Appliance (ThinkAgile) XCCHX2331 Certified Node (ThinkAgile) XCCSR650 (ThinkSystem) XCCVX3530-G Appliance (ThinkAgile) XCCHX5531 Certified Node (ThinkAgile) XCCHX5530 Appliance (ThinkAgile) XCCVX7320 N (ThinkAgile) XCCHX1321 Certified Node (ThinkAgile) XCCVX635 V3 Integrated System (ThinkAgile) XCCVX7330 Appliance (Thinkagile) XCCST250 V3 (ThinkSystem) XCCSR258 V2 (ThinkSystem) XCCSE455 V3 (ThinkEdge) XCCSR150 (ThinkSystem) XCCHX Enclosure Certified Node (ThinkAgile) XCCSR630 V3 (ThinkSystem) XCCSR665 V3 (ThinkSystem) XCCVX 1SE Certified Node (ThinkAgile) XCCSE360 V2 (ThinkEdge) XCCHX7530 Appl for SAP HANA (ThinkAgile) XCCSR250 V3 (ThinkSystem) XCCSD650-N V2 (ThinkSystem) XCCHX1521-R Certified Node (ThinkAgile) XCCSR650 V3 (ThinkSystem) XCCSR860 V3 (ThinkSystem) XCCVX3320 (ThinkAgile) XCCHX5520-C Appliance (ThinkAgile) XCCSN850 (ThinkSystem) XCCSR655 V3 (ThinkSystem) XCCSR850P (ThinkSystem) XCCSD665 V3 (ThinkSystem) XCCST550 (ThinkSystem) XCCHX5521 Certified Node (ThinkAgile) XCCST250 V2 (ThinkSystem) XCCSR570 (ThinkSystem) XCCHX3331 Node SAP HANA (ThinkAgile) XCCSR630 V2 (ThinkSystem) XCCHX3330 Appliance (ThinkAgile) XCCHX3376 Certified Node (ThinkAgile) XCCSD550 V3 (ThinkSystem) XCCSR850 V2 (ThinkSystem) XCCST258 V2 (ThinkSystem) XCCSR850 (ThinkSystem) XCCSR675 V3 (ThinkSystem) XCCMX3331-F All-flash Certified node (ThinkAgile) XCCHX7531 Certified Node (ThinkAgile) XCCVX 2U4N Certified Node (ThinkAgile) XCCVX645 V3 Certified Node (ThinkAgile) XCCSR258 V3 (ThinkSystem) XCCHX1021 Edge Certified Node 3yr (ThinkAgile) XCCSR650 V2 (ThinkSystem) XCCVX3520-G (ThinkAgile) XCCVX7820 (ThinkAgile) XCCHX7530 Appliance (ThinkAgile) XCCST250 (ThinkSystem) XCCSE450 (ThinkEdge) XCCSD650 V3 (ThinkSystem) XCCSD650 DWC Dual Node Tray (ThinkSystem) XCCP920 Rack Workstation (ThinkStation) XCCVX5520 (ThinkAgile) XCCSN550 (ThinkSystem) XCCSR645 V3 (ThinkSystem) XCCVX655 V3 Integrated System (ThinkAgile) XCCMX3330-H Hybrid Appliance (ThinkAgile) XCCHX3321 Certified Node (ThinkAgile) XCCHX5520 Appliance (ThinkAgile) XCCHX7531 Node SAP HANA (ThinkAgile) XCCVX645 V3 Integrated System (ThinkAgile) XCCHX5521-C Certified Node (ThinkAgile) XCCSR860 (ThinkSystem) XCCSE350 V2 (ThinkEdge) XCCVX665 V3 Certified Node (ThinkAgile) XCCSR665 (ThinkSystem) XCCVX655 V3 Certified Node (ThinkAgile) XCCST658 V3 (ThinkSystem) XCCHX1320 Appliance (ThinkAgile) XCCVX2320 (ThinkAgile) XCCMX3530 F All flash Appliance (ThinkAgile) XCCST258 (ThinkSystem) XCCSE350 (ThinkSystem) XCCST658 V2 (ThinkSystem) XCCSR530 (ThinkSystem) XCCHX7520 Appliance (ThinkAgile) XCCSD530 V3 (ThinkSystem) XCCVX3330 Appliance (ThinkAgile) XCCSR670 V2 (ThinkSystem) XCCSR860 V2 (ThinkSystem) XCCHX2720-E Appliance (ThinkAgile) XCCHX2330 Appliance (ThinkAgile) XCCMX Edge Appliance - MX1020 (ThinkAgile) XCCSD650 V2 (ThinkSystem) XCCSR850 V3 (ThinkSystem) XCCHX3375 Appliance (ThinkAgile) XCCST650 V2 (ThinkSystem) XCCST258 V3 (ThinkSystem) XCCSR670 (ThinkSystem) XCCHX1331 Certified Node (ThinkAgile) XCCVX2330 Appliance (ThinkAgile) XCCVX3720 (ThinkAgile) XCCSR158 (ThinkSystem) XCCHX3331 Certified Node (ThinkAgile) XCCSD530 (ThinkSystem) XCCMX3330-F All-flash Appliance (ThinkAgile) XCCHX1520-R Appliance (ThinkAgile) XCCSR950 V3 (ThinkSystem) XCCHX3320 Appliance (ThinkAgile) XCCSR550 (ThinkSystem) XCCSR950 (ThinkSystem) XCCSR635 V3 (ThinkSystem) XCCThinkAgile MX1021 on SE350 XCCSR250 (ThinkSystem) XCCVX665 V3 Integrated System (ThinkAgile) XCCHX2321 Certified Node (ThinkAgile) XCCHX3521-G Certified Node (ThinkAgile) XCCHX3520-G Appliance (ThinkAgile) XCCHX3720 Appliance (ThinkAgile) XCCHX3721 Certified Node (ThinkAgile) XCCVX 4U Certified Node (ThinkAgile) XCCSN550 V2 (ThinkSystem) XCCHX7521 Certified Node (ThinkAgile) XCCSR645 (ThinkSystem) XCCST650 V3 (ThinkSystem) XCCMX3331-H Hybrid Certified node (ThinkAgile) XCCMX3530-H Hybrid Appliance (ThinkAgile) XCCVX3331 Certified Node (ThinkAgile) XCCMX3531 H Hybrid Certified node (ThinkAgile) XCCSR590 (ThinkSystem) XCCHX2320-E Appliance (ThinkAgile) XCCVX1320 (ThinkAgile) XCCVX7530 Appliance (ThinkAgile) XCCMX3531-F All-flash Certified node (ThinkAgile) XCCVX7520 (ThinkAgile) XCCHX7821 Certified Node (ThinkAgile) XCCVX7520 N (ThinkAgile) XCCSR258 (ThinkSystem) XCCSR630 (ThinkSystem) XCCSD630 V2 (ThinkSystem) XCCthinkedge_se455_v3_firmwarethinkagile_hx3375_firmwarethinksystem_sr675_v3_firmwarethinksystem_sd630_v2_firmwarethinkagile_hx1320_firmwarethinksystem_sr630_v3_firmwarethinksystem_sd530_v3_firmwarethinkagile_hx7820_firmwarethinksystem_sr635_v3_firmwarethinkedge_se350_v2_firmwarethinkagile_hx1021_edge_certified_node_3yr_firmwarethinksystem_sr850_v3_firmwarethinksystem_sr950_v3_firmwarethinkedge_se450__firmwarethinkagile_hx7530_firmwarethinksystem_st250_v3_firmwarethinksystem_st650_v3_firmwarethinkagile_hx_enclosure_certified_node_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-8280
Matching Score-10
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-10
Assigner-Lenovo Group Ltd.
CVSS Score-7.2||HIGH
EPSS-1.35% / 79.25%
||
7 Day CHG~0.00%
Published-13 Sep, 2024 | 17:27
Updated-14 Sep, 2024 | 11:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection or cause a recoverable denial of service using a specially crafted file.

Action-Not Available
Vendor-Lenovo Group Limited
Product-VX7531 Certified Node (ThinkAgile) XCCHX7820 Appliance (ThinkAgile) XCCSR250 V2 (ThinkSystem) XCCVX5530 Appliance (ThinkAgile) XCCHX2331 Certified Node (ThinkAgile) XCCSR650 (ThinkSystem) XCCVX3530-G Appliance (ThinkAgile) XCCHX5531 Certified Node (ThinkAgile) XCCHX5530 Appliance (ThinkAgile) XCCVX7320 N (ThinkAgile) XCCHX1321 Certified Node (ThinkAgile) XCCVX635 V3 Integrated System (ThinkAgile) XCCVX7330 Appliance (Thinkagile) XCCST250 V3 (ThinkSystem) XCCSR258 V2 (ThinkSystem) XCCSE455 V3 (ThinkEdge) XCCSR150 (ThinkSystem) XCCHX Enclosure Certified Node (ThinkAgile) XCCSR630 V3 (ThinkSystem) XCCSR665 V3 (ThinkSystem) XCCVX 1SE Certified Node (ThinkAgile) XCCSE360 V2 (ThinkEdge) XCCHX7530 Appl for SAP HANA (ThinkAgile) XCCSR250 V3 (ThinkSystem) XCCSD650-N V2 (ThinkSystem) XCCHX1521-R Certified Node (ThinkAgile) XCCSR650 V3 (ThinkSystem) XCCSR860 V3 (ThinkSystem) XCCVX3320 (ThinkAgile) XCCHX5520-C Appliance (ThinkAgile) XCCSN850 (ThinkSystem) XCCSR655 V3 (ThinkSystem) XCCSR850P (ThinkSystem) XCCSD665 V3 (ThinkSystem) XCCST550 (ThinkSystem) XCCHX5521 Certified Node (ThinkAgile) XCCST250 V2 (ThinkSystem) XCCSR570 (ThinkSystem) XCCHX3331 Node SAP HANA (ThinkAgile) XCCSR630 V2 (ThinkSystem) XCCHX3330 Appliance (ThinkAgile) XCCHX3376 Certified Node (ThinkAgile) XCCSD550 V3 (ThinkSystem) XCCSR850 V2 (ThinkSystem) XCCST258 V2 (ThinkSystem) XCCSR850 (ThinkSystem) XCCSR675 V3 (ThinkSystem) XCCMX3331-F All-flash Certified node (ThinkAgile) XCCHX7531 Certified Node (ThinkAgile) XCCVX 2U4N Certified Node (ThinkAgile) XCCVX645 V3 Certified Node (ThinkAgile) XCCSR258 V3 (ThinkSystem) XCCHX1021 Edge Certified Node 3yr (ThinkAgile) XCCSR650 V2 (ThinkSystem) XCCVX3520-G (ThinkAgile) XCCVX7820 (ThinkAgile) XCCHX7530 Appliance (ThinkAgile) XCCST250 (ThinkSystem) XCCSE450 (ThinkEdge) XCCSD650 V3 (ThinkSystem) XCCSD650 DWC Dual Node Tray (ThinkSystem) XCCP920 Rack Workstation (ThinkStation) XCCVX5520 (ThinkAgile) XCCSN550 (ThinkSystem) XCCSR645 V3 (ThinkSystem) XCCVX655 V3 Integrated System (ThinkAgile) XCCMX3330-H Hybrid Appliance (ThinkAgile) XCCHX3321 Certified Node (ThinkAgile) XCCHX5520 Appliance (ThinkAgile) XCCHX7531 Node SAP HANA (ThinkAgile) XCCVX645 V3 Integrated System (ThinkAgile) XCCHX5521-C Certified Node (ThinkAgile) XCCSR860 (ThinkSystem) XCCSE350 V2 (ThinkEdge) XCCVX665 V3 Certified Node (ThinkAgile) XCCSR665 (ThinkSystem) XCCVX655 V3 Certified Node (ThinkAgile) XCCST658 V3 (ThinkSystem) XCCHX1320 Appliance (ThinkAgile) XCCVX2320 (ThinkAgile) XCCMX3530 F All flash Appliance (ThinkAgile) XCCST258 (ThinkSystem) XCCSE350 (ThinkSystem) XCCST658 V2 (ThinkSystem) XCCSR530 (ThinkSystem) XCCHX7520 Appliance (ThinkAgile) XCCSD530 V3 (ThinkSystem) XCCVX3330 Appliance (ThinkAgile) XCCSR670 V2 (ThinkSystem) XCCSR860 V2 (ThinkSystem) XCCHX2720-E Appliance (ThinkAgile) XCCHX2330 Appliance (ThinkAgile) XCCMX Edge Appliance - MX1020 (ThinkAgile) XCCSD650 V2 (ThinkSystem) XCCSR850 V3 (ThinkSystem) XCCHX3375 Appliance (ThinkAgile) XCCST650 V2 (ThinkSystem) XCCST258 V3 (ThinkSystem) XCCSR670 (ThinkSystem) XCCHX1331 Certified Node (ThinkAgile) XCCVX2330 Appliance (ThinkAgile) XCCVX3720 (ThinkAgile) XCCSR158 (ThinkSystem) XCCHX3331 Certified Node (ThinkAgile) XCCSD530 (ThinkSystem) XCCMX3330-F All-flash Appliance (ThinkAgile) XCCHX1520-R Appliance (ThinkAgile) XCCSR950 V3 (ThinkSystem) XCCHX3320 Appliance (ThinkAgile) XCCSR550 (ThinkSystem) XCCSR950 (ThinkSystem) XCCSR635 V3 (ThinkSystem) XCCThinkAgile MX1021 on SE350 XCCSR250 (ThinkSystem) XCCVX665 V3 Integrated System (ThinkAgile) XCCHX2321 Certified Node (ThinkAgile) XCCHX3521-G Certified Node (ThinkAgile) XCCHX3520-G Appliance (ThinkAgile) XCCHX3720 Appliance (ThinkAgile) XCCHX3721 Certified Node (ThinkAgile) XCCVX 4U Certified Node (ThinkAgile) XCCSN550 V2 (ThinkSystem) XCCHX7521 Certified Node (ThinkAgile) XCCSR645 (ThinkSystem) XCCST650 V3 (ThinkSystem) XCCMX3331-H Hybrid Certified node (ThinkAgile) XCCMX3530-H Hybrid Appliance (ThinkAgile) XCCVX3331 Certified Node (ThinkAgile) XCCMX3531 H Hybrid Certified node (ThinkAgile) XCCSR590 (ThinkSystem) XCCHX2320-E Appliance (ThinkAgile) XCCVX1320 (ThinkAgile) XCCVX7530 Appliance (ThinkAgile) XCCMX3531-F All-flash Certified node (ThinkAgile) XCCVX7520 (ThinkAgile) XCCHX7821 Certified Node (ThinkAgile) XCCVX7520 N (ThinkAgile) XCCSR258 (ThinkSystem) XCCSR630 (ThinkSystem) XCCSD630 V2 (ThinkSystem) XCCthinkedge_se455_v3_firmwarethinkagile_hx3375_firmwarethinksystem_sr675_v3_firmwarethinksystem_sd630_v2_firmwarethinkagile_hx1320_firmwarethinksystem_sr630_v3_firmwarethinksystem_sd530_v3_firmwarethinkagile_hx7820_firmwarethinksystem_sr635_v3_firmwarethinkedge_se350_v2_firmwarethinkagile_hx1021_edge_certified_node_3yr_firmwarethinksystem_sr850_v3_firmwarethinksystem_sr950_v3_firmwarethinkedge_se450__firmwarethinkagile_hx7530_firmwarethinksystem_st250_v3_firmwarethinksystem_st650_v3_firmwarethinkagile_hx_enclosure_certified_node_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-8281
Matching Score-10
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-10
Assigner-Lenovo Group Ltd.
CVSS Score-7.2||HIGH
EPSS-1.44% / 79.89%
||
7 Day CHG~0.00%
Published-13 Sep, 2024 | 17:27
Updated-14 Sep, 2024 | 11:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection through specially crafted command line input in the XCC SSH captive shell.

Action-Not Available
Vendor-Lenovo Group Limited
Product-VX7531 Certified Node (ThinkAgile) XCCHX7820 Appliance (ThinkAgile) XCCSR250 V2 (ThinkSystem) XCCVX5530 Appliance (ThinkAgile) XCCHX2331 Certified Node (ThinkAgile) XCCSR650 (ThinkSystem) XCCVX3530-G Appliance (ThinkAgile) XCCHX5531 Certified Node (ThinkAgile) XCCHX5530 Appliance (ThinkAgile) XCCVX7320 N (ThinkAgile) XCCHX1321 Certified Node (ThinkAgile) XCCVX635 V3 Integrated System (ThinkAgile) XCCVX7330 Appliance (Thinkagile) XCCST250 V3 (ThinkSystem) XCCSR258 V2 (ThinkSystem) XCCSE455 V3 (ThinkEdge) XCCSR150 (ThinkSystem) XCCHX Enclosure Certified Node (ThinkAgile) XCCSR630 V3 (ThinkSystem) XCCSR665 V3 (ThinkSystem) XCCVX 1SE Certified Node (ThinkAgile) XCCSE360 V2 (ThinkEdge) XCCHX7530 Appl for SAP HANA (ThinkAgile) XCCSR250 V3 (ThinkSystem) XCCSD650-N V2 (ThinkSystem) XCCHX1521-R Certified Node (ThinkAgile) XCCSR650 V3 (ThinkSystem) XCCSR860 V3 (ThinkSystem) XCCVX3320 (ThinkAgile) XCCHX5520-C Appliance (ThinkAgile) XCCSN850 (ThinkSystem) XCCSR655 V3 (ThinkSystem) XCCSR850P (ThinkSystem) XCCSD665 V3 (ThinkSystem) XCCST550 (ThinkSystem) XCCHX5521 Certified Node (ThinkAgile) XCCST250 V2 (ThinkSystem) XCCSR570 (ThinkSystem) XCCHX3331 Node SAP HANA (ThinkAgile) XCCSR630 V2 (ThinkSystem) XCCHX3330 Appliance (ThinkAgile) XCCHX3376 Certified Node (ThinkAgile) XCCSD550 V3 (ThinkSystem) XCCSR850 V2 (ThinkSystem) XCCST258 V2 (ThinkSystem) XCCSR850 (ThinkSystem) XCCSR675 V3 (ThinkSystem) XCCMX3331-F All-flash Certified node (ThinkAgile) XCCHX7531 Certified Node (ThinkAgile) XCCVX 2U4N Certified Node (ThinkAgile) XCCVX645 V3 Certified Node (ThinkAgile) XCCSR258 V3 (ThinkSystem) XCCHX1021 Edge Certified Node 3yr (ThinkAgile) XCCSR650 V2 (ThinkSystem) XCCVX3520-G (ThinkAgile) XCCVX7820 (ThinkAgile) XCCHX7530 Appliance (ThinkAgile) XCCST250 (ThinkSystem) XCCSE450 (ThinkEdge) XCCSD650 V3 (ThinkSystem) XCCSD650 DWC Dual Node Tray (ThinkSystem) XCCP920 Rack Workstation (ThinkStation) XCCVX5520 (ThinkAgile) XCCSN550 (ThinkSystem) XCCSR645 V3 (ThinkSystem) XCCVX655 V3 Integrated System (ThinkAgile) XCCMX3330-H Hybrid Appliance (ThinkAgile) XCCHX3321 Certified Node (ThinkAgile) XCCHX5520 Appliance (ThinkAgile) XCCHX7531 Node SAP HANA (ThinkAgile) XCCVX645 V3 Integrated System (ThinkAgile) XCCHX5521-C Certified Node (ThinkAgile) XCCSR860 (ThinkSystem) XCCSE350 V2 (ThinkEdge) XCCVX665 V3 Certified Node (ThinkAgile) XCCSR665 (ThinkSystem) XCCVX655 V3 Certified Node (ThinkAgile) XCCST658 V3 (ThinkSystem) XCCHX1320 Appliance (ThinkAgile) XCCVX2320 (ThinkAgile) XCCMX3530 F All flash Appliance (ThinkAgile) XCCST258 (ThinkSystem) XCCSE350 (ThinkSystem) XCCST658 V2 (ThinkSystem) XCCSR530 (ThinkSystem) XCCHX7520 Appliance (ThinkAgile) XCCSD530 V3 (ThinkSystem) XCCVX3330 Appliance (ThinkAgile) XCCSR670 V2 (ThinkSystem) XCCSR860 V2 (ThinkSystem) XCCHX2720-E Appliance (ThinkAgile) XCCHX2330 Appliance (ThinkAgile) XCCMX Edge Appliance - MX1020 (ThinkAgile) XCCSD650 V2 (ThinkSystem) XCCSR850 V3 (ThinkSystem) XCCHX3375 Appliance (ThinkAgile) XCCST650 V2 (ThinkSystem) XCCST258 V3 (ThinkSystem) XCCSR670 (ThinkSystem) XCCHX1331 Certified Node (ThinkAgile) XCCVX2330 Appliance (ThinkAgile) XCCVX3720 (ThinkAgile) XCCSR158 (ThinkSystem) XCCHX3331 Certified Node (ThinkAgile) XCCSD530 (ThinkSystem) XCCMX3330-F All-flash Appliance (ThinkAgile) XCCHX1520-R Appliance (ThinkAgile) XCCSR950 V3 (ThinkSystem) XCCHX3320 Appliance (ThinkAgile) XCCSR550 (ThinkSystem) XCCSR950 (ThinkSystem) XCCSR635 V3 (ThinkSystem) XCCThinkAgile MX1021 on SE350 XCCSR250 (ThinkSystem) XCCVX665 V3 Integrated System (ThinkAgile) XCCHX2321 Certified Node (ThinkAgile) XCCHX3521-G Certified Node (ThinkAgile) XCCHX3520-G Appliance (ThinkAgile) XCCHX3720 Appliance (ThinkAgile) XCCHX3721 Certified Node (ThinkAgile) XCCVX 4U Certified Node (ThinkAgile) XCCSN550 V2 (ThinkSystem) XCCHX7521 Certified Node (ThinkAgile) XCCSR645 (ThinkSystem) XCCST650 V3 (ThinkSystem) XCCMX3331-H Hybrid Certified node (ThinkAgile) XCCMX3530-H Hybrid Appliance (ThinkAgile) XCCVX3331 Certified Node (ThinkAgile) XCCMX3531 H Hybrid Certified node (ThinkAgile) XCCSR590 (ThinkSystem) XCCHX2320-E Appliance (ThinkAgile) XCCVX1320 (ThinkAgile) XCCVX7530 Appliance (ThinkAgile) XCCMX3531-F All-flash Certified node (ThinkAgile) XCCVX7520 (ThinkAgile) XCCHX7821 Certified Node (ThinkAgile) XCCVX7520 N (ThinkAgile) XCCSR258 (ThinkSystem) XCCSR630 (ThinkSystem) XCCSD630 V2 (ThinkSystem) XCCthinkedge_se455_v3_firmwarethinkagile_hx3375_firmwarethinksystem_sr675_v3_firmwarethinksystem_sd630_v2_firmwarethinkagile_hx1320_firmwarethinksystem_sr630_v3_firmwarethinksystem_sd530_v3_firmwarethinkagile_hx7820_firmwarethinksystem_sr635_v3_firmwarethinkedge_se350_v2_firmwarethinkagile_hx1021_edge_certified_node_3yr_firmwarethinksystem_sr850_v3_firmwarethinksystem_sr950_v3_firmwarethinkedge_se450__firmwarethinkagile_hx7530_firmwarethinksystem_st250_v3_firmwarethinksystem_st650_v3_firmwarethinkagile_hx_enclosure_certified_node_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-4608
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-4.1||MEDIUM
EPSS-0.10% / 27.45%
||
7 Day CHG~0.00%
Published-24 Oct, 2023 | 20:25
Updated-11 Sep, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command.  This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkagile_vx7531thinksystem_sr670_firmwarethinkagile_mx3531_h_hybridthinkagile_hx3375_firmwarethinksystem_sr675_v3_firmwarethinkagile_hx5530thinksystem_sr850_v2_firmwarethinksystem_sr250_v2thinksystem_sr665_firmwarethinksystem_sd630_v2_firmwarethinkagile_hx2330_firmwarethinksystem_sd650_v2_firmwarethinksystem_sd665_v3_firmwarethinksystem_sr665_v3_firmwarethinkagile_mx3330-h_hybrid_firmwarethinksystem_sr850_v3_firmwarethinksystem_st250_v2_firmwarethinkagile_hx3330thinkagile_hx7530_firmwarethinkagile_hx2330thinksystem_sr645_v3_firmwarethinkagile_mx3331-f_all-flashthinkagile_vx7530_firmwarethinkagile_hx1331_firmwarethinksystem_sd650-n_v2_firmwarethinksystem_sn550_v2_firmwarethinksystem_sr860_v3_firmwarethinkagile_hx7530thinksystem_st658_v2thinkagile_mx3331-f_all-flash_firmwarethinksystem_sr850_v2thinkagile_mx3530_f_all_flashthinksystem_sr650_v2_firmwarethinksystem_sr665thinksystem_sr630_v2thinksystem_sr860_v2thinksystem_sr635_v3_firmwarethinksystem_st650_v2thinksystem_sr258_v2thinkagile_mx3531_h_hybrid_firmwarethinkagile_hx3375thinkagile_mx3530_f_all_flash_firmwarethinkagile_mx3530-h_hybridthinkagile_vx3330thinkagile_hx3331_firmwarethinkagile_mx3330-h_hybridthinkagile_hx5530_firmwarethinkagile_vx3331thinksystem_st258_v2thinksystem_sr645_v3thinkagile_hx3330_firmwarethinksystem_st658_v3_firmwarethinksystem_sd650-n_v2thinksystem_sr670_v2_firmwarethinksystem_sr630_v3_firmwarethinksystem_sr670_v2thinksystem_sd650_v2thinkagile_mx3331-h_hybridthinksystem_sr655_v3_firmwarethinksystem_sr650_v2thinkagile_vx7330thinkagile_hx1331thinkagile_hx3331thinksystem_sr250_firmwarethinkagile_mx3531-f_all-flash_firmwarethinkagile_mx3530-h_hybrid_firmwarethinkagile_vx7530thinksystem_sd630_v2thinkagile_mx3330-f_all-flashthinkagile_hx5531thinksystem_st250_v2thinksystem_sr860_v2_firmwarethinksystem_sr650_v3_firmwarethinkagile_mx3330-f_all-flash_firmwarethinkagile_hx2331thinkagile_vx5530thinkagile_hx7531_firmwarethinksystem_sn550_v2thinksystem_sr645thinksystem_sd650_v3_firmwarethinksystem_sr670thinksystem_sr258_v2_firmwarethinkagile_mx3531-f_all-flashthinkagile_vx3331_firmwarethinkagile_hx2331_firmwarethinkagile_vx2330_firmwarethinksystem_st650_v2_firmwarethinkagile_vx3530-g_firmwarethinksystem_st258_v2_firmwarethinksystem_sr630_v2_firmwarethinksystem_st650_v3_firmwarethinkagile_hx3376_firmwarethinkagile_hx3376thinkagile_hx5531_firmwarethinkagile_vx7531_firmwarethinkagile_vx2330thinkagile_vx7330_firmwarethinkagile_vx5530_firmwarethinkagile_mx3331-h_hybrid_firmwarethinkagile_vx3330_firmwarethinkagile_vx3530-gthinkagile_hx7531thinksystem_st658_v2_firmwarethinksystem_sr645_firmwareLenovo XClarity Controller (XCC)
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-34884
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.2||HIGH
EPSS-0.18% / 39.48%
||
7 Day CHG~0.00%
Published-30 Jan, 2023 | 21:32
Updated-27 Mar, 2025 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow exists in the Remote Presence subsystem which can potentially allow valid, authenticated users to cause a recoverable subsystem denial of service.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinksystem_sn550thinksystem_sr530_firmwarethinkagile_hx3375_firmwarethinksystem_sr570_firmwarethinksystem_sr158thinkagile_hx3721thinksystem_sd630_v2_firmwarethinksystem_sr665_firmwarethinkagile_hx3520-g_firmwarethinkagile_hx3521-g_firmwarethinkagile_mx3531_h_firmwarethinksystem_st250thinkagile_vx1320_firmwarethinksystem_sr850thinksystem_sr158_firmwarethinkagile_vx3320_firmwarethinkagile_vx7820thinksystem_sn850thinkagile_hx5520thinkagile_vx7530_firmwarethinkagile_vx3320thinkagile_vx5520_firmwarethinkagile_hx_enclosure_certified_node_firmwarethinksystem_st550_firmwarethinksystem_sr630thinksystem_sr950thinkagile_vx7320_nthinksystem_st658_v2thinkagile_hx1521-r_firmwarethinkagile_hx7820thinkagile_vx2320thinkagile_vx7520_nthinksystem_sd650_dwc_firmwarethinkagile_hx7520_firmwarethinkagile_vx_2u4nthinksystem_sr860_firmwarethinksystem_sr650_v2_firmwarethinkagile_hx5520-cthinksystem_sr630_v2thinksystem_sr860_v2thinkagile_hx7820_firmwarethinkagile_hx3720thinksystem_sd530thinksystem_sn850_firmwarethinkagile_vx_4u_firmwarethinksystem_st650_v2thinksystem_sr258_v2thinkagile_hx7521_firmwarethinkagile_hx1021thinkagile_hx3375thinkagile_vx2320_firmwarethinksystem_sr250_v2_firmwarethinkagile_vx3330thinkagile_mx3330-h_firmwarethinkagile_hx2720-e_firmwarethinksystem_st250_firmwarethinksystem_sr570thinksystem_sd650-n_v2thinkagile_vx7520thinkagile_hx3321_firmwarethinksystem_sr670_v2_firmwarethinksystem_sr670_v2thinkagile_vx_4uthinkagile_mx3331-f_firmwarethinkagile_hx2320-e_firmwarethinkagile_hx7521thinkagile_vx5520thinksystem_sr550thinkagile_mx3330-hthinkagile_vx7530thinkagile_vx3520-g_firmwarethinksystem_se350_firmwarethinkagile_mx3530-hthinksystem_st250_v2thinkagile_hx2321_firmwarethinkagile_hx2321thinkagile_hx3721_firmwarethinkagile_mx3330-f_firmwarethinksystem_sr860_v2_firmwarethinksystem_sr850p_firmwarethinksystem_st258thinkagile_hx1320thinkagile_hx1321_firmwarethinkagile_vx_1se_certified_nodethinksystem_sr850pthinkagile_hx1320_firmwarethinksystem_sn550_v2thinkstation_p920_firmwarethinksystem_sr258_v2_firmwarethinkagile_hx3320_firmwarethinkagile_hx3521-gthinkagile_mx3530_f_firmwarethinksystem_st650_v2_firmwarethinkagile_mx3330-fthinksystem_st258_v2_firmwarethinksystem_st258_firmwarethinkagile_hx3376_firmwarethinkagile_vx2330thinkagile_vx7330_firmwarethinkagile_vx7531_firmwarethinkagile_hx7821_firmwarethinksystem_sr850_firmwarethinkagile_vx3330_firmwarethinksystem_st550thinkagile_vx3520-gthinksystem_st658_v2_firmwarethinkagile_vx7531thinkagile_vx_2u4n_firmwarethinksystem_sr670_firmwarethinksystem_sr150thinkagile_vx3720thinksystem_sr850_v2_firmwarethinksystem_sr250_v2thinksystem_sd650_v2_firmwarethinkagile_mx1021_firmwarethinkagile_mx3530-h_firmwarethinkagile_hx1321thinksystem_st250_v2_firmwarethinkagile_hx7520thinkagile_mx3331-h_firmwarethinkagile_hx2720-ethinksystem_sr650_firmwarethinksystem_sd650-n_v2_firmwarethinksystem_sn550_v2_firmwarethinkagile_hx3321thinksystem_sr530thinksystem_sr250thinkagile_hx5520_firmwarethinksystem_sr850_v2thinksystem_se350thinkagile_mx1020_firmwarethinkagile_mx1020thinksystem_sr665thinksystem_sr150_firmwarethinkagile_hx3520-gthinkedge_se450_firmwarethinkagile_vx7320_n_firmwarethinksystem_sr860thinkagile_hx7821thinkagile_hx3720_firmwarethinkagile_hx5521_firmwarethinksystem_sr645_firmwarethinkedge_se450thinkagile_hx_enclosure_certified_nodethinkagile_hx1021_firmwarethinkagile_vx3331thinksystem_st258_v2thinkagile_vx7820_firmwarethinkagile_hx5520-c_firmwarethinksystem_sd530_firmwarethinkagile_mx3331-hthinkagile_hx5521-c_firmwarethinksystem_sd650_v2thinkstation_p920thinkagile_vx_1se_certified_node_firmwarethinksystem_sr650_v2thinkagile_vx7330thinksystem_sn550_firmwarethinkagile_hx5521-cthinksystem_sr250_firmwarethinksystem_sr258_firmwarethinksystem_sr590_firmwarethinkagile_mx3530_fthinkagile_hx1520-rthinksystem_sd630_v2thinksystem_sd650_dwcthinkagile_hx1521-rthinkagile_hx1520-r_firmwarethinkagile_hx3320thinkagile_vx3720_firmwarethinksystem_sr630_firmwarethinkagile_mx1021thinkagile_vx7520_n_firmwarethinksystem_sr550_firmwarethinkagile_hx2320-ethinkagile_vx5530thinkagile_mx3331-fthinkagile_vx1320thinksystem_sr645thinksystem_sr670thinksystem_sr590thinkagile_vx3331_firmwarethinkagile_vx7520_firmwarethinksystem_sr950_firmwarethinkagile_vx2330_firmwarethinkagile_vx3530-g_firmwarethinksystem_sr630_v2_firmwarethinkagile_hx3376thinkagile_mx3531_hthinkagile_vx5530_firmwarethinkagile_vx3530-gthinksystem_sr650thinksystem_sr258thinkagile_hx5521thinkagile_mx3531-fthinkagile_mx3531-f_firmwareLenovo XClarity Controller
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-38509
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.2||HIGH
EPSS-0.57% / 67.58%
||
7 Day CHG~0.00%
Published-26 Jul, 2024 | 19:45
Updated-02 Aug, 2024 | 04:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to execute arbitrary code via a specially crafted IPMI command.

Action-Not Available
Vendor-Lenovo Group Limited
Product-XClarity Controllerthinksystem_sr670_firmwarethinksystem_sr530_firmwarethinkagile_hx3375_firmwarethinksystem_sr570_firmwarethinksystem_sr675_v3_firmwarethinksystem_sr850_v2_firmwarethinksystem_sr665_firmwarethinksystem_sd630_v2_firmwarethinkagile_hx2330_firmwarethinksystem_sd665_v3_firmwarethinksystem_sr665_v3_firmwarethinkagile_hx3520-g_firmwarethinkagile_hx3521-g_firmwarethinkagile_mx3530-h_firmwarethinksystem_sr850_v3_firmwarethinksystem_st250_v2_firmwarethinkagile_vx1320_firmwarethinksystem_sr158_firmwarethinkagile_vx3320_firmwarethinkagile_mx3331-h_firmwarethinkagile_hx7530_firmwarethinksystem_sr645_v3_firmwarethinkagile_mx3531-f_firmwarethinkagile_vx7530_firmwarethinkagile_hx1331_firmwarethinksystem_sr650_firmwarethinksystem_sd650-n_v2_firmwarethinksystem_sn550_v2_firmwarethinksystem_sr860_v3_firmwarethinkagile_vx5520_firmwarethinkagile_hx_enclosure_certified_node_firmwarethinksystem_st550_firmwarethinkagile_hx1521-r_firmwarethinkagile_mx1020_firmwarethinkagile_hx7520_firmwarethinksystem_sr860_firmwarethinksystem_sr650_v2_firmwarethinksystem_sr150_firmwarethinkagile_hx7820_firmwarethinkagile_vx7320_n_firmwarethinksystem_sn850_firmwarethinkagile_hx1021_edg_firmwarethinkstation_p920_workstation_firmwarethinkagile_hx3720_firmwarethinkagile_hx7521_firmwarethinkagile_vx2320_firmwarethinksystem_sr250_v2_firmwarethinkagile_mx3330-h_firmwarethinkagile_hx2720-e_firmwarethinksystem_st250_firmwarethinksystem_sd650_dual_node_tray_firmwarethinkagile_hx5530_firmwarethinkagile_vx7820_firmwarethinkagile_hx5520-c_firmwarethinkagile_hx3330_firmwarethinksystem_sd530_firmwarethinksystem_st658_v3_firmwarethinksystem_sr670_v2_firmwarethinkagile_hx3321_firmwarethinksystem_sr630_v3_firmwarethinkagile_hx5521-c_firmwarethinkagile_mx3331-f_firmwarethinksystem_sr655_v3_firmwarethinkagile_hx2320-e_firmwarethinksystem_sn550_firmwarethinkagile_hx3331thinksystem_sr250_firmwarethinksystem_sr258_firmwarethinkagile_vx3520-g_firmwarethinksystem_se350_firmwarethinkagile_vx3720_firmwarethinkagile_hx1520-r_firmwarethinksystem_sr630_firmwarethinkagile_hx2321_firmwarethinkagile_vx7520_n_firmwarethinkagile_hx3721_firmwarethinksystem_sr860_v2_firmwarethinkagile_mx3330-f_firmwarethinksystem_sr550_firmwarethinksystem_sr850p_firmwarethinksystem_sr635_firmwarethinkagile_hx1321_firmwarethinkagile_hx1320_firmwarethinkagile_hx7531_firmwarethinksystem_sd650_v3_firmwarethinksystem_sr258_v2_firmwarethinkagile_vx3331_firmwarethinkagile_hx3320_firmwarethinkagile_vx7520_firmwarethinksystem_sr950_firmwarethinkagile_hx2331_firmwarethinkagile_vx2330_firmwarethinkagile_mx3530_f_firmwarethinksystem_st650_v2_firmwarethinksystem_st258_v2_firmwarethinkagile_vx3530-g_firmwarethinksystem_sr630_v2_firmwarethinksystem_st258_firmwarethinksystem_st650_v3_firmwarethinkagile_hx3376_firmwarethinkagile_hx5531_firmwarethinkagile_vx7330_firmwarethinkagile_vx7531_firmwarethinksystem_sr850_firmwarethinkagile_hx7821_firmwarethinkagile_vx5530_firmwarethinkagile_vx3330_firmwarethinksystem_sr590_firmwarethinksystem_st658_v2_firmwarethinksystem_sr645_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2017-3761
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-9.8||CRITICAL
EPSS-4.52% / 88.71%
||
7 Day CHG~0.00%
Published-17 Oct, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Lenovo Service Framework Android application executes some system commands without proper sanitization of external input. In certain cases, this could lead to command injection which, in turn, could lead to remote code execution.

Action-Not Available
Vendor-Lenovo Group Limited
Product-service_frameworkService Framework application
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-4856
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-8.8||HIGH
EPSS-0.29% / 51.75%
||
7 Day CHG~0.00%
Published-15 Apr, 2024 | 17:59
Updated-02 Aug, 2024 | 07:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A format string vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user to execute arbitrary commands on a specific API endpoint.

Action-Not Available
Vendor-Lenovo Group Limited
Product-SMM, SMM2, FPCsystem_management_module_firmwarefan_power_controller
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-42852
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-8||HIGH
EPSS-0.06% / 18.11%
||
7 Day CHG~0.00%
Published-18 May, 2022 | 16:10
Updated-04 Aug, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A command injection vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an authenticated user to execute operating system commands by sending a crafted packet to the device.

Action-Not Available
Vendor-Lenovo Group Limited
Product-t2prot1_firmwaret2pro_firmwaret1x1x1_firmwaret2_firmwaret2a1_firmwarea1Personal Cloud Storage X1Personal Cloud Storage T1Personal Cloud Storage A1Personal Cloud Storage T2Personal Cloud Storage T2Pro
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-9075
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-8.1||HIGH
EPSS-26.45% / 96.12%
||
7 Day CHG~0.00%
Published-28 Sep, 2018 | 20:00
Updated-05 Aug, 2024 | 07:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Iomega and LenovoEMC NAS Web UI Vulnerabilities

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when joining a PersonalCloud setup, an attacker can craft a command injection payload using backtick "``" characters in the client:password parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter.

Action-Not Available
Vendor-Lenovo Group Limited
Product-iomega_storcenter_px12-400rlenovoemc_px4-300riomega_storcenter_px2-300dlenovo_ez_media_\&_backup_centeriomega_storcenter_ix2iomega_storcenter_px6-300diomega_storcenter_ix4-300diomega_storcenter_px4-300dlenovo_ix4-300diomega_storcenter_ix2-dllenovoemc_px4-400rlenovoemc_px2-300dlenovoemc_px12-450riomega_storcenter_px4-300rlenovoemc_px6-300diomega_ez_media_\&_backup_centerlenovoemc_firmwarelenovoemc_px4-400diomega_storcenter_px12-450rlenovo_ix2lenovoemc_px12-400rlenovoemc_px4-300dLenovoEMCEZ Media and Backup CenterIomega StorCenter
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-9076
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-8.1||HIGH
EPSS-1.87% / 82.34%
||
7 Day CHG~0.00%
Published-28 Sep, 2018 | 20:00
Updated-05 Aug, 2024 | 07:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Iomega and LenovoEMC NAS Web UI Vulnerabilities

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "``" characters in the name parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter.

Action-Not Available
Vendor-Lenovo Group Limited
Product-iomega_storcenter_px12-400rlenovoemc_px4-300riomega_storcenter_px2-300dlenovo_ez_media_\&_backup_centeriomega_storcenter_ix2iomega_storcenter_px6-300diomega_storcenter_ix4-300diomega_storcenter_px4-300dlenovo_ix4-300diomega_storcenter_ix2-dllenovoemc_px4-400rlenovoemc_px2-300dlenovoemc_px12-450riomega_storcenter_px4-300rlenovoemc_px6-300diomega_ez_media_\&_backup_centerlenovoemc_firmwarelenovoemc_px4-400diomega_storcenter_px12-450rlenovo_ix2lenovoemc_px12-400rlenovoemc_px4-300dLenovoEMCEZ Media and Backup CenterIomega StorCenter
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-9077
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-8.1||HIGH
EPSS-1.87% / 82.34%
||
7 Day CHG~0.00%
Published-28 Sep, 2018 | 20:00
Updated-05 Aug, 2024 | 07:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Iomega and LenovoEMC NAS Web UI Vulnerabilities

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "``" characters in the share : name parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter.

Action-Not Available
Vendor-Lenovo Group Limited
Product-iomega_storcenter_px12-400rlenovoemc_px4-300riomega_storcenter_px2-300dlenovo_ez_media_\&_backup_centeriomega_storcenter_ix2iomega_storcenter_px6-300diomega_storcenter_ix4-300diomega_storcenter_px4-300dlenovo_ix4-300diomega_storcenter_ix2-dllenovoemc_px4-400rlenovoemc_px2-300dlenovoemc_px12-450riomega_storcenter_px4-300rlenovoemc_px6-300diomega_ez_media_\&_backup_centerlenovoemc_firmwarelenovoemc_px4-400diomega_storcenter_px12-450rlenovo_ix2lenovoemc_px12-400rlenovoemc_px4-300dLenovoEMCEZ Media and Backup CenterIomega StorCenter
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-16090
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-7.5||HIGH
EPSS-0.74% / 72.08%
||
7 Day CHG+0.17%
Published-27 Nov, 2018 | 14:00
Updated-05 Aug, 2024 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
System Management Module Vulnerabilities

In System Management Module (SMM) versions prior to 1.06, the SMM certificate creation and parsing logic is vulnerable to post-authentication command injection.

Action-Not Available
Vendor-Lenovo Group Limited
Product-system_management_module_firmwarethinksystem_modular_enclosure_7x22thinkagile_hx_enclosure_7y87thinkagile_vx_enclosure_7y11thinkagile_hx_enclosure_7x81thinkagile_vx_enclosure_7y91thinkagile_hx_enclosure_7z02thinksystem_d2_enclosure_7x20ThinkSystem SMM
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-16089
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-7.5||HIGH
EPSS-0.82% / 73.42%
||
7 Day CHG+0.19%
Published-27 Nov, 2018 | 14:00
Updated-05 Aug, 2024 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
System Management Module Vulnerabilities

In System Management Module (SMM) versions prior to 1.06, a field in the header of SMM firmware update images is insufficiently sanitized, allowing post-authentication command injection on the SMM as the root user.

Action-Not Available
Vendor-Lenovo Group Limited
Product-system_management_module_firmwarethinksystem_modular_enclosure_7x22thinkagile_hx_enclosure_7y87thinkagile_vx_enclosure_7y11thinkagile_hx_enclosure_7x81thinkagile_vx_enclosure_7y91thinkagile_hx_enclosure_7z02thinksystem_d2_enclosure_7x20ThinkSystem SMM
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-9086
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-7.2||HIGH
EPSS-2.09% / 83.31%
||
7 Day CHG~0.00%
Published-16 Nov, 2018 | 14:00
Updated-05 Aug, 2024 | 07:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Legacy Server BMC Remote Command Injection

In some Lenovo ThinkServer-branded servers, a command injection vulnerability exists in the BMC firmware download command. This allows a privileged user to download and execute arbitrary code inside the BMC. This can only be exploited by authorized privileged users.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkserver_rd340thinkserver_rd640_firmwarethinkserver_rd440thinkserver_td340_firmwarethinkserver_rd640thinkserver_rd340_firmwarethinkserver_rd440_firmwarethinkserver_td340ThinkServer BMC
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-1513
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-7.3||HIGH
EPSS-1.10% / 77.11%
||
7 Day CHG-0.03%
Published-23 Aug, 2022 | 17:25
Updated-03 Aug, 2024 | 00:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability was reported in Lenovo PCManager prior to version 5.0.10.4191 that may allow code execution when visiting a specially crafted website.

Action-Not Available
Vendor-Lenovo Group Limited
Product-pcmanagerPCManager
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-4696
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-7.5||HIGH
EPSS-0.16% / 37.81%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 20:01
Updated-01 Aug, 2024 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation vulnerability was reported in Lenovo Service Bridge prior to version 5.0.2.17 that could allow operating system commands to be executed if a specially crafted link is visited.

Action-Not Available
Vendor-Lenovo Group Limited
Product-Service Bridgeservice_bridge
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-54024
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-7||HIGH
EPSS-0.14% / 34.60%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 14:02
Updated-23 Jul, 2025 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiIsolator before version 2.4.6 allows a privileged attacker with super-admin profile and CLI access to execute unauthorized code via specifically crafted HTTP requests.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiisolatorFortiIsolator
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-5340
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.42% / 60.91%
||
7 Day CHG-0.07%
Published-25 May, 2024 | 21:31
Updated-21 Aug, 2025 | 18:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ruijie RG-UAC sub_commit.php os command injection

A vulnerability was found in Ruijie RG-UAC up to 20240516. It has been rated as critical. Affected by this issue is some unknown functionality of the file /view/vpn/autovpn/sub_commit.php. The manipulation of the argument key leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-266246 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Ruijie Networks Co., Ltd.
Product-rg-uac_6000-x100_firmwarerg-uac_6000-e50mrg-uac_6000-sirg-uac_6000-ei_firmwarerg-uac_6000-isg02_firmwarerg-uac_6000-e10crg-uac_6000-x300d_firmwarerg-uac_6000-e50_firmwarerg-uac_6000-x20m_firmwarerg-uac_6000-isg40rg-uac_6000-cc_firmwarerg-uac_6000-x20mrg-uac_6000-xs_firmwarerg-uac_6000-isg10rg-uac_6000-xsrg-uac_6000-earg-uac_6000-e50rg-uac_6000-x100srg-uac_6000-x60rg-uac_6000-u3210_firmwarerg-uac_6000-x60_firmwarerg-uac_6000-isg40_firmwarerg-uac_6000-isg02rg-uac_6000-x100s_firmwarerg-uac_6000-ea_firmwarerg-uac_6000-e10c_firmwarerg-uac_6000-u3210rg-uac_6000-x200rg-uac_6000-isg200rg-uac_6000-e50c_firmwarerg-uac_6000-e50crg-uac_6000-x20me_firmwarerg-uac_6000-e50m_firmwarerg-uac_6000-si_firmwarerg-uac_6000-u3100rg-uac_6000-e20mrg-uac_6000-u3100_firmwarerg-uac_6000-x20merg-uac_6000-e20m_firmwarerg-uac_6000-isg200_firmwarerg-uac_6000-e20_firmwarerg-uac_6000-x200_firmwarerg-uac_6000-e20rg-uac_6000-x100rg-uac_6000-e20crg-uac_6000-x300drg-uac_6000-x20rg-uac_6000-e10_firmwarerg-uac_6000-isg10_firmwarerg-uac_6000-x20_firmwarerg-uac_6000-ccrg-uac_6000-e10rg-uac_6000-e20c_firmwarerg-uac_6000-eiRG-UACrg-uac
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-5337
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.09% / 27.07%
||
7 Day CHG-0.01%
Published-25 May, 2024 | 15:00
Updated-21 Aug, 2025 | 18:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ruijie RG-UAC user_commit.php os command injection

A vulnerability was found in Ruijie RG-UAC up to 20240516 and classified as critical. This issue affects some unknown processing of the file /view/systemConfig/sys_user/user_commit.php. The manipulation of the argument email2/user_name leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-266243. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Ruijie Networks Co., Ltd.
Product-rg-uac_6000-x100_firmwarerg-uac_6000-e50mrg-uac_6000-sirg-uac_6000-ei_firmwarerg-uac_6000-isg02_firmwarerg-uac_6000-e10crg-uac_6000-x300d_firmwarerg-uac_6000-e50_firmwarerg-uac_6000-x20m_firmwarerg-uac_6000-e10rg-uac_6000-isg40rg-uac_6000-cc_firmwarerg-uac_6000-x20mrg-uac_6000-xs_firmwarerg-uac_6000-isg10rg-uac_6000-xsrg-uac_6000-earg-uac_6000-e50rg-uac_6000-x100srg-uac_6000-x60rg-uac_6000-u3210_firmwarerg-uac_6000-x60_firmwarerg-uac_6000-isg40_firmwarerg-uac_6000-e10c_firmwarerg-uac_6000-isg02rg-uac_6000-ea_firmwarerg-uac_6000-x100s_firmwarerg-uac_6000-u3210rg-uac_6000-x200rg-uac_6000-isg200rg-uac_6000-e50c_firmwarerg-uac_6000-e50crg-uac_6000-x20me_firmwarerg-uac_6000-e50m_firmwarerg-uac_6000-si_firmwarerg-uac_6000-u3100rg-uac_6000-e20mrg-uac_6000-u3100_firmwarerg-uac_6000-x20merg-uac_6000-e20m_firmwarerg-uac_6000-isg200_firmwarerg-uac_6000-x200_firmwarerg-uac_6000-e20rg-uac_6000-x100rg-uac_6000-e10_firmwarerg-uac_6000-e20crg-uac_6000-x20rg-uac_6000-x300drg-uac_6000-isg10_firmwarerg-uac_6000-x20_firmwarerg-uac_6000-ccrg-uac_6000-e20_firmwarerg-uac_6000-e20c_firmwarerg-uac_6000-eiRG-UACrg-uac
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-5399
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-7.2||HIGH
EPSS-0.51% / 65.30%
||
7 Day CHG~0.00%
Published-27 May, 2024 | 03:32
Updated-01 Aug, 2024 | 21:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Openfind Mail2000 - OS Command Injection

Openfind Mail2000 does not properly filter parameters of specific API. Remote attackers with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the remote server.

Action-Not Available
Vendor-Openfind
Product-Mail2000 V7.0Mail2000 V8.0
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-54008
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-0.68% / 70.64%
||
7 Day CHG+0.03%
Published-10 Dec, 2024 | 18:23
Updated-11 Dec, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Remote Code Execution (RCE) in HPE Aruba Networking AirWave Management Platform

An authenticated Remote Code Execution (RCE) vulnerability exists in the AirWave CLI. Successful exploitation of this vulnerability could allow a remote authenticated threat actor to run arbitrary commands as a privileged user on the underlying host.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)
Product-HPE Aruba Networking AirWave Management Platform
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-5338
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.27% / 49.74%
||
7 Day CHG-0.04%
Published-25 May, 2024 | 15:31
Updated-21 Aug, 2025 | 18:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ruijie RG-UAC online.php os command injection

A vulnerability was found in Ruijie RG-UAC up to 20240516. It has been classified as critical. Affected is an unknown function of the file /view/vpn/autovpn/online.php. The manipulation of the argument peernode leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-266244. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Ruijie Networks Co., Ltd.
Product-rg-uac_6000-x100_firmwarerg-uac_6000-e50mrg-uac_6000-sirg-uac_6000-ei_firmwarerg-uac_6000-isg02_firmwarerg-uac_6000-e10crg-uac_6000-x300d_firmwarerg-uac_6000-e50_firmwarerg-uac_6000-x20m_firmwarerg-uac_6000-e10rg-uac_6000-isg40rg-uac_6000-cc_firmwarerg-uac_6000-x20mrg-uac_6000-xs_firmwarerg-uac_6000-isg10rg-uac_6000-xsrg-uac_6000-earg-uac_6000-e50rg-uac_6000-x100srg-uac_6000-x60rg-uac_6000-u3210_firmwarerg-uac_6000-x60_firmwarerg-uac_6000-isg40_firmwarerg-uac_6000-e10c_firmwarerg-uac_6000-isg02rg-uac_6000-ea_firmwarerg-uac_6000-x100s_firmwarerg-uac_6000-u3210rg-uac_6000-x200rg-uac_6000-isg200rg-uac_6000-e50c_firmwarerg-uac_6000-e50crg-uac_6000-x20me_firmwarerg-uac_6000-e50m_firmwarerg-uac_6000-si_firmwarerg-uac_6000-u3100rg-uac_6000-e20mrg-uac_6000-u3100_firmwarerg-uac_6000-x20merg-uac_6000-e20m_firmwarerg-uac_6000-isg200_firmwarerg-uac_6000-x200_firmwarerg-uac_6000-e20rg-uac_6000-x100rg-uac_6000-e10_firmwarerg-uac_6000-e20crg-uac_6000-x20rg-uac_6000-x300drg-uac_6000-isg10_firmwarerg-uac_6000-x20_firmwarerg-uac_6000-ccrg-uac_6000-e20_firmwarerg-uac_6000-e20c_firmwarerg-uac_6000-eiRG-UACrg-uac
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-51661
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.1||CRITICAL
EPSS-3.40% / 86.95%
||
7 Day CHG+0.28%
Published-04 Nov, 2024 | 11:06
Updated-08 Nov, 2024 | 15:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Media Library Assistant plugin <= 3.19 - Remote Code Execution (RCE) vulnerability

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in David Lingren Media Library Assistant allows Command Injection.This issue affects Media Library Assistant: from n/a through 3.19.

Action-Not Available
Vendor-davidlingrenDavid Lingrendavidlingren
Product-media_library_assistantMedia Library Assistantmedia_library_assistant
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-47209
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.78% / 72.75%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 16:20
Updated-09 May, 2025 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A post authentication command injection vulnerability exists in the ipsec policy functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-TP-Link Systems Inc.
Product-er7206_firmwareer7206ER7206 Omada Gigabit VPN Router
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-44080
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-8.27% / 91.88%
||
7 Day CHG~0.00%
Published-01 Jun, 2022 | 00:45
Updated-04 Aug, 2024 | 04:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Command Injection vulnerability in httpd web server (setup.cgi) in SerComm h500s, FW: lowi-h500s-v3.4.22 allows logged in administrators to arbitrary OS commands as root in the device via the connection_type parameter of the statussupport_diagnostic_tracing.json endpoint.

Action-Not Available
Vendor-sercommn/a
Product-h500sh500s_firmwaren/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-0557
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-8.1||HIGH
EPSS-12.55% / 93.69%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 08:45
Updated-02 Aug, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OS Command Injection in microweber/microweber

OS Command Injection in Packagist microweber/microweber prior to 1.2.11.

Action-Not Available
Vendor-Microweber (‘Microweber Academy’ Foundation)
Product-microwebermicroweber/microweber
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-47908
Matching Score-4
Assigner-Ivanti
ShareView Details
Matching Score-4
Assigner-Ivanti
CVSS Score-9.1||CRITICAL
EPSS-7.26% / 91.26%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 15:18
Updated-20 Feb, 2025 | 15:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OS command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

Action-Not Available
Vendor-Ivanti Software
Product-cloud_services_applianceCloud Services Application
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2017-2873
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-7.07% / 91.14%
||
7 Day CHG~0.00%
Published-19 Sep, 2018 | 18:00
Updated-16 Sep, 2024 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during the SoftAP configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability.

Action-Not Available
Vendor-foscamFoscam
Product-c1_firmwarec1Foscam C1 Indoor HD Camera
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-42081
Matching Score-4
Assigner-Dutch Institute for Vulnerability Disclosure (DIVD)
ShareView Details
Matching Score-4
Assigner-Dutch Institute for Vulnerability Disclosure (DIVD)
CVSS Score-9.1||CRITICAL
EPSS-0.09% / 26.20%
||
7 Day CHG~0.00%
Published-10 Jul, 2023 | 06:29
Updated-11 Mar, 2025 | 13:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Remote Command Execution vulnerability in OSNEXUS QuantaStor before 6.0.0.355

An authenticated administrator is allowed to remotely execute arbitrary shell commands via the API.

Action-Not Available
Vendor-osnexusOSNEXUS
Product-quantastorQuantaStor
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-4503
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.7||MEDIUM
EPSS-0.33% / 55.57%
||
7 Day CHG+0.01%
Published-05 May, 2024 | 22:00
Updated-21 Aug, 2025 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ruijie RG-UAC dhcp_relay_commit.php os command injection

A vulnerability classified as critical was found in Ruijie RG-UAC up to 20240428. Affected by this vulnerability is an unknown functionality of the file /view/dhcp/dhcpConfig/dhcp_relay_commit.php. The manipulation of the argument interface_from leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263107. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Ruijie Networks Co., Ltd.
Product-rg-uac_6000-x100_firmwarerg-uac_6000-e50mrg-uac_6000-sirg-uac_6000-ei_firmwarerg-uac_6000-isg02_firmwarerg-uac_6000-e10crg-uac_6000-x300d_firmwarerg-uac_6000-e50_firmwarerg-uac_6000-x20m_firmwarerg-uac_6000-e10rg-uac_6000-isg40rg-uac_6000-cc_firmwarerg-uac_6000-x20mrg-uac_6000-xs_firmwarerg-uac_6000-isg10rg-uac_6000-xsrg-uac_6000-earg-uac_6000-e50rg-uac_6000-x100srg-uac_6000-x60rg-uac_6000-u3210_firmwarerg-uac_6000-x60_firmwarerg-uac_6000-isg40_firmwarerg-uac_6000-e10c_firmwarerg-uac_6000-isg02rg-uac_6000-ea_firmwarerg-uac_6000-x100s_firmwarerg-uac_6000-u3210rg-uac_6000-x200rg-uac_6000-isg200rg-uac_6000-e50c_firmwarerg-uac_6000-e50crg-uac_6000-x20me_firmwarerg-uac_6000-e50m_firmwarerg-uac_6000-si_firmwarerg-uac_6000-u3100rg-uac_6000-e20mrg-uac_6000-u3100_firmwarerg-uac_6000-x20merg-uac_6000-e20m_firmwarerg-uac_6000-isg200_firmwarerg-uac_6000-x200_firmwarerg-uac_6000-e20rg-uac_6000-x100rg-uac_6000-e10_firmwarerg-uac_6000-e20crg-uac_6000-x20rg-uac_6000-x300drg-uac_6000-isg10_firmwarerg-uac_6000-x20_firmwarerg-uac_6000-ccrg-uac_6000-e20_firmwarerg-uac_6000-e20c_firmwarerg-uac_6000-eiRG-UACrg-uac
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-4501
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.7||MEDIUM
EPSS-0.33% / 55.57%
||
7 Day CHG+0.01%
Published-05 May, 2024 | 19:31
Updated-21 Aug, 2025 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ruijie RG-UAC commit.php os command injection

A vulnerability was found in Ruijie RG-UAC up to 20240428. It has been rated as critical. This issue affects some unknown processing of the file /view/bugSolve/captureData/commit.php. The manipulation of the argument tcpDump leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263105 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Ruijie Networks Co., Ltd.
Product-rg-uac_6000-x100_firmwarerg-uac_6000-e50mrg-uac_6000-sirg-uac_6000-ei_firmwarerg-uac_6000-isg02_firmwarerg-uac_6000-e10crg-uac_6000-x300d_firmwarerg-uac_6000-e50_firmwarerg-uac_6000-x20m_firmwarerg-uac_6000-e10rg-uac_6000-isg40rg-uac_6000-cc_firmwarerg-uac_6000-x20mrg-uac_6000-xs_firmwarerg-uac_6000-isg10rg-uac_6000-xsrg-uac_6000-earg-uac_6000-e50rg-uac_6000-x100srg-uac_6000-x60rg-uac_6000-u3210_firmwarerg-uac_6000-x60_firmwarerg-uac_6000-isg40_firmwarerg-uac_6000-e10c_firmwarerg-uac_6000-isg02rg-uac_6000-ea_firmwarerg-uac_6000-x100s_firmwarerg-uac_6000-u3210rg-uac_6000-x200rg-uac_6000-isg200rg-uac_6000-e50c_firmwarerg-uac_6000-e50crg-uac_6000-x20me_firmwarerg-uac_6000-e50m_firmwarerg-uac_6000-si_firmwarerg-uac_6000-u3100rg-uac_6000-e20mrg-uac_6000-u3100_firmwarerg-uac_6000-x20merg-uac_6000-e20m_firmwarerg-uac_6000-isg200_firmwarerg-uac_6000-x200_firmwarerg-uac_6000-e20rg-uac_6000-x100rg-uac_6000-e10_firmwarerg-uac_6000-e20crg-uac_6000-x20rg-uac_6000-x300drg-uac_6000-isg10_firmwarerg-uac_6000-x20_firmwarerg-uac_6000-ccrg-uac_6000-e20_firmwarerg-uac_6000-e20c_firmwarerg-uac_6000-eiRG-UACrg-uac
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-4508
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.7||MEDIUM
EPSS-0.36% / 57.15%
||
7 Day CHG+0.01%
Published-06 May, 2024 | 00:00
Updated-21 Aug, 2025 | 18:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ruijie RG-UAC static_route_edit_ipv6.php os command injection

A vulnerability was found in Ruijie RG-UAC up to 20240428. It has been classified as critical. Affected is an unknown function of the file /view/IPV6/ipv6StaticRoute/static_route_edit_ipv6.php. The manipulation of the argument oldipmask/oldgateway/olddevname leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263112. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Ruijie Networks Co., Ltd.
Product-rg-uac_6000-x100_firmwarerg-uac_6000-e50mrg-uac_6000-sirg-uac_6000-ei_firmwarerg-uac_6000-isg02_firmwarerg-uac_6000-e10crg-uac_6000-x300d_firmwarerg-uac_6000-e50_firmwarerg-uac_6000-x20m_firmwarerg-uac_6000-e10rg-uac_6000-isg40rg-uac_6000-cc_firmwarerg-uac_6000-x20mrg-uac_6000-xs_firmwarerg-uac_6000-isg10rg-uac_6000-xsrg-uac_6000-earg-uac_6000-e50rg-uac_6000-x100srg-uac_6000-x60rg-uac_6000-u3210_firmwarerg-uac_6000-x60_firmwarerg-uac_6000-isg40_firmwarerg-uac_6000-e10c_firmwarerg-uac_6000-isg02rg-uac_6000-ea_firmwarerg-uac_6000-x100s_firmwarerg-uac_6000-u3210rg-uac_6000-x200rg-uac_6000-isg200rg-uac_6000-e50c_firmwarerg-uac_6000-e50crg-uac_6000-x20me_firmwarerg-uac_6000-e50m_firmwarerg-uac_6000-si_firmwarerg-uac_6000-u3100rg-uac_6000-e20mrg-uac_6000-u3100_firmwarerg-uac_6000-x20merg-uac_6000-e20m_firmwarerg-uac_6000-isg200_firmwarerg-uac_6000-x200_firmwarerg-uac_6000-e20rg-uac_6000-x100rg-uac_6000-e10_firmwarerg-uac_6000-e20crg-uac_6000-x20rg-uac_6000-x300drg-uac_6000-isg10_firmwarerg-uac_6000-x20_firmwarerg-uac_6000-ccrg-uac_6000-e20_firmwarerg-uac_6000-e20c_firmwarerg-uac_6000-eiRG-UAC
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-5156
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-2.85% / 85.71%
||
7 Day CHG~0.00%
Published-10 Mar, 2020 | 23:14
Updated-04 Aug, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable command injection vulnerability exists in the cloud connectivity functionality of WAGO PFC200 versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). An attacker can inject operating system commands into the TimeoutPrepared parameter value contained in the firmware update command.

Action-Not Available
Vendor-wagoWago
Product-pfc200pfc200_firmwareWAGO PFC200 Firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-4507
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.7||MEDIUM
EPSS-0.14% / 35.36%
||
7 Day CHG+0.05%
Published-05 May, 2024 | 23:31
Updated-21 Aug, 2025 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ruijie RG-UAC static_route_add_ipv6.php os command injection

A vulnerability was found in Ruijie RG-UAC up to 20240428 and classified as critical. This issue affects some unknown processing of the file /view/IPV6/ipv6StaticRoute/static_route_add_ipv6.php. The manipulation of the argument text_prefixlen/text_gateway/devname leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263111. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Ruijie Networks Co., Ltd.
Product-rg-uac_6000-x100_firmwarerg-uac_6000-e50mrg-uac_6000-sirg-uac_6000-ei_firmwarerg-uac_6000-isg02_firmwarerg-uac_6000-e10crg-uac_6000-x300d_firmwarerg-uac_6000-e50_firmwarerg-uac_6000-x20m_firmwarerg-uac_6000-e10rg-uac_6000-isg40rg-uac_6000-cc_firmwarerg-uac_6000-x20mrg-uac_6000-xs_firmwarerg-uac_6000-isg10rg-uac_6000-xsrg-uac_6000-earg-uac_6000-e50rg-uac_6000-x100srg-uac_6000-x60rg-uac_6000-u3210_firmwarerg-uac_6000-x60_firmwarerg-uac_6000-isg40_firmwarerg-uac_6000-e10c_firmwarerg-uac_6000-isg02rg-uac_6000-ea_firmwarerg-uac_6000-x100s_firmwarerg-uac_6000-u3210rg-uac_6000-x200rg-uac_6000-isg200rg-uac_6000-e50c_firmwarerg-uac_6000-e50crg-uac_6000-x20me_firmwarerg-uac_6000-e50m_firmwarerg-uac_6000-si_firmwarerg-uac_6000-u3100rg-uac_6000-e20mrg-uac_6000-u3100_firmwarerg-uac_6000-x20merg-uac_6000-e20m_firmwarerg-uac_6000-isg200_firmwarerg-uac_6000-x200_firmwarerg-uac_6000-e20rg-uac_6000-x100rg-uac_6000-e10_firmwarerg-uac_6000-e20crg-uac_6000-x20rg-uac_6000-x300drg-uac_6000-isg10_firmwarerg-uac_6000-x20_firmwarerg-uac_6000-ccrg-uac_6000-e20_firmwarerg-uac_6000-e20c_firmwarerg-uac_6000-eiRG-UAC
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-5142
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-2.21% / 83.79%
||
7 Day CHG~0.00%
Published-25 Feb, 2020 | 15:28
Updated-04 Aug, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable command injection vulnerability exists in the hostname functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted entry to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker can send various authenticated requests to trigger this vulnerability.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-awk-3131aawk-3131a_firmwareMoxa
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-5315
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-1.82% / 82.13%
||
7 Day CHG~0.00%
Published-13 Sep, 2019 | 16:53
Updated-04 Aug, 2024 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A command injection vulnerability is present in the web management interface of ArubaOS that permits an authenticated user to execute arbitrary commands on the underlying operating system. A malicious administrator could use this ability to install backdoors or change system configuration in a way that would not be logged. This vulnerability only affects ArubaOS 8.x.

Action-Not Available
Vendor-n/aAruba Networks
Product-arubaosAruba Mobility Controllers
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-5155
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-2.46% / 84.61%
||
7 Day CHG~0.00%
Published-10 Mar, 2020 | 21:59
Updated-04 Aug, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable command injection vulnerability exists in the cloud connectivity feature of WAGO PFC200. An attacker can inject operating system commands into any of the parameter values contained in the firmware update command. This affects WAGO PFC200 Firmware version 03.02.02(14), version 03.01.07(13), and version 03.00.39(12)

Action-Not Available
Vendor-wagoWago
Product-pfc200pfc200_firmwareWAGO PFC200 Firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-4509
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.7||MEDIUM
EPSS-0.32% / 54.71%
||
7 Day CHG-0.06%
Published-06 May, 2024 | 00:31
Updated-21 Aug, 2025 | 18:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ruijie RG-UAC add_commit.php os command injection

A vulnerability was found in Ruijie RG-UAC up to 20240428. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /view/IPV6/naborTable/add_commit.php. The manipulation of the argument ip_addr/mac_addr leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263113 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Ruijie Networks Co., Ltd.
Product-rg-uac_6000-x100_firmwarerg-uac_6000-e50mrg-uac_6000-sirg-uac_6000-ei_firmwarerg-uac_6000-isg02_firmwarerg-uac_6000-e10crg-uac_6000-x300d_firmwarerg-uac_6000-e50_firmwarerg-uac_6000-x20m_firmwarerg-uac_6000-e10rg-uac_6000-isg40rg-uac_6000-cc_firmwarerg-uac_6000-x20mrg-uac_6000-xs_firmwarerg-uac_6000-isg10rg-uac_6000-xsrg-uac_6000-earg-uac_6000-e50rg-uac_6000-x100srg-uac_6000-x60rg-uac_6000-u3210_firmwarerg-uac_6000-x60_firmwarerg-uac_6000-isg40_firmwarerg-uac_6000-e10c_firmwarerg-uac_6000-isg02rg-uac_6000-ea_firmwarerg-uac_6000-x100s_firmwarerg-uac_6000-u3210rg-uac_6000-x200rg-uac_6000-isg200rg-uac_6000-e50c_firmwarerg-uac_6000-e50crg-uac_6000-x20me_firmwarerg-uac_6000-e50m_firmwarerg-uac_6000-si_firmwarerg-uac_6000-u3100rg-uac_6000-e20mrg-uac_6000-u3100_firmwarerg-uac_6000-x20merg-uac_6000-e20m_firmwarerg-uac_6000-isg200_firmwarerg-uac_6000-x200_firmwarerg-uac_6000-e20rg-uac_6000-x100rg-uac_6000-e10_firmwarerg-uac_6000-e20crg-uac_6000-x20rg-uac_6000-x300drg-uac_6000-isg10_firmwarerg-uac_6000-x20_firmwarerg-uac_6000-ccrg-uac_6000-e20_firmwarerg-uac_6000-e20c_firmwarerg-uac_6000-eiRG-UACrg_uac
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2013-3322
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-2.51% / 84.76%
||
7 Day CHG~0.00%
Published-31 Jan, 2020 | 13:40
Updated-06 Aug, 2024 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to inject arbitrary commands in the Halt/Reboot interface.

Action-Not Available
Vendor-n/aNetApp, Inc.
Product-oncommand_system_managern/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-4506
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.7||MEDIUM
EPSS-0.15% / 35.85%
||
7 Day CHG+0.05%
Published-05 May, 2024 | 23:00
Updated-21 Aug, 2025 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ruijie RG-UAC ip_addr_edit_commit.php os command injection

A vulnerability has been found in Ruijie RG-UAC up to 20240428 and classified as critical. This vulnerability affects unknown code of the file /view/IPV6/ipv6Addr/ip_addr_edit_commit.php. The manipulation of the argument text_ip_addr/orgprelen/orgname leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263110 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Ruijie Networks Co., Ltd.
Product-rg-uac_6000-x100_firmwarerg-uac_6000-e50mrg-uac_6000-sirg-uac_6000-ei_firmwarerg-uac_6000-isg02_firmwarerg-uac_6000-e10crg-uac_6000-x300d_firmwarerg-uac_6000-e50_firmwarerg-uac_6000-x20m_firmwarerg-uac_6000-e10rg-uac_6000-isg40rg-uac_6000-cc_firmwarerg-uac_6000-x20mrg-uac_6000-xs_firmwarerg-uac_6000-isg10rg-uac_6000-xsrg-uac_6000-earg-uac_6000-e50rg-uac_6000-x100srg-uac_6000-x60rg-uac_6000-u3210_firmwarerg-uac_6000-x60_firmwarerg-uac_6000-isg40_firmwarerg-uac_6000-e10c_firmwarerg-uac_6000-isg02rg-uac_6000-ea_firmwarerg-uac_6000-x100s_firmwarerg-uac_6000-u3210rg-uac_6000-x200rg-uac_6000-isg200rg-uac_6000-e50c_firmwarerg-uac_6000-e50crg-uac_6000-x20me_firmwarerg-uac_6000-e50m_firmwarerg-uac_6000-si_firmwarerg-uac_6000-u3100rg-uac_6000-e20mrg-uac_6000-u3100_firmwarerg-uac_6000-x20merg-uac_6000-e20m_firmwarerg-uac_6000-isg200_firmwarerg-uac_6000-x200_firmwarerg-uac_6000-e20rg-uac_6000-x100rg-uac_6000-e10_firmwarerg-uac_6000-e20crg-uac_6000-x20rg-uac_6000-x300drg-uac_6000-isg10_firmwarerg-uac_6000-x20_firmwarerg-uac_6000-ccrg-uac_6000-e20_firmwarerg-uac_6000-e20c_firmwarerg-uac_6000-eiRG-UAC
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-4502
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.7||MEDIUM
EPSS-0.31% / 53.38%
||
7 Day CHG+0.01%
Published-05 May, 2024 | 22:00
Updated-21 Aug, 2025 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ruijie RG-UAC dhcp_client_commit.php os command injection

A vulnerability classified as critical has been found in Ruijie RG-UAC up to 20240428. Affected is an unknown function of the file /view/dhcp/dhcpClient/dhcp_client_commit.php. The manipulation of the argument ifName leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-263106 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Ruijie Networks Co., Ltd.
Product-rg-uac_6000-x100_firmwarerg-uac_6000-e50mrg-uac_6000-sirg-uac_6000-ei_firmwarerg-uac_6000-isg02_firmwarerg-uac_6000-e10crg-uac_6000-x300d_firmwarerg-uac_6000-e50_firmwarerg-uac_6000-x20m_firmwarerg-uac_6000-e10rg-uac_6000-isg40rg-uac_6000-cc_firmwarerg-uac_6000-x20mrg-uac_6000-xs_firmwarerg-uac_6000-isg10rg-uac_6000-xsrg-uac_6000-earg-uac_6000-e50rg-uac_6000-x100srg-uac_6000-x60rg-uac_6000-u3210_firmwarerg-uac_6000-x60_firmwarerg-uac_6000-isg40_firmwarerg-uac_6000-e10c_firmwarerg-uac_6000-isg02rg-uac_6000-ea_firmwarerg-uac_6000-x100s_firmwarerg-uac_6000-u3210rg-uac_6000-x200rg-uac_6000-isg200rg-uac_6000-e50c_firmwarerg-uac_6000-e50crg-uac_6000-x20me_firmwarerg-uac_6000-e50m_firmwarerg-uac_6000-si_firmwarerg-uac_6000-u3100rg-uac_6000-e20mrg-uac_6000-u3100_firmwarerg-uac_6000-x20merg-uac_6000-e20m_firmwarerg-uac_6000-isg200_firmwarerg-uac_6000-x200_firmwarerg-uac_6000-e20rg-uac_6000-x100rg-uac_6000-e10_firmwarerg-uac_6000-e20crg-uac_6000-x20rg-uac_6000-x300drg-uac_6000-isg10_firmwarerg-uac_6000-x20_firmwarerg-uac_6000-ccrg-uac_6000-e20_firmwarerg-uac_6000-e20c_firmwarerg-uac_6000-eiRG-UACrg-uac
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 11
  • 12
  • Next
Details not found