Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-3572

Summary
Assigner-CERTVDE
Assigner Org ID-270ccfa6-a436-4e77-922e-914ec3a9685c
Published At-08 Aug, 2023 | 06:52
Updated At-15 Oct, 2024 | 19:18
Rejected At-
Credits

PHOENIX CONTACT: OS Command Injection in WP 6xxx Web panels

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote, unauthenticated attacker may use an attribute of a specific HTTP POST request releated to date/time operations to gain full access to the device.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:CERTVDE
Assigner Org ID:270ccfa6-a436-4e77-922e-914ec3a9685c
Published At:08 Aug, 2023 | 06:52
Updated At:15 Oct, 2024 | 19:18
Rejected At:
▼CVE Numbering Authority (CNA)
PHOENIX CONTACT: OS Command Injection in WP 6xxx Web panels

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote, unauthenticated attacker may use an attribute of a specific HTTP POST request releated to date/time operations to gain full access to the device.

Affected Products
Vendor
Phoenix Contact GmbH & Co. KGPHOENIX CONTACT
Product
WP 6070-WVPS
Default Status
unaffected
Versions
Affected
  • From 0 before 4.0.10 (semver)
Vendor
Phoenix Contact GmbH & Co. KGPHOENIX CONTACT
Product
WP 6101-WXPS
Default Status
unaffected
Versions
Affected
  • From 0 before 4.0.10 (semver)
Vendor
Phoenix Contact GmbH & Co. KGPHOENIX CONTACT
Product
WP 6121-WXPS
Default Status
unaffected
Versions
Affected
  • From 0 before 4.0.10 (semver)
Vendor
Phoenix Contact GmbH & Co. KGPHOENIX CONTACT
Product
WP 6156-WHPS
Default Status
unaffected
Versions
Affected
  • From 0 before 4.0.10 (semver)
Vendor
Phoenix Contact GmbH & Co. KGPHOENIX CONTACT
Product
WP 6185-WHPS
Default Status
unaffected
Versions
Affected
  • From 0 before 4.0.10 (semver)
Vendor
Phoenix Contact GmbH & Co. KGPHOENIX CONTACT
Product
WP 6215-WHPS
Default Status
unaffected
Versions
Affected
  • From 0 before 4.0.10 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-78CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Type: CWE
CWE ID: CWE-78
Description: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Metrics
VersionBase scoreBase severityVector
3.110.0CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 10.0
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

finder
Gabriele Quagliarella from Nozomi Networks Labs
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://cert.vde.com/en/advisories/VDE-2023-018/
N/A
Hyperlink: https://cert.vde.com/en/advisories/VDE-2023-018/
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://cert.vde.com/en/advisories/VDE-2023-018/
x_transferred
Hyperlink: https://cert.vde.com/en/advisories/VDE-2023-018/
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Vendor
Phoenix Contact GmbH & Co. KGphoenixcontact
Product
wp_6070-wvps
CPEs
  • cpe:2.3:h:phoenixcontact:wp_6070-wvps:-:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 0 before 4.0.10 (semver)
Vendor
Phoenix Contact GmbH & Co. KGphoenixcontact
Product
wp_6101-wxps
CPEs
  • cpe:2.3:h:phoenixcontact:wp_6101-wxps:-:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 0 before 4.0.10 (semver)
Vendor
Phoenix Contact GmbH & Co. KGphoenixcontact
Product
wp_6121-wxps
CPEs
  • cpe:2.3:h:phoenixcontact:wp_6121-wxps:-:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 0 through 4.0.10 (semver)
Vendor
Phoenix Contact GmbH & Co. KGphoenixcontact
Product
wp_6156-whps
CPEs
  • cpe:2.3:h:phoenixcontact:wp_6156-whps:-:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 0 before 4.0.10 (semver)
Vendor
Phoenix Contact GmbH & Co. KGphoenixcontact
Product
wp_6156-whps
CPEs
  • cpe:2.3:h:phoenixcontact:wp_6156-whps:-:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 0 before 4.0.10 (semver)
Vendor
Phoenix Contact GmbH & Co. KGphoenixcontact
Product
wp_6185-whps
CPEs
  • cpe:2.3:h:phoenixcontact:wp_6185-whps:-:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 0 before 4.0.10 (semver)
Vendor
Phoenix Contact GmbH & Co. KGphoenixcontact
Product
wp_6215-whps
CPEs
  • cpe:2.3:h:phoenixcontact:wp_6215-whps:-:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 0 before 4.0.10 (semver)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:info@cert.vde.com
Published At:08 Aug, 2023 | 07:15
Updated At:08 Sep, 2023 | 09:15

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote, unauthenticated attacker may use an attribute of a specific HTTP POST request releated to date/time operations to gain full access to the device.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.110.0CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Secondary3.19.9CRITICAL
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 10.0
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.9
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CPE Matches

Phoenix Contact GmbH & Co. KG
phoenixcontact
>>wp_6070-wvps>>-
cpe:2.3:h:phoenixcontact:wp_6070-wvps:-:*:*:*:*:*:*:*
Phoenix Contact GmbH & Co. KG
phoenixcontact
>>wp_6070-wvps_firmware>>Versions before 4.0.10(exclusive)
cpe:2.3:o:phoenixcontact:wp_6070-wvps_firmware:*:*:*:*:*:*:*:*
Phoenix Contact GmbH & Co. KG
phoenixcontact
>>wp_6101-wxps>>-
cpe:2.3:h:phoenixcontact:wp_6101-wxps:-:*:*:*:*:*:*:*
Phoenix Contact GmbH & Co. KG
phoenixcontact
>>wp_6101-wxps_firmware>>Versions before 4.0.10(exclusive)
cpe:2.3:o:phoenixcontact:wp_6101-wxps_firmware:*:*:*:*:*:*:*:*
Phoenix Contact GmbH & Co. KG
phoenixcontact
>>wp_6121-wxps>>-
cpe:2.3:h:phoenixcontact:wp_6121-wxps:-:*:*:*:*:*:*:*
Phoenix Contact GmbH & Co. KG
phoenixcontact
>>wp_6121-wxps_firmware>>Versions before 4.0.10(exclusive)
cpe:2.3:o:phoenixcontact:wp_6121-wxps_firmware:*:*:*:*:*:*:*:*
Phoenix Contact GmbH & Co. KG
phoenixcontact
>>wp_6156-whps>>-
cpe:2.3:h:phoenixcontact:wp_6156-whps:-:*:*:*:*:*:*:*
Phoenix Contact GmbH & Co. KG
phoenixcontact
>>wp_6156-whps_firmware>>Versions before 4.0.10(exclusive)
cpe:2.3:o:phoenixcontact:wp_6156-whps_firmware:*:*:*:*:*:*:*:*
Phoenix Contact GmbH & Co. KG
phoenixcontact
>>wp_6185-whps>>-
cpe:2.3:h:phoenixcontact:wp_6185-whps:-:*:*:*:*:*:*:*
Phoenix Contact GmbH & Co. KG
phoenixcontact
>>wp_6185-whps_firmware>>Versions before 4.0.10(exclusive)
cpe:2.3:o:phoenixcontact:wp_6185-whps_firmware:*:*:*:*:*:*:*:*
Phoenix Contact GmbH & Co. KG
phoenixcontact
>>wp_6215-whps>>-
cpe:2.3:h:phoenixcontact:wp_6215-whps:-:*:*:*:*:*:*:*
Phoenix Contact GmbH & Co. KG
phoenixcontact
>>wp_6215-whps_firmware>>Versions before 4.0.10(exclusive)
cpe:2.3:o:phoenixcontact:wp_6215-whps_firmware:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-78Primaryinfo@cert.vde.com
CWE ID: CWE-78
Type: Primary
Source: info@cert.vde.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://cert.vde.com/en/advisories/VDE-2023-018/info@cert.vde.com
Third Party Advisory
Hyperlink: https://cert.vde.com/en/advisories/VDE-2023-018/
Source: info@cert.vde.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

157Records found

CVE-2024-7699
Matching Score-6
Assigner-CERT@VDE
ShareView Details
Matching Score-6
Assigner-CERT@VDE
CVSS Score-8.8||HIGH
EPSS-0.76% / 50.92%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 08:42
Updated-27 Sep, 2024 | 18:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Phoenix Contact: OS command execution in MGUARD products

An low privileged remote attacker can execute OS commands with root privileges due to improper neutralization of special elements in user data.

Action-Not Available
Vendor-Phoenix Contact GmbH & Co. KG
Product-fl_mguard_2105_firmwaretc_mguard_rs2000_4g_vpnfl_mguard_2102fl_mguard_4102_pci_firmwarefl_mguard_4302_firmwarefl_mguard_pcie4000_vpn_firmwarefl_mguard_rs2000_tx\/tx-b_firmwarefl_mguard_4102_pcie_firmwarefl_mguard_rs4000_tx\/txfl_mguard_pcie4000_firmwarefl_mguard_4305_firmwarefl_mguard_rs4000_tx\/tx_firmwaretc_mguard_rs4000_3g_vpn_firmwarefl_mguard_rs4004_tx\/dtx_vpn_firmwarefl_mguard_rs4004_tx\/dtx_firmwarefl_mguard_pcie4000tc_mguard_rs4000_4g_vzw_vpn_firmwarefl_mguard_core_tx_vpntc_mguard_rs2000_4g_att_vpn_firmwarefl_mguard_delta_tx\/txfl_mguard_4302fl_mguard_rs4000_tx\/tx_vpn_firmwarefl_mguard_rs2000_tx\/tx_vpn_firmwarefl_mguard_rs2000_tx\/tx-btc_mguard_rs4000_4g_att_vpntc_mguard_rs2000_3g_vpnfl_mguard_rs2005_tx_vpntc_mguard_rs4000_4g_vpnfl_mguard_4102_pcifl_mguard_gt\/gt_firmwarefl_mguard_gt\/gt_vpn_firmwarefl_mguard_core_tx_vpn_firmwaretc_mguard_rs2000_4g_vzw_vpnfl_mguard_rs4004_tx\/dtxfl_mguard_delta_tx\/tx_vpn_firmwarefl_mguard_rs4000_tx\/tx-pfl_mguard_2105fl_mguard_4305fl_mguard_pci4000_firmwaretc_mguard_rs2000_3g_vpn_firmwaretc_mguard_rs4000_4g_vpn_firmwarefl_mguard_core_tx_firmwaretc_mguard_rs4000_4g_att_vpn_firmwarefl_mguard_gt\/gt_vpnfl_mguard_centerport_vpn-1000fl_mguard_pcie4000_vpnfl_mguard_2102_firmwarefl_mguard_centerport_vpn-1000_firmwarefl_mguard_rs2000_tx\/tx_vpntc_mguard_rs2000_4g_vpn_firmwarefl_mguard_rs4000_tx\/tx-m_firmwarefl_mguard_smart2_vpnfl_mguard_smart2fl_mguard_rs2005_tx_vpn_firmwaretc_mguard_rs2000_4g_att_vpnfl_mguard_smart2_vpn_firmwarefl_mguard_rs4000_tx\/tx-mfl_mguard_smart2_firmwarefl_mguard_delta_tx\/tx_firmwarefl_mguard_pci4000fl_mguard_pci4000_vpn_firmwarefl_mguard_delta_tx\/tx_vpntc_mguard_rs4000_4g_vzw_vpnfl_mguard_rs4000_tx\/tx_vpntc_mguard_rs2000_4g_vzw_vpn_firmwarefl_mguard_rs4004_tx\/dtx_vpnfl_mguard_gt\/gtfl_mguard_4102_pciefl_mguard_core_txtc_mguard_rs4000_3g_vpnfl_mguard_rs4000_tx\/tx-p_firmwarefl_mguard_pci4000_vpnFL MGUARD 4102 PCIETC MGUARD RS4000 4G VPNFL MGUARD RS2000 TX/TX VPNTC MGUARD RS2000 4G ATT VPNFL MGUARD 4305FL MGUARD RS4004 TX/DTXTC MGUARD RS2000 3G VPNTC MGUARD RS4000 4G VZW VPNFL MGUARD DELTA TX/TXFL MGUARD PCIE4000FL MGUARD SMART2 VPNFL MGUARD CORE TXFL MGUARD RS4000 TX/TXFL MGUARD RS4000 TX/TX-PFL MGUARD RS2000 TX/TX-BFL MGUARD 2102FL MGUARD RS2005 TX VPNFL MGUARD PCIE4000 VPNFL MGUARD 4102 PCIFL MGUARD CENTERPORT VPN-1000FL MGUARD DELTA TX/TX VPNFL MGUARD RS4000 TX/TX VPNFL MGUARD RS4004 TX/DTX VPNFL MGUARD PCI4000 VPNFL MGUARD GT/GTFL MGUARD 2105TC MGUARD RS4000 3G VPNFL MGUARD CORE TX VPNTC MGUARD RS4000 4G ATT VPNFL MGUARD RS4000 TX/TX-MFL MGUARD 4302FL MGUARD SMART2FL MGUARD GT/GT VPNFL MGUARD PCI4000TC MGUARD RS2000 4G VPNTC MGUARD RS2000 4G VZW VPNfl_mguard_smart2_vpn_firmwaretc_mguard_rs4000_4g_vzw_vpn_firmwarefl_mguard_4305_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-25269
Matching Score-6
Assigner-CERT@VDE
ShareView Details
Matching Score-6
Assigner-CERT@VDE
CVSS Score-8.4||HIGH
EPSS-0.24% / 15.02%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 07:00
Updated-11 Jul, 2025 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local Privilege Escalation via Unauthenticated Command Injection

An unauthenticated local attacker can inject a command that is subsequently executed as root, leading to a privilege escalation.

Action-Not Available
Vendor-Phoenix Contact GmbH & Co. KG
Product-charx_sec-3100charx_sec-3150charx_sec-3050_firmwarecharx_sec-3050charx_sec-3100_firmwarecharx_sec-3150_firmwarecharx_sec-3000_firmwarecharx_sec-3000CHARX SEC-3050CHARX SEC-3150CHARX SEC-3100CHARX SEC-3000
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-10730
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-4.62% / 90.57%
||
7 Day CHG~0.00%
Published-17 May, 2018 | 19:00
Updated-05 Aug, 2024 | 07:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to OS command injection.

Action-Not Available
Vendor-n/aPhoenix Contact GmbH & Co. KG
Product-fl_switch_4808e-16fx_sm-4gcfl_switch_3004t-fx_st_firmwarefl_switch_4808e-16fx_lc-4gcfl_switch_3006t-2fx_sm_firmwarefl_switch_4008t-2gt-4fx_smfl_switch_3016_firmwarefl_switch_3016tfl_switch_4008t-2gt-3fx_sm_firmwarefl_switch_4808e-16fx_sm_st-4gcfl_switch_3004t-fx_stfl_switch_3016fl_switch_4808e-16fx-4gc_firmwarefl_switch_3005tfl_switch_4808e-16fx-4gcfl_switch_4012t-2gt-2fx_stfl_switch_3012e-2sfx_firmwarefl_switch_3004t-fxfl_switch_4824e-4gcfl_switch_3005t_firmwarefl_switch_3008t_firmwarefl_switch_4824e-4gc_firmwarefl_switch_4808e-16fx_st-4gc_firmwarefl_switch_4008t-2sfpfl_switch_3008fl_switch_4012t_2gt_2fxfl_switch_3012e-2fx_sm_firmwarefl_switch_3004t-fx_firmwarefl_switch_3006t-2fx_stfl_switch_4808e-16fx_sm_lc-4gc_firmwarefl_switch_3006t-2fx_st_firmwarefl_switch_3006t-2fx_firmwarefl_switch_4008t-2gt-3fx_smfl_switch_4800e-24fx_sm-4gcfl_switch_4800e-24fx_sm-4gc_firmwarefl_switch_4808e-16fx_sm_st-4gc_firmwarefl_switch_4008t-2gt-4fx_sm_firmwarefl_switch_4012t_2gt_2fx_firmwarefl_switch_4808e-16fx_lc-4gc_firmwarefl_switch_3016t_firmwarefl_switch_3016efl_switch_3006t-2fxfl_switch_3008_firmwarefl_switch_3012e-2sfxfl_switch_4000t-8poe-2sfp-rfl_switch_4008t-2sfp_firmwarefl_switch_4012t-2gt-2fx_st_firmwarefl_switch_3005fl_switch_4808e-16fx_st-4gcfl_switch_4808e-16fx_sm_lc-4gcfl_switch_4800e-24fx-4gcfl_switch_4808e-16fx_sm-4gc_firmwarefl_switch_4000t-8poe-2sfp-r_firmwarefl_switch_3016e_firmwarefl_switch_3008tfl_switch_3006t-2fx_smfl_switch_4800e-24fx-4gc_firmwarefl_switch_3012e-2fx_smfl_switch_3005_firmwaren/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-9436
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-2.61% / 83.51%
||
7 Day CHG~0.00%
Published-12 Mar, 2020 | 13:22
Updated-04 Aug, 2024 | 10:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17 devices allow authenticated users to inject system commands through a modified POST request to a specific URL.

Action-Not Available
Vendor-n/aPhoenix Contact GmbH & Co. KG
Product-tc_router_3002t-4g_vzw_firmwaretc_router_3002t-4gtc_router_3002t-4g_vzwtc_router_2002t-3g_firmwaretc_cloud_client_1002-4g_firmwaretc_router_3002t-4g_atttc_router_2002t-3gtc_router_3002t-4g_att_firmwaretc_cloud_client_1002-txtxtc_cloud_client_1002-4gtc_cloud_client_1002-txtx_firmwaretc_router_3002t-4g_firmwaren/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-43385
Matching Score-6
Assigner-CERT@VDE
ShareView Details
Matching Score-6
Assigner-CERT@VDE
CVSS Score-8.8||HIGH
EPSS-0.74% / 50.15%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 08:43
Updated-27 Sep, 2024 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Phoenix Contact: OS command execution through PROXY_HTTP_PORT in mGuard devices

A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable PROXY_HTTP_PORT in mGuard devices.

Action-Not Available
Vendor-Phoenix Contact GmbH & Co. KG
Product-fl_mguard_2105_firmwaretc_mguard_rs2000_4g_vpnfl_mguard_2102fl_mguard_4102_pci_firmwarefl_mguard_4302_firmwarefl_mguard_pcie4000_vpn_firmwarefl_mguard_rs2000_tx\/tx-b_firmwarefl_mguard_4102_pcie_firmwarefl_mguard_rs4000_tx\/txfl_mguard_pcie4000_firmwarefl_mguard_4305_firmwarefl_mguard_rs4000_tx\/tx_firmwaretc_mguard_rs4000_3g_vpn_firmwarefl_mguard_rs4004_tx\/dtx_vpn_firmwarefl_mguard_rs4004_tx\/dtx_firmwarefl_mguard_pcie4000tc_mguard_rs4000_4g_vzw_vpn_firmwarefl_mguard_core_tx_vpntc_mguard_rs2000_4g_att_vpn_firmwarefl_mguard_delta_tx\/txfl_mguard_4302fl_mguard_rs4000_tx\/tx_vpn_firmwarefl_mguard_rs2000_tx\/tx_vpn_firmwarefl_mguard_rs2000_tx\/tx-btc_mguard_rs4000_4g_att_vpntc_mguard_rs2000_3g_vpnfl_mguard_rs2005_tx_vpntc_mguard_rs4000_4g_vpnfl_mguard_4102_pcifl_mguard_gt\/gt_firmwarefl_mguard_gt\/gt_vpn_firmwarefl_mguard_core_tx_vpn_firmwaretc_mguard_rs2000_4g_vzw_vpnfl_mguard_rs4004_tx\/dtxfl_mguard_delta_tx\/tx_vpn_firmwarefl_mguard_rs4000_tx\/tx-pfl_mguard_2105fl_mguard_4305fl_mguard_pci4000_firmwaretc_mguard_rs2000_3g_vpn_firmwaretc_mguard_rs4000_4g_vpn_firmwarefl_mguard_core_tx_firmwaretc_mguard_rs4000_4g_att_vpn_firmwarefl_mguard_gt\/gt_vpnfl_mguard_centerport_vpn-1000fl_mguard_pcie4000_vpnfl_mguard_2102_firmwarefl_mguard_centerport_vpn-1000_firmwarefl_mguard_rs2000_tx\/tx_vpntc_mguard_rs2000_4g_vpn_firmwarefl_mguard_rs4000_tx\/tx-m_firmwarefl_mguard_smart2_vpnfl_mguard_smart2fl_mguard_rs2005_tx_vpn_firmwaretc_mguard_rs2000_4g_att_vpnfl_mguard_smart2_vpn_firmwarefl_mguard_rs4000_tx\/tx-mfl_mguard_smart2_firmwarefl_mguard_delta_tx\/tx_firmwarefl_mguard_pci4000fl_mguard_pci4000_vpn_firmwarefl_mguard_delta_tx\/tx_vpntc_mguard_rs4000_4g_vzw_vpnfl_mguard_rs4000_tx\/tx_vpntc_mguard_rs2000_4g_vzw_vpn_firmwarefl_mguard_rs4004_tx\/dtx_vpnfl_mguard_gt\/gtfl_mguard_4102_pciefl_mguard_core_txtc_mguard_rs4000_3g_vpnfl_mguard_rs4000_tx\/tx-p_firmwarefl_mguard_pci4000_vpnFL MGUARD 4102 PCIETC MGUARD RS4000 4G VPNFL MGUARD RS2000 TX/TX VPNTC MGUARD RS2000 4G ATT VPNFL MGUARD 4305FL MGUARD RS4004 TX/DTXTC MGUARD RS2000 3G VPNTC MGUARD RS4000 4G VZW VPNFL MGUARD DELTA TX/TXFL MGUARD PCIE4000FL MGUARD SMART2 VPNFL MGUARD CORE TXFL MGUARD RS4000 TX/TXFL MGUARD RS4000 TX/TX-PFL MGUARD RS2000 TX/TX-BFL MGUARD 2102FL MGUARD RS2005 TX VPNFL MGUARD PCIE4000 VPNFL MGUARD 4102 PCIFL MGUARD CENTERPORT VPN-1000FL MGUARD DELTA TX/TX VPNFL MGUARD RS4000 TX/TX VPNFL MGUARD RS4004 TX/DTX VPNFL MGUARD PCI4000 VPNFL MGUARD GT/GTFL MGUARD 2105TC MGUARD RS4000 3G VPNFL MGUARD CORE TX VPNTC MGUARD RS4000 4G ATT VPNFL MGUARD RS4000 TX/TX-MFL MGUARD 4302FL MGUARD SMART2FL MGUARD GT/GT VPNFL MGUARD PCI4000TC MGUARD RS2000 4G VPNTC MGUARD RS2000 4G VZW VPNfl_mguard_smart2_vpn_firmwaretc_mguard_rs4000_4g_vzw_vpn_firmwarefl_mguard_4305_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-43386
Matching Score-6
Assigner-CERT@VDE
ShareView Details
Matching Score-6
Assigner-CERT@VDE
CVSS Score-8.8||HIGH
EPSS-0.74% / 50.15%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 08:43
Updated-27 Sep, 2024 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Phoenix Contact: OS command execution through EMAIL_NOTIFICATION.TO in mGuard devices.

A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable EMAIL_NOTIFICATION.TO in mGuard devices.

Action-Not Available
Vendor-Phoenix Contact GmbH & Co. KG
Product-fl_mguard_2105_firmwaretc_mguard_rs2000_4g_vpnfl_mguard_2102fl_mguard_4102_pci_firmwarefl_mguard_4302_firmwarefl_mguard_pcie4000_vpn_firmwarefl_mguard_rs2000_tx\/tx-b_firmwarefl_mguard_4102_pcie_firmwarefl_mguard_rs4000_tx\/txfl_mguard_pcie4000_firmwarefl_mguard_4305_firmwarefl_mguard_rs4000_tx\/tx_firmwaretc_mguard_rs4000_3g_vpn_firmwarefl_mguard_rs4004_tx\/dtx_vpn_firmwarefl_mguard_rs4004_tx\/dtx_firmwarefl_mguard_pcie4000tc_mguard_rs4000_4g_vzw_vpn_firmwarefl_mguard_core_tx_vpntc_mguard_rs2000_4g_att_vpn_firmwarefl_mguard_delta_tx\/txfl_mguard_4302fl_mguard_rs4000_tx\/tx_vpn_firmwarefl_mguard_rs2000_tx\/tx_vpn_firmwarefl_mguard_rs2000_tx\/tx-btc_mguard_rs4000_4g_att_vpntc_mguard_rs2000_3g_vpnfl_mguard_rs2005_tx_vpntc_mguard_rs4000_4g_vpnfl_mguard_4102_pcifl_mguard_gt\/gt_firmwarefl_mguard_gt\/gt_vpn_firmwarefl_mguard_core_tx_vpn_firmwaretc_mguard_rs2000_4g_vzw_vpnfl_mguard_rs4004_tx\/dtxfl_mguard_delta_tx\/tx_vpn_firmwarefl_mguard_rs4000_tx\/tx-pfl_mguard_2105fl_mguard_4305fl_mguard_pci4000_firmwaretc_mguard_rs2000_3g_vpn_firmwaretc_mguard_rs4000_4g_vpn_firmwarefl_mguard_core_tx_firmwaretc_mguard_rs4000_4g_att_vpn_firmwarefl_mguard_gt\/gt_vpnfl_mguard_centerport_vpn-1000fl_mguard_pcie4000_vpnfl_mguard_2102_firmwarefl_mguard_centerport_vpn-1000_firmwarefl_mguard_rs2000_tx\/tx_vpntc_mguard_rs2000_4g_vpn_firmwarefl_mguard_rs4000_tx\/tx-m_firmwarefl_mguard_smart2_vpnfl_mguard_smart2fl_mguard_rs2005_tx_vpn_firmwaretc_mguard_rs2000_4g_att_vpnfl_mguard_smart2_vpn_firmwarefl_mguard_rs4000_tx\/tx-mfl_mguard_smart2_firmwarefl_mguard_delta_tx\/tx_firmwarefl_mguard_pci4000fl_mguard_pci4000_vpn_firmwarefl_mguard_delta_tx\/tx_vpntc_mguard_rs4000_4g_vzw_vpnfl_mguard_rs4000_tx\/tx_vpntc_mguard_rs2000_4g_vzw_vpn_firmwarefl_mguard_rs4004_tx\/dtx_vpnfl_mguard_gt\/gtfl_mguard_4102_pciefl_mguard_core_txtc_mguard_rs4000_3g_vpnfl_mguard_rs4000_tx\/tx-p_firmwarefl_mguard_pci4000_vpnFL MGUARD 4102 PCIETC MGUARD RS4000 4G VPNFL MGUARD RS2000 TX/TX VPNTC MGUARD RS2000 4G ATT VPNFL MGUARD 4305FL MGUARD RS4004 TX/DTXTC MGUARD RS2000 3G VPNTC MGUARD RS4000 4G VZW VPNFL MGUARD DELTA TX/TXFL MGUARD PCIE4000FL MGUARD SMART2 VPNFL MGUARD CORE TXFL MGUARD RS4000 TX/TXFL MGUARD RS4000 TX/TX-PFL MGUARD RS2000 TX/TX-BFL MGUARD 2102FL MGUARD RS2005 TX VPNFL MGUARD PCIE4000 VPNFL MGUARD 4102 PCIFL MGUARD CENTERPORT VPN-1000FL MGUARD DELTA TX/TX VPNFL MGUARD RS4000 TX/TX VPNFL MGUARD RS4004 TX/DTX VPNFL MGUARD PCI4000 VPNFL MGUARD GT/GTFL MGUARD 2105TC MGUARD RS4000 3G VPNFL MGUARD CORE TX VPNTC MGUARD RS4000 4G ATT VPNFL MGUARD RS4000 TX/TX-MFL MGUARD 4302FL MGUARD SMART2FL MGUARD GT/GT VPNFL MGUARD PCI4000TC MGUARD RS2000 4G VPNTC MGUARD RS2000 4G VZW VPNfl_mguard_smart2_vpn_firmwaretc_mguard_rs4000_4g_vzw_vpn_firmwarefl_mguard_4305_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-43387
Matching Score-6
Assigner-CERT@VDE
ShareView Details
Matching Score-6
Assigner-CERT@VDE
CVSS Score-8.8||HIGH
EPSS-0.56% / 42.80%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 08:43
Updated-27 Sep, 2024 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Phoenix Contact: Access files due to improper neutralization of special elements in MGUARD devices

A low privileged remote attacker can read and write files as root due to improper neutralization of special elements in the variable EMAIL_RELAY_PASSWORD in mGuard devices.

Action-Not Available
Vendor-Phoenix Contact GmbH & Co. KG
Product-fl_mguard_2105_firmwaretc_mguard_rs2000_4g_vpnfl_mguard_2102fl_mguard_4102_pci_firmwarefl_mguard_4302_firmwarefl_mguard_pcie4000_vpn_firmwarefl_mguard_rs2000_tx\/tx-b_firmwarefl_mguard_4102_pcie_firmwarefl_mguard_rs4000_tx\/txfl_mguard_pcie4000_firmwarefl_mguard_4305_firmwarefl_mguard_rs4000_tx\/tx_firmwaretc_mguard_rs4000_3g_vpn_firmwarefl_mguard_rs4004_tx\/dtx_vpn_firmwarefl_mguard_rs4004_tx\/dtx_firmwarefl_mguard_pcie4000tc_mguard_rs4000_4g_vzw_vpn_firmwarefl_mguard_core_tx_vpntc_mguard_rs2000_4g_att_vpn_firmwarefl_mguard_delta_tx\/txfl_mguard_4302fl_mguard_rs4000_tx\/tx_vpn_firmwarefl_mguard_rs2000_tx\/tx_vpn_firmwarefl_mguard_rs2000_tx\/tx-btc_mguard_rs4000_4g_att_vpntc_mguard_rs2000_3g_vpnfl_mguard_rs2005_tx_vpntc_mguard_rs4000_4g_vpnfl_mguard_4102_pcifl_mguard_gt\/gt_firmwarefl_mguard_gt\/gt_vpn_firmwarefl_mguard_core_tx_vpn_firmwaretc_mguard_rs2000_4g_vzw_vpnfl_mguard_rs4004_tx\/dtxfl_mguard_delta_tx\/tx_vpn_firmwarefl_mguard_rs4000_tx\/tx-pfl_mguard_2105fl_mguard_4305fl_mguard_pci4000_firmwaretc_mguard_rs2000_3g_vpn_firmwaretc_mguard_rs4000_4g_vpn_firmwarefl_mguard_core_tx_firmwaretc_mguard_rs4000_4g_att_vpn_firmwarefl_mguard_gt\/gt_vpnfl_mguard_centerport_vpn-1000fl_mguard_pcie4000_vpnfl_mguard_2102_firmwarefl_mguard_centerport_vpn-1000_firmwarefl_mguard_rs2000_tx\/tx_vpntc_mguard_rs2000_4g_vpn_firmwarefl_mguard_rs4000_tx\/tx-m_firmwarefl_mguard_smart2_vpnfl_mguard_smart2fl_mguard_rs2005_tx_vpn_firmwaretc_mguard_rs2000_4g_att_vpnfl_mguard_smart2_vpn_firmwarefl_mguard_rs4000_tx\/tx-mfl_mguard_smart2_firmwarefl_mguard_delta_tx\/tx_firmwarefl_mguard_pci4000fl_mguard_pci4000_vpn_firmwarefl_mguard_delta_tx\/tx_vpntc_mguard_rs4000_4g_vzw_vpnfl_mguard_rs4000_tx\/tx_vpntc_mguard_rs2000_4g_vzw_vpn_firmwarefl_mguard_rs4004_tx\/dtx_vpnfl_mguard_gt\/gtfl_mguard_4102_pciefl_mguard_core_txtc_mguard_rs4000_3g_vpnfl_mguard_rs4000_tx\/tx-p_firmwarefl_mguard_pci4000_vpnFL MGUARD 4102 PCIETC MGUARD RS4000 4G VPNFL MGUARD RS2000 TX/TX VPNTC MGUARD RS2000 4G ATT VPNFL MGUARD 4305FL MGUARD RS4004 TX/DTXTC MGUARD RS2000 3G VPNTC MGUARD RS4000 4G VZW VPNFL MGUARD DELTA TX/TXFL MGUARD PCIE4000FL MGUARD SMART2 VPNFL MGUARD CORE TXFL MGUARD RS4000 TX/TXFL MGUARD RS4000 TX/TX-PFL MGUARD RS2000 TX/TX-BFL MGUARD 2102FL MGUARD RS2005 TX VPNFL MGUARD PCIE4000 VPNFL MGUARD 4102 PCIFL MGUARD CENTERPORT VPN-1000FL MGUARD DELTA TX/TX VPNFL MGUARD RS4000 TX/TX VPNFL MGUARD RS4004 TX/DTX VPNFL MGUARD PCI4000 VPNFL MGUARD GT/GTFL MGUARD 2105TC MGUARD RS4000 3G VPNFL MGUARD CORE TX VPNTC MGUARD RS4000 4G ATT VPNFL MGUARD RS4000 TX/TX-MFL MGUARD 4302FL MGUARD SMART2FL MGUARD GT/GT VPNFL MGUARD PCI4000TC MGUARD RS2000 4G VPNTC MGUARD RS2000 4G VZW VPNfl_mguard_smart2_vpn_firmwaretc_mguard_rs4000_4g_vzw_vpn_firmwarefl_mguard_4305_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-37863
Matching Score-6
Assigner-CERT@VDE
ShareView Details
Matching Score-6
Assigner-CERT@VDE
CVSS Score-7.2||HIGH
EPSS-0.69% / 48.40%
||
7 Day CHG~0.00%
Published-09 Aug, 2023 | 06:36
Updated-10 Oct, 2024 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHOENIX CONTACT: OS Command Injection in WP 6xxx Web panels

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with SNMPv2 write privileges may use an a special SNMP request to gain full access to the device.

Action-Not Available
Vendor-Phoenix Contact GmbH & Co. KG
Product-wp_6185-whpswp_6121-wxps_firmwarewp_6070-wvpswp_6156-whps_firmwarewp_6185-whps_firmwarewp_6101-wxpswp_6121-wxpswp_6156-whpswp_6215-whpswp_6215-whps_firmwarewp_6070-wvps_firmwarewp_6101-wxps_firmwareWP 6101-WXPSWP 6156-WHPSWP 6070-WVPSWP 6185-WHPSWP 6215-WHPSWP 6121-WXPSwp_6121-wxps_firmwarewp_6156-whps_firmwarewp_6185-whps_firmwarewp_6215-whps_firmwarewp_6070-wvps_firmwarewp_6101-wxps_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-37861
Matching Score-6
Assigner-CERT@VDE
ShareView Details
Matching Score-6
Assigner-CERT@VDE
CVSS Score-8.8||HIGH
EPSS-0.91% / 55.60%
||
7 Day CHG~0.00%
Published-09 Aug, 2023 | 06:34
Updated-10 Oct, 2024 | 17:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHOENIX CONTACT: OS Command Injection in WP 6xxx Web panels

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated remote attacker can execute code with root permissions with a specially crafted HTTP POST when uploading a certificate to the device.

Action-Not Available
Vendor-Phoenix Contact GmbH & Co. KG
Product-wp_6185-whpswp_6121-wxps_firmwarewp_6070-wvpswp_6156-whps_firmwarewp_6185-whps_firmwarewp_6101-wxpswp_6121-wxpswp_6156-whpswp_6215-whpswp_6215-whps_firmwarewp_6070-wvps_firmwarewp_6101-wxps_firmwareWP 6101-WXPSWP 6156-WHPSWP 6070-WVPSWP 6185-WHPSWP 6215-WHPSWP 6121-WXPSwp_6185-whpswp_6070-wvpswp_6215-whpswp_6156-whpswp_6101-wxpswp_6121-wxps
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-3571
Matching Score-6
Assigner-CERT@VDE
ShareView Details
Matching Score-6
Assigner-CERT@VDE
CVSS Score-8.8||HIGH
EPSS-0.45% / 35.69%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 06:52
Updated-04 Nov, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHOENIX CONTACT: OS Command Injection in WP 6xxx Web panels

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a specific HTTP POST releated to certificate operations to gain full access to the device.

Action-Not Available
Vendor-Phoenix Contact GmbH & Co. KG
Product-wp_6185-whpswp_6121-wxps_firmwarewp_6070-wvpswp_6156-whps_firmwarewp_6185-whps_firmwarewp_6101-wxpswp_6121-wxpswp_6156-whpswp_6215-whpswp_6215-whps_firmwarewp_6070-wvps_firmwarewp_6101-wxps_firmwareWP 6101-WXPSWP 6156-WHPSWP 6070-WVPSWP 6185-WHPSWP 6215-WHPSWP 6121-WXPSwp_6121-wxps_firmwarewp_6156-whps_firmwarewp_6185-whps_firmwarewp_6215-whps_firmwarewp_6070-wvps_firmwarewp_6101-wxps_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-3573
Matching Score-6
Assigner-CERT@VDE
ShareView Details
Matching Score-6
Assigner-CERT@VDE
CVSS Score-8.8||HIGH
EPSS-0.95% / 56.88%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 06:51
Updated-15 Oct, 2024 | 19:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHOENIX CONTACT: Command Injection in WP 6xxx Web panels

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a command injection in a HTTP POST request releated to font configuration operations to gain full access to the device.

Action-Not Available
Vendor-Phoenix Contact GmbH & Co. KG
Product-wp_6185-whpswp_6121-wxps_firmwarewp_6070-wvpswp_6156-whps_firmwarewp_6185-whps_firmwarewp_6101-wxpswp_6121-wxpswp_6156-whpswp_6215-whpswp_6215-whps_firmwarewp_6070-wvps_firmwarewp_6101-wxps_firmwareWP 6101-WXPSWP 6156-WHPSWP 6070-WVPSWP 6185-WHPSWP 6215-WHPSWP 6121-WXPSwp_6185-whpswp_6070-wvpswp_6215-whpswp_6156-whpswp_6101-wxpswp_6121-wxps
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-3570
Matching Score-6
Assigner-CERT@VDE
ShareView Details
Matching Score-6
Assigner-CERT@VDE
CVSS Score-8.8||HIGH
EPSS-0.92% / 56.10%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 06:52
Updated-15 Oct, 2024 | 19:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHOENIX CONTACT: OS Command Injection in WP 6xxx Web panels

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a specific HTTP DELETE request to gain full access to the device.

Action-Not Available
Vendor-Phoenix Contact GmbH & Co. KG
Product-wp_6185-whpswp_6121-wxps_firmwarewp_6070-wvpswp_6156-whps_firmwarewp_6185-whps_firmwarewp_6101-wxpswp_6121-wxpswp_6156-whpswp_6215-whpswp_6215-whps_firmwarewp_6070-wvps_firmwarewp_6101-wxps_firmwareWP 6101-WXPSWP 6156-WHPSWP 6070-WVPSWP 6185-WHPSWP 6215-WHPSWP 6121-WXPSwp_6185-whpswp_6070-wvpswp_6215-whpswp_6156-whpswp_6101-wxpswp_6121-wxps
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-2131
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-10||CRITICAL
EPSS-1.73% / 74.78%
||
7 Day CHG~0.00%
Published-20 Apr, 2023 | 20:40
Updated-16 Jan, 2025 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE-2023-2131

Versions of INEA ME RTU firmware prior to 3.36 are vulnerable to OS command injection, which could allow an attacker to remotely execute arbitrary code.

Action-Not Available
Vendor-ineaINEA
Product-me_rtume_rtu_firmwareME RTU
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-7591
Matching Score-4
Assigner-Progress Software Corporation
ShareView Details
Matching Score-4
Assigner-Progress Software Corporation
CVSS Score-10||CRITICAL
EPSS-44.07% / 98.60%
||
7 Day CHG~0.00%
Published-05 Sep, 2024 | 17:16
Updated-18 Feb, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection

Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This issue affects: * LoadMaster: 7.2.40.0 and above * ECS: All versions * Multi-Tenancy: 7.1.35.4 and above

Action-Not Available
Vendor-KempProgress Software Corporation
Product-multi-tenant_hypervisor_firmwareloadmasterLoadMasterloadmaster_mtloadmaster
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-58338
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.6||HIGH
EPSS-0.72% / 49.34%
||
7 Day CHG~0.00%
Published-30 Dec, 2025 | 22:41
Updated-05 Mar, 2026 | 12:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Anevia Flamingo XL 3.2.9 Remote Root Jailbreak via Traceroute Command

Anevia Flamingo XL 3.2.9 contains a restricted shell vulnerability that allows remote attackers to escape the sandboxed environment through the traceroute command. Attackers can exploit the traceroute command to inject shell commands and gain full root access to the device by bypassing the restricted login environment.

Action-Not Available
Vendor-atemeAteme
Product-flamingo_xlflamingo_xl_firmwareFlamingo XL
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-1884
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-10||CRITICAL
EPSS-1.77% / 75.50%
||
7 Day CHG~0.00%
Published-15 Nov, 2024 | 10:53
Updated-19 Nov, 2024 | 14:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Command Execution in gogs/gogs

A remote command execution vulnerability exists in gogs/gogs versions <=0.12.7 when deployed on a Windows server. The vulnerability arises due to improper validation of the `tree_path` parameter during file uploads. An attacker can set `tree_path=.git.` to upload a file into the .git directory, allowing them to write or rewrite the `.git/config` file. If the `core.sshCommand` is set, this can lead to remote command execution.

Action-Not Available
Vendor-gogsgogsgogsMicrosoft Corporation
Product-windowsgogsgogs/gogsgogs
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-54469
Matching Score-4
Assigner-SUSE
ShareView Details
Matching Score-4
Assigner-SUSE
CVSS Score-9.9||CRITICAL
EPSS-0.43% / 34.56%
||
7 Day CHG~0.00%
Published-30 Oct, 2025 | 09:41
Updated-26 Feb, 2026 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NeuVector Enforcer is vulnerable to Command Injection and Buffer overflow

A vulnerability was identified in NeuVector, where the enforcer used environment variables CLUSTER_RPC_PORT and CLUSTER_LAN_PORT to generate a command to be executed via popen, without first sanitising their values. The entry process of the enforcer container is the monitor process. When the enforcer container stops, the monitor process checks whether the consul subprocess has exited. To perform this check, the monitor process uses the popen function to execute a shell command that determines whether the ports used by the consul subprocess are still active. The values of environment variables CLUSTER_RPC_PORT and CLUSTER_LAN_PORT are used directly to compose shell commands via popen without validation or sanitization. This behavior could allow a malicious user to inject malicious commands through these variables within the enforcer container.

Action-Not Available
Vendor-SUSE
Product-neuvector
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-52034
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-10||CRITICAL
EPSS-1.70% / 74.38%
||
7 Day CHG~0.00%
Published-22 Nov, 2024 | 22:15
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
mySCADA myPRO OS Command Injection

An OS Command Injection vulnerability exists within myPRO Manager. A parameter within a command can be exploited by an unauthenticated remote attacker to inject arbitrary operating system commands.

Action-Not Available
Vendor-mySCADAmyscada
Product-myPRO RuntimemyPRO Managermypro_managermypro_runtime
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-20036
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-9.9||CRITICAL
EPSS-12.72% / 95.78%
||
7 Day CHG~0.00%
Published-15 Nov, 2024 | 15:21
Updated-11 Aug, 2025 | 17:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Industrial Network Director Command Injection Vulnerability

A vulnerability in the web UI of Cisco IND could allow an authenticated, remote attacker to execute arbitrary commands with administrative privileges on the underlying operating system of an affected device. This vulnerability is due to improper input validation when uploading a Device Pack. An attacker could exploit this vulnerability by altering the request that is&nbsp;sent when uploading a Device Pack. A successful exploit could allow the attacker to execute arbitrary commands as NT AUTHORITY\SYSTEM on the underlying operating system of an affected device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-industrial_network_directorCisco Industrial Network Directorindustrial_network_director
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-27130
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.9||CRITICAL
EPSS-0.98% / 58.07%
||
7 Day CHG~0.00%
Published-18 May, 2026 | 20:58
Updated-19 May, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dokploy has Command Injection in its Service Operations

Dokploy is a free, self-hostable Platform as a Service (PaaS). Versions 0.26.6 and below have OS command injection through the appName parameter. 3 chained issues cause this problem: inadequate input sanitization, lack of schema validation and direct shell interpolation. User-controlled application names are passed through inadequate sanitization (cleanAppName function only replaces spaces and converts to lowercase) before being interpolated directly into shell commands executed via execAsync() and execAsyncRemote(). An authenticated attacker can inject shell metacharacters (e.g., ;, $(), backticks, |, &) in the appName field during application creation, which are then executed with server-level privileges when service operations (start, stop, remove, scale) are triggered. This issue has been resolved in version 0.26.7.

Action-Not Available
Vendor-Dokploy
Product-dokploy
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-33204
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-10||CRITICAL
EPSS-4.22% / 89.79%
||
7 Day CHG~0.00%
Published-25 Oct, 2022 | 16:33
Updated-15 Apr, 2025 | 18:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability focuses on the unsafe use of the `ssid_hex` HTTP parameter to construct an OS Command at offset `0x19afc0` of the `/root/hpgw` binary included in firmware 6.9Z.

Action-Not Available
Vendor-goabodeabode systems, inc.
Product-iota_all-in-one_security_kit_firmwareiota All-In-One Security Kit
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-33195
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-10||CRITICAL
EPSS-3.24% / 86.79%
||
7 Day CHG~0.00%
Published-25 Oct, 2022 | 16:33
Updated-15 Apr, 2025 | 18:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This vulnerability focuses on the unsafe use of the `WL_DefaultKeyID` in the function located at offset `0x1c7d28` of firmware 6.9Z, and even more specifically on the command execution occuring at offset `0x1c7fac`.

Action-Not Available
Vendor-goabodeabode systems, inc.
Product-iota_all-in-one_security_kit_firmwareiota All-In-One Security Kit
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-33192
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-10||CRITICAL
EPSS-3.24% / 86.79%
||
7 Day CHG~0.00%
Published-25 Oct, 2022 | 16:33
Updated-15 Apr, 2025 | 18:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This vulnerability specifically focuses on the unsafe use of the `WL_SSID` and `WL_SSID_HEX` configuration values in the function at offset `0x1c7d28` of firmware 6.9Z.

Action-Not Available
Vendor-goabodeabode systems, inc.
Product-iota_all-in-one_security_kit_firmwareiota All-In-One Security Kit
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-33207
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-10||CRITICAL
EPSS-4.22% / 89.79%
||
7 Day CHG~0.00%
Published-25 Oct, 2022 | 16:33
Updated-15 Apr, 2025 | 18:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability focuses on a second unsafe use of the `default_key_id` HTTP parameter to construct an OS Command at offset `0x19B234` of the `/root/hpgw` binary included in firmware 6.9Z.

Action-Not Available
Vendor-goabodeabode systems, inc.
Product-iota_all-in-one_security_kit_firmwareiota All-In-One Security Kit
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-33194
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-10||CRITICAL
EPSS-3.07% / 86.06%
||
7 Day CHG~0.00%
Published-25 Oct, 2022 | 16:33
Updated-15 Apr, 2025 | 18:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This vulnerability focuses on the unsafe use of the `WL_Key` and `WL_DefaultKeyID` configuration values in the function located at offset `0x1c7d28` of firmware 6.9Z , and even more specifically on the command execution occuring at offset `0x1c7f6c`.

Action-Not Available
Vendor-goabodeabode systems, inc.
Product-iota_all-in-one_security_kit_firmwareiota All-In-One Security Kit
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-5243
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-10||CRITICAL
EPSS-1.54% / 71.80%
||
7 Day CHG~0.00%
Published-24 Jul, 2025 | 12:45
Updated-05 Jun, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arbitrary File Upload in SMG Software's Information Portal

Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SMG Software Information Portal allows Code Injection, Upload a Web Shell to a Web Server, Code Inclusion. This issue affects Information Portal: before 13.06.2025.

Action-Not Available
Vendor-SMG Software
Product-Information Portal
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-33206
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-10||CRITICAL
EPSS-4.18% / 89.70%
||
7 Day CHG~0.00%
Published-25 Oct, 2022 | 16:33
Updated-15 Apr, 2025 | 18:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability focuses on the unsafe use of the `key` and `default_key_id` HTTP parameters to construct an OS Command crafted at offset `0x19b1f4` of the `/root/hpgw` binary included in firmware 6.9Z.

Action-Not Available
Vendor-goabodeabode systems, inc.
Product-iota_all-in-one_security_kit_firmwareiota All-In-One Security Kit
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-33193
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-10||CRITICAL
EPSS-3.07% / 86.06%
||
7 Day CHG~0.00%
Published-25 Oct, 2022 | 16:33
Updated-15 Apr, 2025 | 18:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This vulnerability specifically focuses on the unsafe use of the `WL_WPAPSK` configuration value in the function located at offset `0x1c7d28` of firmware 6.9Z.

Action-Not Available
Vendor-goabodeabode systems, inc.
Product-iota_all-in-one_security_kit_firmwareiota All-In-One Security Kit
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-33205
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-10||CRITICAL
EPSS-4.18% / 89.70%
||
7 Day CHG~0.00%
Published-25 Oct, 2022 | 16:33
Updated-15 Apr, 2025 | 18:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability focuses on the unsafe use of the `wpapsk_hex` HTTP parameter to construct an OS Command at offset `0x19b0ac` of the `/root/hpgw` binary included in firmware 6.9Z.

Action-Not Available
Vendor-goabodeabode systems, inc.
Product-iota_all-in-one_security_kit_firmwareiota All-In-One Security Kit
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-31137
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-10||CRITICAL
EPSS-90.39% / 99.79%
||
7 Day CHG~0.00%
Published-08 Jul, 2022 | 00:00
Updated-22 Apr, 2025 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated Remote Code Execution in Roxy-WI

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 6.1.1.0 are subject to a remote code execution vulnerability. System commands can be run remotely via the subprocess_execute function without processing the inputs received from the user in the /app/options.py file. Attackers need not be authenticated to exploit this vulnerability. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-roxy-wihap-wi
Product-roxy-wiroxy-wi
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-9645
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-9.9||CRITICAL
EPSS-0.32% / 23.40%
||
7 Day CHG~0.00%
Published-28 May, 2026 | 20:30
Updated-01 Jun, 2026 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ScadaBR Authenticated Remote Code Execution

Exposed methods allow authenticated users to create and execute arbitrary JavaScript code on the server. The scripts execute with full access, enabling complete system compromise as commands are executed as root.

Action-Not Available
Vendor-ScadaBR
Product-ScadaBR
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-56274
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-2.68% / 84.01%
||
7 Day CHG~0.00%
Published-23 Jun, 2026 | 12:13
Updated-25 Jun, 2026 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Flowise - Remote Code Execution via MCP Security Bypass in validateCommandFlags and validateArgsForLocalFileAccess

Flowise before 3.1.2 contains multiple OS command injection vulnerabilities in the Custom MCP Server feature due to incomplete command-flag validation and a regex bypass in local file access restrictions. An attacker with a Flowise account of any role, or API access with view/update permissions for chatflows, can configure a malicious MCP server to bypass the validateCommandFlags blocklist (for example, 'docker build' is not blocked, and 'npx --yes' is not blocked while only '-y' is) and the validateArgsForLocalFileAccess checks, resulting in execution of arbitrary commands on the Flowise host.

Action-Not Available
Vendor-flowiseaiFlowise
Product-flowiseFlowise ComponentsFlowise
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-56413
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-10||CRITICAL
EPSS-3.08% / 86.09%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 22:50
Updated-01 Jul, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OS Command Injection in StoneFly Storage Concentrator

Storage Concentrator (SC & SCVM) contains a command injection vulnerability in the ms_service.pl service, which listens on TCP port 9000 by default and accepts custom network packets to perform device actions. An unauthenticated remote attacker can send a specially crafted packet containing a malicious payload that is processed without adequate sanitization, resulting in arbitrary command execution with root-level privileges.

Action-Not Available
Vendor-StoneFly
Product-Storage Concentrator Virtual MachineStorage Concentrator
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-56415
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-10||CRITICAL
EPSS-3.07% / 86.06%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 22:40
Updated-01 Jul, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OS Command Injection in StoneFly Storage Concentrator

Storage Concentrator (SC & SCVM) contains a command injection vulnerability within the debug.pl script that is reachable without authentication. A remote attacker can submit a specially crafted HTTP request containing a malicious payload that is processed without adequate input sanitization, resulting in arbitrary command execution with root-level privileges on the underlying system.

Action-Not Available
Vendor-Stonefly
Product-Storage Concentrator Virtual MachineStorage Concentrator
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-56004
Matching Score-4
Assigner-SUSE
ShareView Details
Matching Score-4
Assigner-SUSE
CVSS Score-10||CRITICAL
EPSS-0.38% / 29.49%
||
7 Day CHG~0.00%
Published-02 Jul, 2026 | 14:54
Updated-02 Jul, 2026 | 17:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
obs-service-tar_scm: command injection via mercurial handler

A shellcode injection in the mercurial handler of the obs tar_scm source service before version 0.12.4 could be used by attackers able to provide a _service file to execute code as the source service or the local user checking out the malicious services

Action-Not Available
Vendor-openSUSE
Product-buildservice
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-24796
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-10||CRITICAL
EPSS-3.52% / 87.80%
||
7 Day CHG~0.00%
Published-31 Mar, 2022 | 22:40
Updated-23 Apr, 2025 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Command Injection in RaspberryMatic

RaspberryMatic is a free and open-source operating system for running a cloud-free smart-home using the homematicIP / HomeMatic hardware line of IoT devices. A Remote Code Execution (RCE) vulnerability in the file upload facility of the WebUI interface of RaspberryMatic exists. Missing input validation/sanitization in the file upload mechanism allows remote, unauthenticated attackers with network access to the WebUI interface to achieve arbitrary operating system command execution via shell metacharacters in the HTTP query string. Injected commands are executed as root, thus leading to a full compromise of the underlying system and all its components. Versions after `2.31.25.20180428` and prior to `3.63.8.20220330` are affected. Users are advised to update to version `3.63.8.20220330` or newer. There are currently no known workarounds to mitigate the security impact and users are advised to update to the latest version available.

Action-Not Available
Vendor-raspberrymaticjens-maus
Product-raspberrymaticRaspberryMatic
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-51568
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||CRITICAL
EPSS-45.68% / 98.65%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 00:00
Updated-07 Jul, 2025 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CyberPanel (aka Cyber Panel) before 2.3.5 allows Command Injection via completePath in the ProcessUtilities.outputExecutioner() sink. There is /filemanager/upload (aka File Manager upload) unauthenticated remote code execution via shell metacharacters.

Action-Not Available
Vendor-n/acyber_panelCyberPersons LLC
Product-cyberpaneln/acyber_panel
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-24803
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-10||CRITICAL
EPSS-2.72% / 84.24%
||
7 Day CHG~0.00%
Published-31 Mar, 2022 | 23:30
Updated-22 Apr, 2025 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Command Injection vulnerability in asciidoctor-include-ext

Asciidoctor-include-ext is Asciidoctor’s standard include processor reimplemented as an extension. Versions prior to 0.4.0, when used to render user-supplied input in AsciiDoc markup, may allow an attacker to execute arbitrary system commands on the host operating system. This attack is possible even when `allow-uri-read` is disabled! The problem has been patched in the referenced commits.

Action-Not Available
Vendor-asciidoctor-include-ext_projectjirutka
Product-asciidoctor-include-extasciidoctor-include-ext
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-54636
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9||CRITICAL
EPSS-0.27% / 19.20%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 16:23
Updated-29 Jun, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dokku: OS Command Injection via app.json managed Cron

Dokku is a docker-powered PaaS. Prior to 0.38.7, the cron plugin utilizes commands in the app.json file to manage system cron running as the Dokku user. An app.json cron command utilizing special shell characters - including, but not limited to, > or ; - can break out of the Docker container and execute commands on the host as the Dokku user. This vulnerability is fixed in 0.38.7.

Action-Not Available
Vendor-dokkudokku
Product-dokkudokku
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-20424
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-9.9||CRITICAL
EPSS-0.94% / 56.63%
||
7 Day CHG~0.00%
Published-23 Oct, 2024 | 17:46
Updated-01 Nov, 2024 | 18:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system as root. This vulnerability is due to insufficient input validation of certain HTTP requests. An attacker could exploit this vulnerability by authenticating to the web-based management interface of an affected device and then sending a crafted HTTP request to the device. A successful exploit could allow the attacker to execute arbitrary commands with root permissions on the underlying operating system of the Cisco FMC device or to execute commands on managed Cisco Firepower Threat Defense (FTD) devices. To exploit this vulnerability, the attacker would need valid credentials for a user account with at least the role of Security Analyst (Read Only).

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-secure_firewall_management_centerCisco Firepower Management Centerfirepower_management_center
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-3499
Matching Score-4
Assigner-EU Agency for Cybersecurity (ENISA)
ShareView Details
Matching Score-4
Assigner-EU Agency for Cybersecurity (ENISA)
CVSS Score-10||CRITICAL
EPSS-1.03% / 59.46%
||
7 Day CHG~0.00%
Published-09 Jul, 2025 | 08:57
Updated-10 Jul, 2025 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated execution of arbitrary commands in Radiflow iSAP Smart Collector

The device has two web servers that expose unauthenticated REST APIs on the management network (TCP ports 8084 and 8086). Exploiting OS command injection through these APIs, an attacker can send arbitrary commands that are executed with administrative permissions by the underlying operating system.

Action-Not Available
Vendor-Radiflow
Product-iSAP Smart Collector
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-30861
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-10||CRITICAL
EPSS-2.05% / 78.96%
||
7 Day CHG~0.00%
Published-07 Mar, 2026 | 16:38
Updated-09 Mar, 2026 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WeKnora: Remote Code Execution (RCE) via Command Injection in MCP Stdio Configuration Validation

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. From version 0.2.5 to before version 0.2.10, an unauthenticated remote code execution (RCE) vulnerability exists in the MCP stdio configuration validation. The application allows unrestricted user registration, meaning any attacker can create an account and exploit the command injection flaw. Despite implementing a whitelist for allowed commands (npx, uvx) and blacklists for dangerous arguments and environment variables, the validation can be bypassed using the -p flag with npx node. This allows any attacker to execute arbitrary commands with the application's privileges, leading to complete system compromise. This issue has been patched in version 0.2.10.

Action-Not Available
Vendor-tencentTencent
Product-weknoraWeKnora
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-49869
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-10||CRITICAL
EPSS-0.68% / 48.05%
||
7 Day CHG-0.01%
Published-26 Jun, 2026 | 20:58
Updated-01 Jul, 2026 | 12:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kestra: Unauthenticated Remote Code Execution via Authentication Bypass in `AuthenticationFilter`

Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, AuthenticationFilter in Kestra OSS uses request.getPath().endsWith("/configs") to whitelist the public configuration endpoint from Basic Auth. Because the check is a suffix match rather than an exact path match, any API path whose last segment is configs bypasses authentication entirely. An unauthenticated remote attacker can exploit this to create and execute arbitrary workflows without credentials. Because Kestra ships with script execution plugins (plugin-script-shell, plugin-script-python, etc.) enabled by default, this directly results in unauthenticated Remote Code Execution as root inside the Kestra worker container. This vulnerability is fixed in 1.0.45 and 1.3.21.

Action-Not Available
Vendor-kestrakestra-io
Product-kestrakestra
CWE ID-CWE-184
Incomplete List of Disallowed Inputs
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-2185
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-9.9||CRITICAL
EPSS-76.88% / 99.49%
||
7 Day CHG~0.00%
Published-01 Jul, 2022 | 15:50
Updated-03 Aug, 2024 | 00:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 where an authenticated user authorized to import projects could import a maliciously crafted project leading to remote code execution.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-49261
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-10||CRITICAL
EPSS-1.00% / 58.49%
||
7 Day CHG+0.55%
Published-11 Jun, 2026 | 17:13
Updated-01 Jul, 2026 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MariaDB server has unsafe parameter handling in `wsrep_notify_cmd`

MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8.1 through 11.8.7, and 12.3.1 with `wsrep_notify_cmd` enabled would execute shell commands embedded in the name of the joiner node. This is fixed in 10.6.27, 10.11.18, 11.4.12, 11.8.8, and 12.3.2. As a workaround, anyone who cannot upgrade now should disable `wsrep_notify_cmd`.

Action-Not Available
Vendor-Red Hat, Inc.MariaDB Foundation
Product-mariadbserverRed Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux AppStream (v. 10)Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux AppStream (v. 8)Red Hat Hardened Images
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-2234
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.9||CRITICAL
EPSS-41.47% / 98.50%
||
7 Day CHG~0.00%
Published-24 Aug, 2022 | 15:15
Updated-16 Apr, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
mySCADA myPRO Command Injection

An authenticated mySCADA myPRO 8.26.0 user may be able to modify parameters to run commands directly in the operating system.

Action-Not Available
Vendor-myscadamySCADA Technologies
Product-mypromySCADA myPRO
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-20708
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-10||CRITICAL
EPSS-14.86% / 96.29%
||
7 Day CHG+0.90%
Published-10 Feb, 2022 | 17:06
Updated-28 Oct, 2025 | 13:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-03-17||Apply updates per vendor instructions.
Cisco Small Business RV Series Routers Vulnerabilities

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv340w_firmwarerv340wrv340_firmwarerv345p_firmwarerv340rv345rv345_firmwarerv345pCisco Small Business RV Series Router FirmwareSmall Business RV160, RV260, RV340, and RV345 Series Routers
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-46716
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.9||CRITICAL
EPSS-0.34% / 25.88%
||
7 Day CHG~0.00%
Published-12 Jun, 2026 | 21:00
Updated-15 Jun, 2026 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nezha Monitoring: RoleMember can run shell on every server (cross-tenant RCE) via POST /api/v1/cron

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleMember user can create a scheduled cron task with Cover=CronCoverAll, Servers=[] and an arbitrary Command. At every tick of the scheduler, the dashboard pushes that command to every server in the global ServerShared map — including servers that belong to other tenants (admin's servers, other members' servers). Each agent runs the command and returns the output, which is then sent to the attacker's own NotificationGroup → attacker-controlled webhook. This issue has been patched in version 2.0.8.

Action-Not Available
Vendor-nezhahq
Product-nezha
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-862
Missing Authorization
CVE-2026-46624
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.9||CRITICAL
EPSS-0.48% / 38.15%
||
7 Day CHG~0.00%
Published-26 May, 2026 | 17:01
Updated-26 May, 2026 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Twenty: SQL Injection via the timeZone field

Twenty is an open source CRM. From 1.7.7 through 1.16.7, a critical Remote Code Execution (RCE) vulnerability exists in Twenty CRM via a chained SQL Injection and PostgreSQL COPY TO PROGRAM attack. If Postgres user is a super user then any authenticated user can execute arbitrary OS commands on the database server by injecting SQL through the unsanitized timeZone parameter in the REST API groupBy endpoint. The timeZone field within the group_by query parameter is directly interpolated into a raw SQL expression using JavaScript template literals without any parameterization, validation, or escaping. This affects engine/api/graphql/graphql-query-runner/group-by/resolvers/utils/get-group-by-expression.util.ts.

Action-Not Available
Vendor-twentyhq
Product-twenty
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-20827
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-9||CRITICAL
EPSS-1.66% / 73.87%
||
7 Day CHG~0.00%
Published-10 Aug, 2022 | 08:12
Updated-01 Nov, 2024 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV Series Routers Vulnerabilities

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv260_firmwarerv340_firmwarerv345prv345rv160w_firmwarerv160_firmwarerv260w_firmwarerv345p_firmwarerv340w_firmwarerv160wrv260rv260wrv340wrv260prv345_firmwarerv340rv260p_firmwarerv160Cisco Small Business RV Series Router Firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found