Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-13129

Summary
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
Published At-03 Jan, 2025 | 21:31
Updated At-28 Aug, 2025 | 14:41
Rejected At-
Credits

Roxy-WI roxy.py action_service os command injection

A vulnerability was found in Roxy-WI up to 8.1.3. It has been declared as critical. Affected by this vulnerability is the function action_service of the file app/modules/roxywi/roxy.py. The manipulation of the argument action/service leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 8.1.4 is able to address this issue. The identifier of the patch is 32313928eb9ce906887b8a30bf7b9a3d5c0de1be. It is recommended to upgrade the affected component.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulDB
Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5
Published At:03 Jan, 2025 | 21:31
Updated At:28 Aug, 2025 | 14:41
Rejected At:
▼CVE Numbering Authority (CNA)
Roxy-WI roxy.py action_service os command injection

A vulnerability was found in Roxy-WI up to 8.1.3. It has been declared as critical. Affected by this vulnerability is the function action_service of the file app/modules/roxywi/roxy.py. The manipulation of the argument action/service leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 8.1.4 is able to address this issue. The identifier of the patch is 32313928eb9ce906887b8a30bf7b9a3d5c0de1be. It is recommended to upgrade the affected component.

Affected Products
Vendor
n/a
Product
Roxy-WI
Versions
Affected
  • 8.1.0
  • 8.1.1
  • 8.1.2
  • 8.1.3
Problem Types
TypeCWE IDDescription
CWECWE-78OS Command Injection
CWECWE-77Command Injection
Type: CWE
CWE ID: CWE-78
Description: OS Command Injection
Type: CWE
CWE ID: CWE-77
Description: Command Injection
Metrics
VersionBase scoreBase severityVector
4.08.7HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
3.08.8HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2.09.0N/A
AV:N/AC:L/Au:S/C:C/I:C/A:C
Version: 4.0
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.0
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 2.0
Base score: 9.0
Base severity: N/A
Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

reporter
slash0x99 (VulDB User)
Timeline
EventDate
Advisory disclosed2025-01-03 00:00:00
VulDB entry created2025-01-03 01:00:00
VulDB entry last update2025-01-03 15:58:41
Event: Advisory disclosed
Date: 2025-01-03 00:00:00
Event: VulDB entry created
Date: 2025-01-03 01:00:00
Event: VulDB entry last update
Date: 2025-01-03 15:58:41
Replaced By

Rejected Reason

References
HyperlinkResource
https://vuldb.com/?id.290149
vdb-entry
technical-description
https://vuldb.com/?ctiid.290149
signature
permissions-required
https://vuldb.com/?submit.468530
third-party-advisory
https://github.com/roxy-wi/roxy-wi/pull/410
issue-tracking
https://github.com/roxy-wi/roxy-wi/pull/410#issuecomment-2561289700
issue-tracking
https://github.com/0xs1ash/Exploits/tree/main/CVE-EXPLOIT
exploit
https://github.com/roxy-wi/roxy-wi/pull/410/commits/32313928eb9ce906887b8a30bf7b9a3d5c0de1be
issue-tracking
patch
https://github.com/roxy-wi/roxy-wi/releases/tag/v8.1.4
patch
Hyperlink: https://vuldb.com/?id.290149
Resource:
vdb-entry
technical-description
Hyperlink: https://vuldb.com/?ctiid.290149
Resource:
signature
permissions-required
Hyperlink: https://vuldb.com/?submit.468530
Resource:
third-party-advisory
Hyperlink: https://github.com/roxy-wi/roxy-wi/pull/410
Resource:
issue-tracking
Hyperlink: https://github.com/roxy-wi/roxy-wi/pull/410#issuecomment-2561289700
Resource:
issue-tracking
Hyperlink: https://github.com/0xs1ash/Exploits/tree/main/CVE-EXPLOIT
Resource:
exploit
Hyperlink: https://github.com/roxy-wi/roxy-wi/pull/410/commits/32313928eb9ce906887b8a30bf7b9a3d5c0de1be
Resource:
issue-tracking
patch
Hyperlink: https://github.com/roxy-wi/roxy-wi/releases/tag/v8.1.4
Resource:
patch
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cna@vuldb.com
Published At:03 Jan, 2025 | 22:15
Updated At:15 Apr, 2026 | 00:35

A vulnerability was found in Roxy-WI up to 8.1.3. It has been declared as critical. Affected by this vulnerability is the function action_service of the file app/modules/roxywi/roxy.py. The manipulation of the argument action/service leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 8.1.4 is able to address this issue. The identifier of the patch is 32313928eb9ce906887b8a30bf7b9a3d5c0de1be. It is recommended to upgrade the affected component.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.08.7HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary2.09.0HIGH
AV:N/AC:L/Au:S/C:C/I:C/A:C
Type: Secondary
Version: 4.0
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 2.0
Base score: 9.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-77Secondarycna@vuldb.com
CWE-78Secondarycna@vuldb.com
CWE ID: CWE-77
Type: Secondary
Source: cna@vuldb.com
CWE ID: CWE-78
Type: Secondary
Source: cna@vuldb.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/0xs1ash/Exploits/tree/main/CVE-EXPLOITcna@vuldb.com
N/A
https://github.com/roxy-wi/roxy-wi/pull/410cna@vuldb.com
N/A
https://github.com/roxy-wi/roxy-wi/pull/410#issuecomment-2561289700cna@vuldb.com
N/A
https://github.com/roxy-wi/roxy-wi/pull/410/commits/32313928eb9ce906887b8a30bf7b9a3d5c0de1becna@vuldb.com
N/A
https://github.com/roxy-wi/roxy-wi/releases/tag/v8.1.4cna@vuldb.com
N/A
https://vuldb.com/?ctiid.290149cna@vuldb.com
N/A
https://vuldb.com/?id.290149cna@vuldb.com
N/A
https://vuldb.com/?submit.468530cna@vuldb.com
N/A
Hyperlink: https://github.com/0xs1ash/Exploits/tree/main/CVE-EXPLOIT
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://github.com/roxy-wi/roxy-wi/pull/410
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://github.com/roxy-wi/roxy-wi/pull/410#issuecomment-2561289700
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://github.com/roxy-wi/roxy-wi/pull/410/commits/32313928eb9ce906887b8a30bf7b9a3d5c0de1be
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://github.com/roxy-wi/roxy-wi/releases/tag/v8.1.4
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/?ctiid.290149
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/?id.290149
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/?submit.468530
Source: cna@vuldb.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2102Records found

CVE-2012-6605
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9||HIGH
EPSS-3.21% / 86.65%
||
7 Day CHG~0.00%
Published-31 Aug, 2013 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Ref ID 34896.

Action-Not Available
Vendor-n/aPalo Alto Networks, Inc.
Product-pan-osn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-14109
Matching Score-4
Assigner-Xiaomi Technology Co., Ltd.
ShareView Details
Matching Score-4
Assigner-Xiaomi Technology Co., Ltd.
CVSS Score-7.2||HIGH
EPSS-2.17% / 80.04%
||
7 Day CHG~0.00%
Published-16 Sep, 2021 | 11:55
Updated-04 Aug, 2024 | 12:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is command injection in the meshd program in the routing system, resulting in command execution under administrator authority on Xiaomi router AX3600 with ROM version =< 1.1.12

Action-Not Available
Vendor-n/aXiaomi
Product-ax3600_firmwareax3600Xiaomi Router AX3600
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-13782
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-27.06% / 97.80%
||
7 Day CHG~0.00%
Published-03 Jun, 2020 | 16:23
Updated-04 Aug, 2024 | 12:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-865l_firmwaredir-865ln/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2012-6604
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9||HIGH
EPSS-3.21% / 86.65%
||
7 Day CHG~0.00%
Published-31 Aug, 2013 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Ref ID 35249.

Action-Not Available
Vendor-n/aPalo Alto Networks, Inc.
Product-pan-osn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-13252
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-5.42% / 91.73%
||
7 Day CHG~0.00%
Published-21 May, 2020 | 03:35
Updated-04 Aug, 2024 | 12:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Centreon before 19.04.15 allows remote attackers to execute arbitrary OS commands by placing shell metacharacters in RRDdatabase_status_path (via a main.get.php request) and then visiting the include/views/graphs/graphStatus/displayServiceStatus.php page.

Action-Not Available
Vendor-n/aCENTREON
Product-centreonn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-13378
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-3.31% / 87.05%
||
7 Day CHG~0.00%
Published-12 May, 2023 | 00:00
Updated-24 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Loadbalancer.org Enterprise VA MAX through 8.3.8 has an OS Command Injection vulnerability that allows a remote authenticated attacker to execute arbitrary code.

Action-Not Available
Vendor-loadbalancern/a
Product-enterprise_va_maxn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-12078
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-10.00% / 95.04%
||
7 Day CHG~0.00%
Published-28 Apr, 2020 | 13:26
Updated-04 Aug, 2024 | 11:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Open-AudIT 3.3.1. There is shell metacharacter injection via attributes to an open-audit/configuration/ URI. An attacker can exploit this by adding an excluded IP address to the global discovery settings (internally called exclude_ip). This exclude_ip value is passed to the exec function in the discoveries_helper.php file (inside the all_ip_list function) without being filtered, which means that the attacker can provide a payload instead of a valid IP address.

Action-Not Available
Vendor-opmantekn/a
Product-open-auditn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-12237
Matching Score-4
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-4
Assigner-Symantec - A Division of Broadcom
CVSS Score-7.2||HIGH
EPSS-2.74% / 84.38%
||
7 Day CHG~0.00%
Published-24 Jan, 2019 | 21:00
Updated-16 Sep, 2024 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8 is susceptible to an OS command injection vulnerability. An authenticated malicious administrator with Enable mode access can execute arbitrary OS commands with elevated system privileges.

Action-Not Available
Vendor-Symantec Corporation
Product-reporterSymantec Reporter
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-12109
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-74.34% / 99.43%
||
7 Day CHG~0.00%
Published-04 May, 2020 | 15:06
Updated-04 Aug, 2024 | 11:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain TP-Link devices allow Command Injection. This affects NC200 2.1.9 build 200225, NC210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-nc200_firmwarenc220nc450_firmwarenc250_firmwarenc260nc260_firmwarenc250nc210nc210_firmwarenc200nc230nc450nc230_firmwarenc220_firmwaren/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-11766
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.85% / 76.49%
||
7 Day CHG~0.00%
Published-19 May, 2020 | 19:27
Updated-04 Aug, 2024 | 11:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

sendfax.php in iFAX AvantFAX before 3.3.6 and HylaFAX Enterprise Web Interface before 0.2.5 allows authenticated Command Injection.

Action-Not Available
Vendor-avantfaxifaxn/a
Product-avantfaxhylafaxn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-11770
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-1.60% / 72.83%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 13:47
Updated-04 Aug, 2024 | 11:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6220 before 1.0.0.52, D6400 before 1.0.0.86, D7000v2 before 1.0.0.53, D8500 before 1.0.3.44, R6220 before 1.1.0.80, R6250 before 1.0.4.34, R6260 before 1.1.0.64, R6400 before 1.0.1.46, R6400v2 before 1.0.2.66, R6700 before 1.0.2.6, R6700v2 before 1.2.0.36, R6700v3 before 1.0.2.66, R6800 before 1.2.0.36, R6900 before 1.0.2.4, R6900P before 1.3.1.64, R6900v2 before 1.2.0.36, R7000 before 1.0.9.42, R7000P before 1.3.1.64, R7100LG before 1.0.0.50, R7300DST before 1.0.0.70, R7800 before 1.0.2.60, R7900 before 1.0.3.8, R7900P before 1.4.1.30, R8000 before 1.0.4.28, R8000P before 1.4.1.30, R8300 before 1.0.2.128, R8500 before 1.0.2.128, R8900 before 1.0.4.12, R9000 before 1.0.4.12, and XR500 before 2.3.2.32.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r8900_firmwarer6220_firmwarer8000r6400_firmwarer6900pr7100lgr7900r8000pr6900p_firmwared6220r6800r7100lg_firmwarer7300dst_firmwarer8300r8500_firmwarer6260_firmwarer6260r7000_firmwarer6220r8000p_firmwared6400_firmwarexr500_firmwarer7300dstd6220_firmwared8500_firmwarer6250_firmwarer7900pxr500r7000p_firmwarer8500d7000r8900r9000_firmwared8500d7000_firmwarer6700r8300_firmwarer7000r6900d6400r7000pr9000r6900_firmwarer7800r7900_firmwarer7800_firmwarer6400r6700_firmwarer7900p_firmwarer6800_firmwarer8000_firmwarer6250n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-12111
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-7.95% / 94.04%
||
7 Day CHG~0.00%
Published-04 May, 2020 | 14:05
Updated-04 Aug, 2024 | 11:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain TP-Link devices allow Command Injection. This affects NC260 1.5.2 build 200304 and NC450 1.5.3 build 200304.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-nc260_firmwarenc450_firmwarenc260nc450n/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-11733
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.7||MEDIUM
EPSS-1.56% / 72.19%
||
7 Day CHG~0.00%
Published-13 Aug, 2020 | 13:59
Updated-04 Aug, 2024 | 11:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Spirent TestCenter and Avalanche appliance admin interface firmware. An attacker, who already has access to an SSH restricted shell, can achieve root access via shell metacharacters. The attacker can then, for example, read sensitive files such as appliance admin configuration source code. This affects Spirent TestCenter and Avalanche products which chassis version <= 5.08. The SSH restricted shell is available with default credentials.

Action-Not Available
Vendor-spirentn/a
Product-avalanchetestcenterc100-mpn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-11950
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-2.69% / 84.02%
||
7 Day CHG~0.00%
Published-28 May, 2020 | 12:44
Updated-04 Aug, 2024 | 11:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to upload and execute a script (with resultant execution of OS commands). For example, this affects IT9388-HT devices.

Action-Not Available
Vendor-vivotekn/a
Product-ib8382-rt_firmwareib8379-hfd8177-ht_firmwarefe9582-ehnvfd9387-htvfe9180-hfd8167a-sib9388-htfd9367-ehtv_firmwareib9389-ht_firmwarefd9387-ehvib9381-\(e\)ht_firmwarefd9387-hvcd8371-hnvf2fd9388-htv_firmwareib836b-hf3fd9371-\(e\)htvsd9362-ehfd9381-\(e\)htv_firmwarefd8369a-v_firmwareip9191-hp_firmwarefd9165-ht-aib9367-htfd8379-hv_firmwaresd9366-ehfd9391-ehtvfd8167a-s_firmwarefd836b-htv_firmwarefd9365-ehtv_firmwaresd9363-ehl_firmwarefd9187-ht_firmwareit9389-hmd8563-dehfd9368-htv_firmwarefd9380-hfd9189-hm_firmwarefd9365-ehtv-a_firmwarefe9391-ev_firmwareib9365-htib8382-et_firmwarefd9189-hfd8177-hfd9365-htvl_firmwarefd9389-hmvfd9389-ehmv_firmwarefd816ca-hf2cc8160\(hs\)_firmwareib9381-\(e\)htfd9167-htfd9365-htv-a_firmwareib836ba-hf3_firmwareib8377-htfe9391-evfd9366-hv_firmwareib9391-eht_firmwaresd9364-ehib9389-ehm_firmwarefd9367-htv\(epoc\)ib9365-ht-a_firmwarefd8182-t_firmwarefd9171-htit9388-ht_firmwarefd9365-htv-afd8382-etv_firmwareip9165-lpcib9389-ehmmd8563-ehib9387-h_firmwarefd836b-htvib9387-eht-afd8377-htv_firmwaresd9362-eh-v2_firmwarefe9191ib8382-f3fd8182-f2ib9387-ht-a_firmwarevc8101_firmwarefd8369a-vit9360-h_firmwarefd9360-hfd8179-hib9387-ht-afd8382-tvip8160_firmwareip8160-wfd9187-ht-ama9321-ehtv_firmwarefd816ba-ht_firmwareib8360ib8360-wfd836ba-hvf2fe9382-ehv_firmwarevs8100-v2_firmwarefe9182-h_firmwaremd9560-dhib8382-ef3fd8182-f1fe9182-hfd9166-hn_firmwaremd9560-hib9389-hib9387-hib8360-w_firmwaremd9561-h_firmwarefd8166a-n_firmwarecd8371-hntv_firmwarecc9381-hv_firmwareib836ba-ht_firmwaresd9362-ehlmd9561-hfd9365-htvsd9363-ehl-v2_firmwarefd8377-ehtv_firmwaremd8564-ehfd9391-ehtv_firmwarefd9387-ehv_firmwareip9165-hpip8166fd9367-hv_firmwareib836ba-htcc8160_firmwareib836b-hf3_firmwarefd9389-hv_firmwarefd8382-vf2_firmwareip9167-hp_firmwarefd9187-hip9191-hpib8360_firmwaretb9330-eib8382-rf3fe9382-ehvfd836b-ehvf2_firmwareit9360-hip9167-hpfd9365-htvlib9371-\(e\)htib8382-ef3_firmwareib8369afd9367-hvib9367-h_firmwarefd9181-ht_firmwarefe9191_firmwareib836b-ehf3_firmwarecd8371-hntvib8382-rf3_firmwareip9164-lpc_firmwareib8377-hfd816b-hf2md8565-n_firmwareip9171-hp_firmwareib8369a_firmwarefd8179-h_firmwarefd9187-ht-a_firmwarecc9381-hvsd9364-ehl-v2_firmwareib9389-ehtfd816b-hf2_firmwareib9371-\(e\)ht_firmwareip9164-htit9389-ht_firmwareib8367acc8160\(hs\)fd8382-tv_firmwareip8160cc8371-hvsd9364-eh-v2ib9389-h_firmwaresd9362-eh_firmwarems9321-ehvib836b-htib836ba-ehf3_firmwarefd8382-evf2fd836ba-ehvf2fd816c-hf2_firmwarefd9389-ehmviz9361-eh_firmwareib9387-eht_firmwareib9387-ehtfd9389-ehvib9360-h_firmwarefd9365-htv_firmwaresd9365-ehl_firmwarefd8177-htib8382-f3_firmwaresd9374-ehl\(x\)ib9367-ht_firmwarefd9388-htvfd9167-h_firmwarevc8101ib8382-rtip9165-lpc_firmwareib836b-ht_firmwareib836b-eht_firmwaresd9366-eh_firmwareib9368-htfe9180-h_firmwarefd9181-htfd9389-htvib9389-eht_firmwaresd9364-eh-v2_firmwarefd836ba-hvf2_firmwarefd9371-\(e\)htv_firmwareib8377-ht_firmwarefd9165-htfd8182-f2_firmwareip9167-htfd9167-hfd8167afd836b-hvf2ip9164-ht_firmwareib9367-ehtfd9368-htvfe9381-ehvib9387-ht_firmwarefd9171-ht_firmwarefd9387-ehtvfd816ba-hf2fd8182-f1_firmwarems9321-ehv_firmwareit9380-hfd9387-htv-afd8367a-v_firmwarefd836ba-ehtvfd9189-h_firmwaresd9361-ehl_firmwarefd8382-vf2ip9172-lpc_firmwarems9390-hvib836b-ehtib9387-ehfd9360-h_firmwareip9181-h_firmwarefd836ba-htvfd9387-ehtv-acc8370-hvfd9380-h_firmwareib9365-eht_firmwareib836b-hrf3_firmwarefd9366-hvib8382-t_firmwaresd9366-eh-v2_firmwaremd9560-h_firmwaremd9560-dh_firmwarefd9166-hnsd9374-ehl\(x\)_firmwareib8367a_firmwarefd9387-htv_firmwarecc8371-hv_firmwarema9322-ehtv_firmwareib9365-eht-a_firmwarefd9187-h_firmwarefd816ca-hf2_firmwarefd9167-ht_firmwareip9181-hfd8382-evf2_firmwaremd8564-eh_firmwaremd9581-h_firmwareip9191-htsd9366-eh-v2ip9167-ht_firmwarefd8177-h_firmwarefd816b-ht_firmwarefd8366-vip9165-htib836b-ehf3fd8166a-nfe9181-h_firmwareib9389-ehib9367-eh_firmwarefd836b-ehtv_firmwarefd9387-ehtv_firmwaretb9331-efd816ba-htsd9365-ehlfe9181-hfd836ba-htv_firmwarefd9389-ehv_firmwaresd9361-ehlib836b-hrf3ib9365-ht_firmwareip9164-lpcfd9165-ht_firmwareib9367-ehsd9362-eh-v2ib9391-ehtib9367-hfd8377-ehtvit9380-h_firmwareib8377-eht_firmwarefd8169a_firmwareib836ba-hf3fe8182fd836ba-ehvf2_firmwarefe9380-hv_firmwarefd8166aip9165-hp_firmwarefd9367-ehtvib9389-hm_firmwareib8377-ehtib9365-eht-aib8382-etcc8370-hv_firmwareip9172-lpcfd8169a-s_firmwareib9387-htib9365-ht-aip9191-ht_firmwarefe9380-hvfe9582-ehnv_firmwarefd9367-htv\(epoc\)_firmwaresd9364-ehl_firmwarefe8182_firmwaremd8563-deh_firmwarema9322-ehtvtb9331-e_firmwareit9389-h_firmwarefd816c-hf2fd9165-ht-a_firmwareib9380-h_firmwaresd9363-ehl-v2ib9365-ehtfd9381-\(e\)htvmd8565-nib836ba-ehtfd9367-htv_firmwareip8160-w_firmwarefd9189-hmfd8377-hvib9389-eh_firmwareib836ba-eht_firmwareip9165-lpc\(i-cs_kit\)ib8382-tfd9389-ehtv_firmwarefd8169aib9368-ht_firmwarefd8167a_firmwaresd9364-ehlcd8371-hnvf2_firmwareit9389-htsd9364-ehl-v2fd836b-ehvf2fd9367-htvfd8366-v_firmwareib9388-ht_firmwareip8166_firmwareip9171-hpib8377-h_firmwarefd816ba-hf2_firmwarefd836b-hvf2_firmwarefd816b-htmd9581-hmd8563-eh_firmwarefd9387-ehtv-a_firmwaresd9366-ehlfd8166a_firmwareip9165-ht_firmwarefd8182-tfd9365-ehtvms9390-hv_firmwarefe9381-ehv_firmwareip9165-lpc\(i-cs_kit\)_firmwarefd8377-htvfd9389-ehtvfd9189-ht_firmwareib9387-eh_firmwareit9388-htib9360-hfd8367a-vcc8160vs8100-v2sd9161-hfd9187-htfd9389-hvfd8169a-ssd9362-ehl_firmwareib9380-htb9330-e_firmwarefd8382-etvma9321-ehtvsd9363-ehlsd9364-eh_firmwarefd836b-ehtvib9389-htib836ba-ehf3ib9389-hmib9387-eht-a_firmwareiz9361-ehsd9366-ehl_firmwarefd8379-hvfd8377-hv_firmwarefd9389-hmv_firmwarefd9387-htv-a_firmwareib9367-eht_firmwarefd836ba-ehtv_firmwarefd9389-htv_firmwareib8379-h_firmwarefd9189-htsd9161-h_firmwarefd9365-ehtv-afd9387-hv_firmwaren/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-11699
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-9.64% / 94.91%
||
7 Day CHG~0.00%
Published-17 Sep, 2020 | 16:31
Updated-04 Aug, 2024 | 11:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Titan SpamTitan 7.07. Improper validation of the parameter fname on the page certs-x.php would allow an attacker to execute remote code on the target server. The user has to be authenticated before interacting with this page.

Action-Not Available
Vendor-titanhqn/a
Product-spamtitann/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-2605
Matching Score-4
Assigner-Honeywell International Inc.
ShareView Details
Matching Score-4
Assigner-Honeywell International Inc.
CVSS Score-9.9||CRITICAL
EPSS-10.17% / 95.10%
||
7 Day CHG+0.76%
Published-02 May, 2025 | 12:39
Updated-17 May, 2025 | 06:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated command injection

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Honeywell MB-Secure allows Privilege Abuse. This issue affects MB-Secure: from V11.04 before V12.53 and MB-Secure PRO from V01.06 before V03.09.Honeywell also recommends updating to the most recent version of this product.

Action-Not Available
Vendor-Honeywell International Inc.
Product-mb-securemb-secure_pro_firmwaremb-secure_firmwaremb-secure_proMB-Secure
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-11016
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-2.33% / 81.50%
||
7 Day CHG~0.00%
Published-30 Apr, 2020 | 22:25
Updated-04 Aug, 2024 | 11:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote code execution in Message sending functionality in IntelMQ Manager

IntelMQ Manager from version 1.1.0 and before version 2.1.1 has a vulnerability where the backend incorrectly handled messages given by user-input in the "send" functionality of the Inspect-tool of the Monitor component. An attacker with access to the IntelMQ Manager could possibly use this issue to execute arbitrary code with the privileges of the webserver. Version 2.1.1 fixes the vulnerability.

Action-Not Available
Vendor-intelmq_manager_projectcerttools
Product-intelmq_managerIntelMQ Manager
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-21898
Matching Score-4
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-4
Assigner-QNAP Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-1.21% / 64.86%
||
7 Day CHG~0.00%
Published-06 Sep, 2024 | 16:26
Updated-11 Sep, 2024 | 13:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QTS, QuTS hero

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-quts_heroqtsQuTS heroQTSquts_heroqts
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-10580
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-3.91% / 89.04%
||
7 Day CHG~0.00%
Published-25 Mar, 2021 | 19:48
Updated-04 Aug, 2024 | 11:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A command injection on the /admin/broadcast.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote authenticated attackers to execute arbitrary PHP code on the server as the user running the application.

Action-Not Available
Vendor-invigon/a
Product-automatic_device_managementn/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-11490
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-1.93% / 77.50%
||
7 Day CHG~0.00%
Published-02 Apr, 2020 | 13:07
Updated-04 Aug, 2024 | 11:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Manage::Certificates in Zen Load Balancer 3.10.1 allows remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the index.cgi cert_issuer, cert_division, cert_organization, cert_locality, cert_state, cert_country, or cert_email parameter.

Action-Not Available
Vendor-zevenetn/a
Product-zen_load_balancern/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-7096
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-4.08% / 89.46%
||
7 Day CHG~0.00%
Published-27 Apr, 2026 | 06:45
Updated-30 Apr, 2026 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda HG3 formgponConf os command injection

A security flaw has been discovered in Tenda HG3 2.0 300003070. This vulnerability affects the function formgponConf of the file /boaform/admin/formgponConf. The manipulation of the argument fmgpon_loid results in os command injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-hg3_firmwarehg3HG3
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-34033
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-7.7||HIGH
EPSS-3.92% / 89.04%
||
7 Day CHG~0.00%
Published-24 Jun, 2025 | 00:59
Updated-07 Apr, 2026 | 14:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
5VTechnologies Blue Angel Software Suite OS Command Injection

An OS command injection vulnerability exists in the Blue Angel Software Suite running on embedded Linux devices via the ping_addr parameter in the webctrl.cgi script. The application fails to properly sanitize input before passing it to the system-level ping command. An authenticated attacker can inject arbitrary commands by appending shell metacharacters to the ping_addr parameter in a crafted GET request to /cgi-bin/webctrl.cgi?action=pingtest_update. The command's output is reflected in the application's web interface, enabling attackers to view results directly. Default and backdoor credentials can be used to access the interface and exploit the issue. Successful exploitation results in arbitrary command execution as the root user. Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-26 UTC.

Action-Not Available
Vendor-5vtechnologies5VTechnologies
Product-blue_angel_software_suiteBlue Angel Software Suite
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-21410
Matching Score-4
Assigner-Axis Communications AB
ShareView Details
Matching Score-4
Assigner-Axis Communications AB
CVSS Score-7.2||HIGH
EPSS-0.75% / 50.42%
||
7 Day CHG~0.00%
Published-03 Aug, 2023 | 06:51
Updated-08 Nov, 2024 | 09:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Non-sanitized user input could lead to arbitrary code execution in AXIS License Plate Verifier

User provided input is not sanitized on the AXIS License Plate Verifier specific “api.cgi” allowing for arbitrary code execution.

Action-Not Available
Vendor-axisAxis Communications AB
Product-license_plate_verifierAXIS License Plate Verifier
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-10173
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-77.28% / 99.50%
||
7 Day CHG~0.00%
Published-05 Mar, 2020 | 14:36
Updated-04 Aug, 2024 | 10:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m devices have Multiple Authenticated Command Injection vulnerabilities via the ping and traceroute diagnostic pages, as demonstrated by shell metacharacters in the pingIpAddress parameter to ping.cgi.

Action-Not Available
Vendor-comtrendn/a
Product-vr-3033vr-3033_firmwaren/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-10519
Matching Score-4
Assigner-GitHub, Inc. (Products Only)
ShareView Details
Matching Score-4
Assigner-GitHub, Inc. (Products Only)
CVSS Score-8.8||HIGH
EPSS-2.99% / 85.70%
||
7 Day CHG~0.00%
Published-03 Mar, 2021 | 03:25
Updated-04 Aug, 2024 | 11:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unsafe configuration options in GitHub Pages leading to remote code execution on GitHub Enterprise Server

A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22.7 and was fixed in 2.22.7, 2.21.15, and 2.20.24. The underlying issues contributing to this vulnerability were identified through the GitHub Security Bug Bounty program.

Action-Not Available
Vendor-GitHub, Inc.
Product-githubGitHub Enterprise Server
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-10514
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-8.8||HIGH
EPSS-1.58% / 72.59%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 06:20
Updated-16 Sep, 2024 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
iCatch DVR - Command Injection

iCatch DVR firmware before 20200103 do not validate function parameter properly, resulting attackers executing arbitrary command.

Action-Not Available
Vendor-icatchinciCatch Inc.
Product-dvr_firmwareDVR firmware
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2019-8313
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-6.41% / 92.84%
||
7 Day CHG~0.00%
Published-13 Feb, 2019 | 03:00
Updated-16 Sep, 2024 | 23:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the twsystem function with untrusted input from the request body for the SetIPv6FirewallSettings API function, as demonstrated by shell metacharacters in the SrcIPv6AddressRangeStart field.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-878dir-878_firmwaren/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-10216
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-5.60% / 91.97%
||
7 Day CHG~0.00%
Published-07 Mar, 2020 | 00:29
Updated-04 Aug, 2024 | 10:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the date parameter in a system_time.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected.

Action-Not Available
Vendor-n/aTRENDnet, Inc.D-Link Corporation
Product-tew-632brpdir-825_firmwaredir-825tew-632brp_firmwaren/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-10213
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-5.00% / 91.19%
||
7 Day CHG~0.00%
Published-07 Mar, 2020 | 00:29
Updated-04 Aug, 2024 | 10:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the wps_sta_enrollee_pin parameter in a set_sta_enrollee_pin.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected.

Action-Not Available
Vendor-n/aTRENDnet, Inc.D-Link Corporation
Product-tew-632brpdir-825_firmwaredir-825tew-632brp_firmwaren/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-10221
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-36.75% / 98.31%
||
7 Day CHG~0.00%
Published-08 Mar, 2020 | 21:03
Updated-07 Nov, 2025 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

lib/ajaxHandlers/ajaxAddTemplate.php in rConfig through 3.94 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the fileName POST parameter.

Action-Not Available
Vendor-rconfign/arConfig
Product-rconfign/arConfig
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-9507
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-8.3||HIGH
EPSS-2.15% / 79.90%
||
7 Day CHG~0.00%
Published-30 Mar, 2020 | 20:50
Updated-17 Sep, 2024 | 02:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to arbitrary remote code execution

The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to command injection because the application incorrectly neutralizes code syntax before executing. Since all commands within the web application are executed as root, this could allow a remote attacker authenticated with an administrator account to execute arbitrary commands as root.

Action-Not Available
Vendor-vertivVertiv
Product-avocent_umg-4000avocent_umg-4000_firmwareAvocent UMG-4000
CWE ID-CWE-95
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2012-3366
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-9||HIGH
EPSS-3.82% / 88.78%
||
7 Day CHG~0.00%
Published-03 Jul, 2012 | 16:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Trigger plugin in bcfg2 1.2.x before 1.2.3 allows remote attackers with root access to the client to execute arbitrary commands via shell metacharacters in the UUID field to the server process (bcfg2-server).

Action-Not Available
Vendor-anln/a
Product-bcfg2n/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-9972
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.61% / 73.04%
||
7 Day CHG~0.00%
Published-07 Jun, 2022 | 17:57
Updated-04 Aug, 2024 | 22:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an authenticated attacker to run arbitrary commands with the phonesystem user privileges because of "<space><space> followed by <shift><enter>" mishandling.

Action-Not Available
Vendor-3cxn/aDebian GNU/Linux
Product-phone_systemphone_system_firmwaredebian_linuxn/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2019-9859
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-3.00% / 85.73%
||
7 Day CHG~0.00%
Published-10 Mar, 2020 | 12:34
Updated-04 Aug, 2024 | 22:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vesta Control Panel (VestaCP) 0.9.7 through 0.9.8-23 is vulnerable to an authenticated command execution that can result in remote root access on the server. The platform works with PHP as the frontend language and uses shell scripts to execute system actions. PHP executes shell script through the dangerous command exec. This function can be dangerous if arguments passed to it are not filtered. Every user input in VestaCP that is used as an argument is filtered with the escapeshellarg function. This function comes from the PHP library directly and its description is as follows: "escapeshellarg() adds single quotes around a string and quotes/escapes any existing single quotes allowing you to pass a string directly to a shell function and having it be treated as a single safe argument." It means that if you give Username, it will have 'Username' as a replacement. This works well and protects users from exploiting this potentially dangerous exec function. Unfortunately, VestaCP uses this escapeshellarg function incorrectly in several places.

Action-Not Available
Vendor-vestacpn/a
Product-vesta_control_paneln/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-25274
Matching Score-4
Assigner-Mattermost, Inc.
ShareView Details
Matching Score-4
Assigner-Mattermost, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.34% / 25.82%
||
7 Day CHG~0.00%
Published-21 Mar, 2025 | 08:24
Updated-27 Mar, 2025 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthorized Command Execution in Archived Channels

Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8 fail to restrict command execution in archived channels, which allows authenticated users to run commands in archived channels.

Action-Not Available
Vendor-Mattermost, Inc.
Product-mattermost_serverMattermost
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-25220
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-1.01% / 58.94%
||
7 Day CHG~0.00%
Published-18 Mar, 2025 | 08:26
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in +F FS010M versions prior to V2.0.1_1101. If this vulnerability is exploited, an arbitrary OS command may be executed by a remote authenticated attacker.

Action-Not Available
Vendor-FUJI SOFT INCORPORATED
Product-+F FS010M
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-8318
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-6.41% / 92.84%
||
7 Day CHG~0.00%
Published-13 Feb, 2019 | 03:00
Updated-16 Sep, 2024 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the twsystem function with untrusted input from the request body for the SetSysEmailSettings API function, as demonstrated by shell metacharacters in the SMTPServerPort field.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-878dir-878_firmwaren/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-8159
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-3.27% / 86.89%
||
7 Day CHG~0.00%
Published-06 Nov, 2019 | 00:01
Updated-04 Aug, 2024 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with system data manipulation privileges can execute aribitrary code through arbitrary file deletion and OS command injection.

Action-Not Available
Vendor-magentoAdobe Inc.
Product-magentoMagento 2
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-9193
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-91.88% / 99.80%
||
7 Day CHG~0.00%
Published-01 Apr, 2019 | 00:00
Updated-15 Nov, 2024 | 15:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_execute_server_program' group to execute arbitrary code in the context of the database's operating system user. This functionality is enabled by default and can be abused to run arbitrary operating system commands on Windows, Linux, and macOS. NOTE: Third parties claim/state this is not an issue because PostgreSQL functionality for ‘COPY TO/FROM PROGRAM’ is acting as intended. References state that in PostgreSQL, a superuser can execute commands as the server user without using the ‘COPY FROM PROGRAM’.

Action-Not Available
Vendor-n/aThe PostgreSQL Global Development Group
Product-postgresqln/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-1212
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-4.33% / 90.02%
||
7 Day CHG~0.00%
Published-02 Jul, 2018 | 17:00
Updated-17 Sep, 2024 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated remote code execution in iDRAC 6

The web-based diagnostics console in Dell EMC iDRAC6 (Monolithic versions prior to 2.91 and Modular all versions) contains a command injection vulnerability. A remote authenticated malicious iDRAC user with access to the diagnostics console could potentially exploit this vulnerability to execute arbitrary commands as root on the affected iDRAC system.

Action-Not Available
Vendor-Dell Inc.
Product-idrac6_monolithicidrac6_modulariDRAC6 (Modular)iDRAC6 (Monolithic)
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2012-3076
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-9||HIGH
EPSS-2.17% / 80.02%
||
7 Day CHG~0.00%
Published-12 Jul, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The administrative web interface on Cisco TelePresence Recording Server before 1.8.0 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Bug ID CSCth85804.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-telepresence_recording_servern/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-8317
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-6.35% / 92.80%
||
7 Day CHG~0.00%
Published-13 Feb, 2019 | 03:00
Updated-17 Sep, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetStaticRouteIPv6Settings API function, as demonstrated by shell metacharacters in the DestNetwork field.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-878dir-878_firmwaren/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-8319
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-7.80% / 93.94%
||
7 Day CHG~0.00%
Published-13 Feb, 2019 | 03:00
Updated-16 Sep, 2024 | 23:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetStaticRouteIPv4Settings API function, as demonstrated by shell metacharacters in the Gateway field.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-878dir-878_firmwaren/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-12312
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-3.44% / 87.55%
||
7 Day CHG~0.00%
Published-04 Dec, 2018 | 17:00
Updated-05 Aug, 2024 | 08:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "secret_key" URL parameter.

Action-Not Available
Vendor-n/aASUSTOR Inc.
Product-as602tdata_mastern/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-25217
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-2.38% / 81.87%
||
7 Day CHG~0.00%
Published-29 Mar, 2021 | 16:59
Updated-04 Aug, 2024 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allows Command Injection as root in its administrative web interface.

Action-Not Available
Vendor-grandstreamn/a
Product-grp2612wgrp2616grp2613_firmwaregrp2616_firmwaregrp2614grp2615grp2615_firmwaregrp2613grp2612w_firmwaregrp2614_firmwaregrp2612grp2612pgrp2612_firmwaregrp2612p_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2019-7301
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-3.42% / 87.45%
||
7 Day CHG~0.00%
Published-01 Feb, 2019 | 09:00
Updated-04 Aug, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zen Load Balancer 3.10.1 allows remote authenticated admin users to execute arbitrary commands as root via shell metacharacters in the index.cgi?action=View_Cert certname parameter.

Action-Not Available
Vendor-zevenetn/a
Product-zen_load_balancern/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-12307
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-3.44% / 87.55%
||
7 Day CHG~0.00%
Published-04 Dec, 2018 | 17:00
Updated-05 Aug, 2024 | 08:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "name" POST parameter.

Action-Not Available
Vendor-n/aASUSTOR Inc.
Product-as602tdata_mastern/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-5446
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.2||HIGH
EPSS-2.66% / 83.87%
||
7 Day CHG~0.00%
Published-10 Jul, 2019 | 19:47
Updated-04 Aug, 2024 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Command Injection in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to execute commands as root.

Action-Not Available
Vendor-n/aUbiquiti Inc.
Product-es-16-xges-24-250wes-48-liteedgeswitch_firmwarees-24-500wes-8-150wep-s16.es-16-150wes-24-litees-48-750wes-48-500wes-12fEdgeMAX
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-25039
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-4.7||MEDIUM
EPSS-0.62% / 45.53%
||
7 Day CHG+0.04%
Published-04 Feb, 2025 | 18:13
Updated-28 Mar, 2025 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Remote Command Injection in HPE Aruba Networking ClearPass Policy Manager Web-Based Management Interface

A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager (CPPM) allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)Aruba Networks
Product-clearpass_policy_managerHPE Aruba Networking ClearPass Policy Manager
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-6487
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-8.52% / 94.38%
||
7 Day CHG~0.00%
Published-18 Jan, 2019 | 10:00
Updated-17 Sep, 2024 | 03:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TP-Link WDR Series devices through firmware v3 (such as TL-WDR5620 V3.0) are affected by command injection (after login) leading to remote code execution, because shell metacharacters can be included in the weather get_weather_observe citycode field.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tl-wdr3600_firmwaretl-wdr3500tl-wdr5620tl-wdr3500_firmwaretl-wdr5620_firmwaretl-wdr3600tl-wdr4300tl-wdr4900_firmwaretl-wdr4300_firmwaretl-wdr4900n/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • ...
  • 42
  • 43
  • Next
Details not found