Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-22836

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-08 Feb, 2024 | 00:00
Updated At-20 Jun, 2025 | 20:16
Rejected At-
Credits

An OS command injection vulnerability exists in Akaunting v3.1.3 and earlier. An attacker can manipulate the company locale when installing an app to execute system commands on the hosting server.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:08 Feb, 2024 | 00:00
Updated At:20 Jun, 2025 | 20:16
Rejected At:
▼CVE Numbering Authority (CNA)

An OS command injection vulnerability exists in Akaunting v3.1.3 and earlier. An attacker can manipulate the company locale when installing an app to execute system commands on the hosting server.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/akaunting/akaunting/releases/tag/3.1.4
N/A
https://akaunting.com/
N/A
https://github.com/u32i/cve/tree/main/CVE-2024-22836
N/A
Hyperlink: https://github.com/akaunting/akaunting/releases/tag/3.1.4
Resource: N/A
Hyperlink: https://akaunting.com/
Resource: N/A
Hyperlink: https://github.com/u32i/cve/tree/main/CVE-2024-22836
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/akaunting/akaunting/releases/tag/3.1.4
x_transferred
https://akaunting.com/
x_transferred
https://github.com/u32i/cve/tree/main/CVE-2024-22836
x_transferred
Hyperlink: https://github.com/akaunting/akaunting/releases/tag/3.1.4
Resource:
x_transferred
Hyperlink: https://akaunting.com/
Resource:
x_transferred
Hyperlink: https://github.com/u32i/cve/tree/main/CVE-2024-22836
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-78CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Type: CWE
CWE ID: CWE-78
Description: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:08 Feb, 2024 | 20:15
Updated At:20 Jun, 2025 | 21:15

An OS command injection vulnerability exists in Akaunting v3.1.3 and earlier. An attacker can manipulate the company locale when installing an app to execute system commands on the hosting server.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Akaunting Inc.
akaunting
>>akaunting>>Versions before 3.1.4(exclusive)
cpe:2.3:a:akaunting:akaunting:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-78Primarynvd@nist.gov
CWE-78Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-78
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-78
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://akaunting.com/cve@mitre.org
Product
https://github.com/akaunting/akaunting/releases/tag/3.1.4cve@mitre.org
Release Notes
https://github.com/u32i/cve/tree/main/CVE-2024-22836cve@mitre.org
Third Party Advisory
https://akaunting.com/af854a3a-2127-422b-91ae-364da2661108
Product
https://github.com/akaunting/akaunting/releases/tag/3.1.4af854a3a-2127-422b-91ae-364da2661108
Release Notes
https://github.com/u32i/cve/tree/main/CVE-2024-22836af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Hyperlink: https://akaunting.com/
Source: cve@mitre.org
Resource:
Product
Hyperlink: https://github.com/akaunting/akaunting/releases/tag/3.1.4
Source: cve@mitre.org
Resource:
Release Notes
Hyperlink: https://github.com/u32i/cve/tree/main/CVE-2024-22836
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://akaunting.com/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Product
Hyperlink: https://github.com/akaunting/akaunting/releases/tag/3.1.4
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Release Notes
Hyperlink: https://github.com/u32i/cve/tree/main/CVE-2024-22836
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

1228Records found
CVE-2022-30310
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-9.8||CRITICAL
EPSS-1.09% / 77.03%
||
7 Day CHG~0.00%
Published-13 Jun, 2022 | 13:45
Updated-20 Nov, 2024 | 15:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FESTO: CECC-X-M1 and Servo Press Kit YJKP OS Command Injection vulnerability

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-acknerr-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.

Action-Not Available
Vendor-festoFesto
Product-controller_cecc-x-m1-mv-s1controller_cecc-x-m1controller_cecc-x-m1-ys-l2_firmwareservo_press_kit_yjkp_firmwareservo_press_kit_yjkp-controller_cecc-x-m1-ys-l1_firmwareservo_press_kit_yjkpcontroller_cecc-x-m1-mv_firmwarecontroller_cecc-x-m1-y-yjkpcontroller_cecc-x-m1-ys-l2controller_cecc-x-m1-mvcontroller_cecc-x-m1_firmwareservo_press_kit_yjkp-_firmwarecontroller_cecc-x-m1-y-yjkp_firmwarecontroller_cecc-x-m1-ys-l1controller_cecc-x-m1-mv-s1_firmwareController CECC-X-M1-MV (4407605)Controller CECC-X-M1-Y-YJKP (4803891)Controller CECC-X-M1 (8124922)Controller CECC-X-M1-MV-S1 (4407606)Controller CECC-X-M1-YS-L1 (8082793)Controller CECC-X-M1-MV (8124923)Controller CECC-X-M1-MV-S1 (8124924)Controller CECC-X-M1-YS-L2 (8082794)Servo Press Kit YJKP (8077950)Servo Press Kit YJKP- (8058596)Controller CECC-X-M1 (4407603)
CWE ID-CWE-863
Incorrect Authorization
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-3726
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.5||HIGH
EPSS-0.44% / 62.46%
||
7 Day CHG~0.00%
Published-30 Nov, 2021 | 09:30
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OS Command Injection in ohmyzsh/ohmyzsh

# Vulnerability in `title` function **Description**: the `title` function defined in `lib/termsupport.zsh` uses `print` to set the terminal title to a user-supplied string. In Oh My Zsh, this function is always used securely, but custom user code could use the `title` function in a way that is unsafe. **Fixed in**: [a263cdac](https://github.com/ohmyzsh/ohmyzsh/commit/a263cdac). **Impacted areas**: - `title` function in `lib/termsupport.zsh`. - Custom user code using the `title` function.

Action-Not Available
Vendor-planetargonohmyzsh
Product-oh_my_zshohmyzsh/ohmyzsh
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2016-11061
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.01% / 86.06%
||
7 Day CHG~0.00%
Published-29 Apr, 2020 | 21:23
Updated-06 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, and 7970i devices before 073.xxx.086.15410 do not properly escape parameters in the support/remoteUI/configrui.php script, which can allow an unauthenticated attacker to execute OS commands on the device.

Action-Not Available
Vendor-n/aXerox Corporation
Product-workcentre_5945_firmwareworkcentre_5945workcentre_5955_firmwareworkcentre_6655iworkcentre_7855workcentre_7845_firmwareworkcentre_5890workcentre_5865workcentre_5945i_firmwareworkcentre_5890i_firmwareworkcentre_3655_firmwareworkcentre_7200_firmwareworkcentre_5865_firmwareworkcentre_7200i_firmwareworkcentre_6655_firmwareworkcentre_7225i_firmwareworkcentre_7835workcentre_3655i_firmwareworkcentre_7970_firmwareworkcentre_3655workcentre_5875i_firmwareworkcentre_7970iworkcentre_7225iworkcentre_7225workcentre_7225_firmwareworkcentre_7220_firmwareworkcentre_7835_firmwareworkcentre_5955iworkcentre_6655workcentre_7220workcentre_5890_firmwareworkcentre_5865i_firmwareworkcentre_5875iworkcentre_7970i_firmwareworkcentre_7970workcentre_3655iworkcentre_7845workcentre_5945iworkcentre_5865iworkcentre_7200iworkcentre_7830workcentre_6655i_firmwareworkcentre_5955workcentre_7200workcentre_7855_firmwareworkcentre_5875_firmwareworkcentre_5875workcentre_5955i_firmwareworkcentre_5890iworkcentre_7830_firmwaren/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-16846
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-94.39% / 99.97%
||
7 Day CHG~0.00%
Published-06 Nov, 2020 | 07:27
Updated-30 Jul, 2025 | 01:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.

Action-Not Available
Vendor-saltstackn/aSaltStackopenSUSEFedora ProjectDebian GNU/Linux
Product-debian_linuxleapsaltfedoran/aSalt
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-37912
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-9.8||CRITICAL
EPSS-5.68% / 90.04%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 19:10
Updated-17 Sep, 2024 | 01:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HGiga OAKlouds - Command Injection-1

The HGiga OAKlouds mobile portal does not filter special characters of the Ethernet number parameter of the network interface card setting page. Remote attackers can use this vulnerability to perform command injection and execute arbitrary commands in the system without logging in.

Action-Not Available
Vendor-hgigaHGiga
Product-oaklouds_portalOAKlouds OAKSv3OAKlouds OAKSv2
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-37913
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-9.8||CRITICAL
EPSS-5.68% / 90.04%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 19:10
Updated-16 Sep, 2024 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HGiga OAKlouds - Command Injection-2

The HGiga OAKlouds mobile portal does not filter special characters of the IPv6 Gateway parameter of the network interface card setting page. Remote attackers can use this vulnerability to perform command injection and execute arbitrary commands in the system without logging in.

Action-Not Available
Vendor-hgigaHGiga
Product-oaklouds_portalOAKlouds OAKSv3OAKlouds OAKSv2
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-38294
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-87.81% / 99.44%
||
7 Day CHG~0.00%
Published-25 Oct, 2021 | 12:22
Updated-04 Aug, 2024 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Shell Command Injection Vulnerability in Nimbus Thrift Server

A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x prior to 2.2.1 and Apache Storm 1.x prior to 1.2.4. A specially crafted thrift request to the Nimbus server allows Remote Code Execution (RCE) prior to authentication.

Action-Not Available
Vendor-The Apache Software Foundation
Product-stormApache Storm
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-34800
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-68.95% / 98.57%
||
7 Day CHG~0.00%
Published-15 Jun, 2023 | 00:00
Updated-16 Dec, 2024 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at genacgi_main.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-go-rt-ac750go-rt-ac750_firmwaren/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2013-2612
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-5.72% / 90.07%
||
7 Day CHG~0.00%
Published-27 Jan, 2020 | 21:58
Updated-06 Aug, 2024 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Command-injection vulnerability in Huawei E587 3G Mobile Hotspot 11.203.27 allows remote attackers to execute arbitrary shell commands with root privileges due to an error in the Web UI.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-e587e587_firmwaren/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2013-2570
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-29.42% / 96.43%
||
7 Day CHG-33.33%
Published-29 Jan, 2020 | 17:31
Updated-06 Aug, 2024 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Command Injection vulnerability exists in Zavio IP Cameras through 1.6.3 in the General.Time.NTP.Server parameter to the sub_C8C8 function of the binary /opt/cgi/view/param, which could let a remove malicious user execute arbitrary code.

Action-Not Available
Vendor-zavion/a
Product-f312a_firmwaref3105f312af3105_firmwaren/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2013-2573
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-22.39% / 95.61%
||
7 Day CHG~0.00%
Published-29 Jan, 2020 | 18:31
Updated-06 Aug, 2024 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Command Injection vulnerability exists in the ap parameter to the /cgi-bin/mft/wireless_mft.cgi file in TP-Link IP Cameras TL-SC 3130, TL-SC 3130G, 3171G. and 4171G 1.6.18P12s, which could let a malicious user execute arbitrary code.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tl-sc_4171g_firmwaretl-sc_3130gtl-sc_3171gtl-sc_3130g_firmwaretl-sc_3171g_firmwaretl-sc_4171gn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-36260
Matching Score-4
Assigner-Hangzhou Hikvision Digital Technology Co., Ltd.
ShareView Details
Matching Score-4
Assigner-Hangzhou Hikvision Digital Technology Co., Ltd.
CVSS Score-9.8||CRITICAL
EPSS-94.44% / 99.98%
||
7 Day CHG~0.00%
Published-22 Sep, 2021 | 12:07
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-01-24||Apply updates per vendor instructions.

A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.

Action-Not Available
Vendor-n/aHIKVISION
Product-ds-2cd2386g2-i\(u\)ds-7108ni-q1\/mds-2cd3386g2-is\(u\)ds-2df8a442ixs-ael\(t5\)ds-2cd2383g2-i\(u\)ds-2df8242ix-aely\(t3\)ds-2td6267-100c4l\/wy_firmwareds-2cd2121g0-i\(w\)\(s\)_firmwareds-2cd2643g2-izs_firmwareds-2cd3347g2-ls\(u\)ds-2cd2121g1-i\(w\)ds-7604ni-k1\/4p\/4gds-2df8442ixs-aelwy\(t5\)_firmwareds-2df8442ixs-aelw\(t2\)_firmwareds-7104ni-q1\/4pds-7616ni-k1_firmwareds-2df8442ixs-aely\(t5\)_firmwareds-2td1217b-6\/pa_firmwareds-2cd2666g2-izs_firmwareds-2cd3026g2-iu\/sl_firmwareds-2cd3643g2-izs_firmwareds-7608ni-k1\/4gds-2df6a436x-aely\(t5\)ds-2cd3156g2-isds-2df6a836x-ael\(t5\)_firmwareds-2cd3063g2-iuptz-n5225i-a_firmwareds-2df8225ix-ael\(t5\)ds-2cd3023g2-iu_firmwareds-2cd2066g2-iu\/sl_firmwareds-7108ni-q1\/8p_firmwareds-7108ni-q1ds-2td1117-2\/pa_firmwareds-2cd3023g2-iuds-2cd2583g2-i\(s\)_firmwareds-2cd2543g2-i\(ws\)ds-2cd2186g2-isuds-2cd2586g2-i\(s\)ds-2cd2086g2-i\(u\)_firmwareds-2cd2643g2-izsds-2cd3343g2-iu_firmwareds-7608ni-k1_firmwareds-2cd3723g2-izs_firmwareds-7108ni-q1_firmwareds-2td4166t-9_firmwareds-2cd2321g0-i\/nfds-2cd2686g2-izsu\/sl_firmwareds-2cd2066g2-i\(u\)_firmwareds-2cd2366g2-i\(u\)_firmwareds-2td6267-50h4l\/w_firmwareds-2df8a442ixs-ael\(t5\)_firmwareds-7608ni-k1\/8p\/4gds-7604ni-q1\/4p_firmwareds-2cd2121g0-i\(w\)\(s\)ptz-n2204i-de3_firmwareds-2df7232ix-aelw\(t3\)_firmwareds-2cd2523g2-i\(s\)_firmwareds-2df8242ix-aelw\(t3\)ds-2df8442ixs-aelwy\(t5\)ds-2cd2163g2-iu_firmwareds-2td8166-180ze2f\/v2_firmwareds-2cd2366g2-isu\/sl_firmwareds-2cd2683g2-izsds-7608ni-q1_firmwareids-2sk718mxs-d_firmwareds-2xe6422fwd-izhrsds-2cd3143g2-i\(s\)uds-2cd3356g2-isds-2cd3547g2-ls_firmwareds-2cd2326g2-isu\/sl_firmwareds-2td6267-75c4l\/w_firmwareds-2df8242i5x-aelw\(t3\)ds-7616ni-q2\/16pds-2cd2083g2-i\(u\)ds-2cd3523g2-is_firmwareds-2td8167-230zg2f\/wds-2td4167-50\/w_firmwareds-2cd2046g2-iu\/sl_firmwareds-2cd2527g2-lsds-2cd2327g2-l\(u\)ds-2cd3326g2-isu\/slds-2cd2686g2-izs_firmwareds-2cd2183g2-i\(s\)_firmwareds-2df7225ix-ael\(t3\)_firmwareds-2td1217b-3\/pads-2td1217b-6\/pads-2cd3756g2-izs_firmwareds-2cd3686g2-izs_firmwareds-2cd3156g2-is_firmwareids-2vs435-f840-ey\(t3\)ds-2df6a836x-ael\(t5\)ds-2td8166-180ze2f\/v2ids-2vs435-f840-eyds-2cd2646g2-izsu\/sl_firmwareds-2cd2623g2-izs_firmwareds-2cd2143g2-i\(s\)_firmwareds-2cd2183g2-i\(u\)_firmwareds-2cd2363g2-i\(u\)ds-2cd3343g2-iuds-2df8425ix-aelw\(t5\)_firmwareds-2cd3526g2-isds-2cd3026g2-isds-2df8425ix-ael\(t5\)ds-2cd3156g2-is\(u\)_firmwareds-2df8442ixs-aely\(t5\)ds-2cd2766g2-izs_firmwareds-2dy92500x-a\(t5\)_firmwareds-2cd3623g2-izs_firmwareds-2df8242ix-ael\(t5\)ds-2td6236t-50h2lds-2dy9236x-a\(t3\)_firmwareds-2cd2121g1-idwds-2cd2526g2-i\(s\)ds-2cd2166g2-i\(su\)ds-2cd2623g2-izsds-2cd2721g0-i\(z\)\(s\)_firmwareds-7108ni-q1\/8p\/mids-2pt9a144mxs-d\/t2ds-2cd3043g2-iu_firmwareds-2xe6452f-izh\(r\)sds-2td6267-75c4l\/wds-7616ni-q1ds-2dy92500x-a\(t5\)ds-2xe6422fwd-izhrs_firmwareds-2cd2583g2-i\(s\)ds-2cd3126g2-is\(u\)_firmwareids-2sk8144ixs-d\/jds-2td1117-6\/pads-2cd2563g2-i\(s\)ds-2cd2547g2-ls_firmwareds-7616ni-q2\/16p_firmwareds-2cd2723g2-izsds-2cd2127g2-\(-su\)_firmwareds-2cd2123g2-iuds-2cd3047g2-lsds-7604ni-k1_firmwareds-2cd3686g2-izsds-2df6a436x-ael\(t5\)ds-2cd2666g2-izsds-7604ni-k1ds-2cd3743g2-izs_firmwareds-2cd3186g2-is\(u\)_firmwareds-7616ni-q2ds-2df8250i8x-ael\(t3\)ds-2dy9236i8x-a\(t3\)_firmwareds-2td1117-6\/pa_firmwareds-7104ni-q1\/4p_firmwareds-2cd2183g2-i\(s\)ds-2cd2666g2-izsu\/sl_firmwareds-2df6a225x-ael\)t3\)_firmwareds-2cd2127g2-\(-su\)ds-2df6a825x-ael_firmwareds-2td8166-150zh2f\/v2ds-2td4137-25\/w_firmwareds-2td4137-50\/w_firmwareds-2cd2723g2-izs_firmwareds-2cd2027g2-lu\/sl_firmwareds-7108ni-q1\/m_firmwareds-2cd2086g2-iu\/sl_firmwareds-2cd2666g2-izsu\/slds-2cd3386g2-isds-2td8167-230zg2f\/w_firmwareds-7608ni-k1\/8p\/4g_firmwareds-2cd2421g0-i\(d\)wds-2df7225ix-aelw\(t3\)ptz-n4215-de3_firmwareds-2df8225ix-ael\(t3\)ds-2xe6482f-izhrsds-2cd2421g0-i\(d\)\(w\)ds-2td4167-50\/wds-2cd3726g2-izs_firmwareds-2cd2087g2-l\(u\)_firmwareds-2dyh2a0ixs-d\(t2\)ptz-n2204i-de3ds-2cd3356g2-is\(u\)_firmwareds-2cd2343g2-i\(u\)_firmwareds-2td4136t-9ds-2cd3786g2-izsds-2df8242i5x-ael\(t3\)ds-2cd2721g0-i\(z\)\(s\)ds-2df8250i8x-ael\(t3\)_firmwareds-2df5225x-ae3\(t3\)ds-2cd3123g2-i\(s\)u_firmwareds-2td6237-50h4l\/w_firmwareds-2cd3563g2-is_firmwareds-2td6266t-25h2l_firmwareds-2df6a436x-ael\(t3\)ds-2cd2743g2-izs_firmwareds-2cd2021g1-i\(w\)_firmwareds-2cd2063g2-i\(u\)ds-2cd3026g2-is_firmwareds-2df6a436x-ael\(t5\)_firmwareds-2cd3323g2-iuds-2cd2347g2-l\(u\)_firmwareds-2cd3586g2-isds-2df8a442ixs-af\/sp\(t5\)_firmwareds-2cd2566g2-i\(s\)ds-2df8442ixs-aelw\(t2\)ds-2cd2546g2-i\(s\)_firmwareds-2cd2363g2-i\(u\)_firmwareds-2cd2186g2-i\(su\)_firmwareds-2cd2446g2-i_firmwareds-7608ni-q2\/8p_firmwareds-2cd2421g0-i\(d\)w_firmwareptz-n4215-de3ds-2cd3326g2-isu\/sl_firmwareds-2dyh2a0ixs-d\(t2\)_firmwareds-7608ni-q1\/8p_firmwareptz-n4215i-de_firmwareds-2df5225x-ael\(t3\)_firmwareds-7604ni-k1\/4p\/4g_firmwareds-7608ni-q1\/8pds-7608ni-k1ds-2cd2366g2-isu\/slds-2td4166t-9ds-2df8242i5x-aelw\(t5\)_firmwareds-2df8225ih-aelds-2cd2121g1-idw_firmwareptz-n5225i-ads-2df8a442ixs-ael\(t2\)_firmwareds-2dy9236i8x-ads-2td6266t-25h2lds-2cd3626g2-izs_firmwareds-7104ni-q1_firmwareds-2cd2526g2-i\(s\)_firmwareds-2cd2586g2-i\(s\)_firmwareds-2cd2183g2-iu_firmwareds-2cd3756g2-izsds-2cd3663g2-izs_firmwareids-2vs435-f840-ey\(t3\)_firmwareds-2cd3123g2-i\(s\)uds-2df8236i5x-aelwds-2td4137-25\/wds-2cd3663g2-izsds-2cd3626g2-izsds-2df8225ih-ael\(w\)ds-2td8166-75c2f\/v2ds-7616ni-k1ds-2df8a442nxs-ael\(t5\)ds-2cd2621g0-i\(z\)\(s\)ds-2dy9240ix-a\(t5\)ds-2cd3763g2-izsds-2xe6442f-izhrs\(b\)_firmwareds-2cd2686g2-izsds-2df8a842ixs-ael\(t5\)ds-2td6237-75c4l\/w_firmwareds-7604ni-q1_firmwareds-2cd2186g2-isu_firmwareds-2cd3086g2-isds-2cd2386g2-isu\/slds-2df8442ixs-aelw\(t5\)ds-2cd3056g2-is_firmwareds-2cd2686g2-izsu\/slds-2td1217b-3\/pa_firmwareds-2df8225ix-aelw\(t3\)ds-2cd2123g2-iu_firmwareds-2df8242ix-ael\(t5\)_firmwareds-2cd2386g2-i\(u\)_firmwareds-2cd3386g2-is_firmwareds-2cd3743g2-izsds-2cd3556g2-is_firmwareds-2cd3163g2-i\(s\)uds-2cd2347g2-lsu\/slds-2cd2163g2-iuptz-n4225i-de_firmwareds-2df7232ix-ael\(t3\)_firmwareds-2td6236t-50h2l_firmwareptz-n4215i-deds-2cd3163g2-i\(s\)u_firmwareds-2xe6482f-izhrs_firmwareids-2sk8144ixs-d\/j_firmwareds-2cd3623g2-izsds-2cd2043g2-i\(u\)_firmwareds-2cd2183g2-iuds-2df6a825x-aelds-2cd2366g2-i\(u\)ds-2cd3063g2-iu_firmwareds-2cd2186g2-i\(su\)ds-7608ni-k1\/8pds-2cd2347g2-l\(u\)ptz-n2404i-de3ds-2cd2327g2-l\(u\)_firmwareds-2df8a842ixs-ael\(t5\)_firmwareds-2cd2047g2-l\(u\)_firmwareds-2cd3086g2-is_firmwareds-2cd3056g2-iu\/slds-2cd2626g2-izsu\/slds-2cd2386g2-isu\/sl_firmwareds-2cd3056g2-iu\/sl_firmwareds-2cd3156g2-is\(u\)ds-2cd2547g2-lsds-2xe6452f-izh\(r\)s_firmwareds-2df8225ih-ael\(w\)_firmwareds-2td4167-25\/wds-2cd2027g2-l\(u\)ds-2cd2786g2-izsds-2df8442ixs-ael\(t5\)ds-2cd2163g2-i\(s\)_firmwareds-2cd2323g2-i\(u\)_firmwareds-2cd2663g2-izs_firmwareds-2cd2147g2-l\(su\)ds-2cd2783g2-izsds-760ni-k1\/4pds-2dy9236ix-a\(t3\)ds-2df6a436x-aely\(t5\)_firmwareds-2dy9236ix-a\(t3\)_firmwareds-2cd2066g2-iu\/slds-2cd2147g2-l\(su\)_firmwareds-2cd2086g2-iu\/slds-2df8436i5x-aelw\(t3\)_firmwareds-2cd2766g2-izsds-2df8425ix-aelw\(t5\)ds-2xe6242f-is\/316l\(b\)_firmwareds-2cd2143g2-i\(s\)ds-7104ni-q1\/mds-2cd2023g2-i\(u\)_firmwareds-2cd2566g2-i\(s\)_firmwareds-2df8a442ixs-aely\(t5\)_firmwareds-7104ni-q1\/m_firmwareds-2cd2087g2-l\(u\)ds-7608ni-q2\/8pds-2df6a425x-ael\(t3\)ds-2cd2343g2-i\(u\)ds-7608ni-q1ds-2cd2426g2-ids-2cd2323g2-i\(u\)ds-2dy9236x-a\(t3\)ds-2cd2646g2-izsu\/slds-2td8166-150zh2f\/v2_firmwareds-2td1117-3\/pads-2df8236i5x-aelw_firmwareds-2df8425ix-ael\(t5\)_firmwareds-2cd2346g2-isu\/sl_firmwareds-2cd2547g2-lzsds-2cd2683g2-izs_firmwareds-2td6237-50h4l\/wds-2td6267-50h4l\/wds-2df7225ix-ael\(t3\)ds-2df8225ix-ael\(t5\)_firmwareds-2cd2121g1ds-2df6a236x-ael\(t3\)_firmwareds-2td6266t-50h2lds-2df8225ix-aelw\(t3\)_firmwareds-2cd2326g2-isu\/slds-2td8166-100c2f\/v2_firmwareds-2cd3347g2-ls\(u\)_firmwareds-2cd2547g2-lzs_firmwareds-2cd2021g1-i\(w\)ds-2cd3356g2-is_firmwareds-2cd3356g2-isu\/sl_firmwareds-2dy9236i8x-a_firmwareds-7608ni-q2_firmwareds-2td8167-150zc4f\/w_firmwareds-2df8442ixs-ael\(t5\)_firmwareds-2cd2183g2-i\(u\)ds-2td8167-190ze2f\/wyds-7108ni-q1\/8pds-2td1117-3\/pa_firmwareds-2cd3543g2-isds-2cd3563g2-isds-2cd3056g2iu\/sl_firmwareds-2df8425ix-aelw\(t3\)ids-2sk718mxs-dds-2cd2663g2-izsds-2df7232ix-ael\(t3\)ds-2cd2026g2-iu\/slds-2cd3126g2-isds-2td8167-230zg2f\/wy_firmwareds-2cd2121g1-i\(w\)_firmwareds-2cd2526g2-is_firmwareds-2td6267-100c4l\/w_firmwareds-2cd2046g2-iu\/slds-2cd2621g0-i\(z\)\(s\)_firmwareds-2cd2523g2-i\(u\)_firmwareds-2xe6242f-is\/316l\(b\)ds-2cd3656g2-izs_firmwareds-2cd2526g2-isds-2td8167-150zc4f\/wds-2df8225ih-ael_firmwareds-2cd2387g2-l\(u\)_firmwareds-2cd2047g2-l\(u\)ds-2cd3363g2-iu_firmwareds-2td6267-100c4l\/wyds-2cd2786g2-izs_firmwareds-2cd2383g2-i\(u\)_firmwareds-2cd2166g2-i\(su\)_firmwareds-2dy9250izs-a\(t5\)ds-2df5225x-ae3\(t3\)_firmwareds-2df6a236x-ael\(t3\)ds-7104ni-q1\/4p\/m_firmwareds-2cd3543g2-is_firmwareds-2df8425ix-aelw\(t3\)_firmwareds-2cd3026g2-iu\/slds-2td8166-75c2f\/v2_firmwareds-2cd2543g2-i\(ws\)_firmwareds-2cd3043g2-iuds-2cd2163g2-i\(s\)ds-2cd2421g0-i\(d\)\(w\)_firmwareds-7604ni-q1\/4pds-2td6237-75c4l\/wptz-n4225i-deds-2cd2523g2-i\(u\)ds-2cd2446g2-ids-2cd2387g2-l\(u\)ds-2cd3323g2-iu_firmwareds-7608ni-k1\/8p_firmwareds-2cd2523g2-i\(s\)ds-7104ni-q1ds-2cd3586g2-is_firmwareds-2df7232ix-aelw\(t3\)ds-2cd3047g2-ls_firmwareds-7608ni-k1\/4g_firmwareds-2cd3056g2iu\/slds-2td8167-190ze2f\/wy_firmwareds-2td4137-50\/wds-2td6267-100c4l\/wds-2df5232x-ae3\)t3\)ds-2cd2066g2-i\(u\)ds-2df8436i5x-aelw\(t3\)ds-2df8242i5x-aelw\(t5\)ds-2cd2043g2-i\(u\)ds-2cd2783g2-izs_firmwareds-2cd2123g2-i\(s\)ds-7616ni-q2_firmwareds-2df8a442ixs-ael\(t2\)ds-7104ni-q1\/4p\/mds-2df8242i5x-ael\(t3\)_firmwareds-2cd3126g2-is_firmwareds-2df8242i5x-aelw\(t3\)_firmwareds-2cd3643g2-izsds-2dy9236i8x-a\(t3\)ds-2cd2563g2-i\(s\)_firmwareds-2td4167-25\/w_firmwareds-2cd3547g2-lsds-2cd3363g2-iuds-2td8167-190ze2f\/w_firmwareds-760ni-k1\/4p_firmwareds-2cd3056g2-isds-2df7225ix-aelw\(t3\)_firmwareds-2df5232x-ael\(t3\)ds-2df6a436x-ael\(t3\)_firmwareds-2cd3143g2-i\(s\)u_firmwareds-2cd2023g2-i\(u\)ds-2cd3356g2-is\(u\)ds-2td4136t-9_firmwareids-2vs435-f840-ey_firmwareds-2cd2626g2-izsu\/sl_firmwareds-2dy9250izs-a\(t5\)_firmwareds-2cd3723g2-izsds-2cd2347g2-lsu\/sl_firmwareds-2cd3356g2-isu\/slds-2df8242ix-aelw\(t3\)_firmwareds-2cd2027g2-l\(u\)_firmwareds-2df8425ix-ael\(t3\)ds-2df8a442ixs-af\/sp\(t5\)ds-2cd2321g0-i\/nf_firmwareds-2td6267-75c4l\/wy_firmwareds-2df8225ix-ael\(t3\)_firmwareds-2df5232x-ael\(t3\)_firmwareds-2df8225ix-aelw\(t5\)_firmwareds-2df6a225x-ael\)t3\)ds-2td6266t-50h2l_firmwareds-2cd2121g1_firmwareds-2cd2083g2-i\(u\)_firmwareds-2td8166-100c2f\/v2ds-2dy9240ix-a\(t5\)_firmwareds-7616ni-q1_firmwareds-2cd3656g2-izsds-7108ni-q1\/8p\/m_firmwareds-2cd3726g2-izsds-2cd2027g2-lu\/slds-2cd2086g2-i\(u\)ds-2cd2546g2-i\(s\)ds-2cd2143g2-iuds-2cd3186g2-is\(u\)ds-2cd2763g2-izs_firmwareds-2td6267-75c4l\/wyds-2df8242ix-aely\(t3\)_firmwareds-2cd2026g2-iu\/sl_firmwareds-2cd2743g2-izsds-2td8167-230zg2f\/wyds-2cd3556g2-isds-2td1117-2\/paptz-n2404i-de3_firmwareds-2df5225x-ael\(t3\)ds-7604ni-q1ds-2td8166-150ze2f\/v2_firmwareds-7608ni-q2ds-2cd2426g2-i_firmwareds-2cd2346g2-isu\/slds-2cd3126g2-is\(u\)ds-2cd2527g2-ls_firmwareds-2cd3386g2-is\(u\)_firmwareds-2cd2763g2-izsds-2cd2063g2-i\(u\)_firmwareds-2cd3523g2-isds-2cd3526g2-is_firmwareds-2td8167-190ze2f\/wds-2df8a442ixs-aely\(t5\)ds-2cd2123g2-i\(s\)_firmwareds-2xe6442f-izhrs\(b\)ds-2df8225ix-aelw\(t5\)ds-2df8442ixs-aelw\(t5\)_firmwareds-2td8166-150ze2f\/v2ds-2cd3786g2-izs_firmwareds-2df8425ix-ael\(t3\)_firmwareds-2df8a442nxs-ael\(t5\)_firmwareds-2df5232x-ae3\)t3\)_firmwareds-2df6a425x-ael\(t3\)_firmwareds-2cd3763g2-izs_firmwareids-2pt9a144mxs-d\/t2_firmwareds-2cd2143g2-iu_firmwaren/aSecurity cameras web server
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2013-2568
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-57.51% / 98.07%
||
7 Day CHG~0.00%
Published-29 Jan, 2020 | 17:07
Updated-06 Aug, 2024 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Command Injection vulnerability exists in Zavio IP Cameras through 1.6.3 via the ap parameter to /cgi-bin/mft/wireless_mft.cgi, which could let a remote malicious user execute arbitrary code.

Action-Not Available
Vendor-zavion/a
Product-f312a_firmwaref3105f312af3105_firmwaren/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-36380
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-94.27% / 99.93%
||
7 Day CHG~0.00%
Published-13 Aug, 2021 | 15:53
Updated-30 Jul, 2025 | 01:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2024-03-26||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Sunhillo SureLine before 8.7.0.1.1 allows Unauthenticated OS Command Injection via shell metacharacters in ipAddr or dnsAddr /cgi/networkDiag.cgi.

Action-Not Available
Vendor-sunhillon/asunhilloSunhillo
Product-surelinen/asurelineSureLine
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2013-2512
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.84% / 85.66%
||
7 Day CHG~0.00%
Published-26 Jan, 2021 | 22:56
Updated-06 Aug, 2024 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ftpd gem 0.2.1 for Ruby allows remote attackers to execute arbitrary OS commands via shell metacharacters in a LIST or NLST command argument within FTP protocol traffic.

Action-Not Available
Vendor-ftpd_projectn/a
Product-ftpdn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-4815
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-2.45% / 84.58%
||
7 Day CHG+0.19%
Published-13 May, 2024 | 10:31
Updated-21 Aug, 2025 | 18:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ruijie RG-UAC detail.php os command injection

A vulnerability, which was classified as critical, has been found in Ruijie RG-UAC up to 20240506. Affected by this issue is some unknown functionality of the file /view/bugSolve/viewData/detail.php. The manipulation of the argument filename leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263936. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Ruijie Networks Co., Ltd.
Product-rg-uac_6000-x100_firmwarerg-uac_6000-e50mrg-uac_6000-sirg-uac_6000-ei_firmwarerg-uac_6000-isg02_firmwarerg-uac_6000-e10crg-uac_6000-x300d_firmwarerg-uac_6000-e50_firmwarerg-uac_6000-x20m_firmwarerg-uac_6000-e10rg-uac_6000-isg40rg-uac_6000-cc_firmwarerg-uac_6000-x20mrg-uac_6000-xs_firmwarerg-uac_6000-isg10rg-uac_6000-xsrg-uac_6000-earg-uac_6000-e50rg-uac_6000-x100srg-uac_6000-x60rg-uac_6000-u3210_firmwarerg-uac_6000-x60_firmwarerg-uac_6000-isg40_firmwarerg-uac_6000-e10c_firmwarerg-uac_6000-isg02rg-uac_6000-ea_firmwarerg-uac_6000-x100s_firmwarerg-uac_6000-u3210rg-uac_6000-x200rg-uac_6000-isg200rg-uac_6000-e50c_firmwarerg-uac_6000-e50crg-uac_6000-x20me_firmwarerg-uac_6000-e50m_firmwarerg-uac_6000-si_firmwarerg-uac_6000-u3100rg-uac_6000-e20mrg-uac_6000-u3100_firmwarerg-uac_6000-x20merg-uac_6000-e20m_firmwarerg-uac_6000-isg200_firmwarerg-uac_6000-x200_firmwarerg-uac_6000-e20rg-uac_6000-x100rg-uac_6000-e10_firmwarerg-uac_6000-e20crg-uac_6000-x20rg-uac_6000-x300drg-uac_6000-isg10_firmwarerg-uac_6000-x20_firmwarerg-uac_6000-ccrg-uac_6000-e20_firmwarerg-uac_6000-e20c_firmwarerg-uac_6000-eiRG-UAC
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-30329
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.81% / 73.31%
||
7 Day CHG~0.00%
Published-16 Jun, 2022 | 22:04
Updated-03 Aug, 2024 | 06:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. An OS injection vulnerability exists within the web interface, allowing an attacker with valid credentials to execute arbitrary shell commands.

Action-Not Available
Vendor-n/aTRENDnet, Inc.
Product-tew-831dr_firmwaretew-831drn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-3741
Matching Score-4
Assigner-NEC Corporation
ShareView Details
Matching Score-4
Assigner-NEC Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.55% / 66.88%
||
7 Day CHG~0.00%
Published-30 Nov, 2023 | 00:55
Updated-02 Dec, 2024 | 19:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An OS Command injection vulnerability in NEC Platforms DT900 and DT900S Series all versions allows an attacker to execute any command on the device.

Action-Not Available
Vendor-NEC Platforms, Ltd.NEC Corporation
Product-itk-12dg-1p\(bk\)telitk-6dgs-1\(bk\)telitk-8tcgx-1\(bk\)tel_firmwareitk-6dgs-1p\(bk\)tel_firmwareitk-32lcg-1p\(bk\)tel_firmwareitk-32lcg-1p\(bk\)telitk-6dgs-1a\(bk\)telitk-32tcgs-1\(bk\)tel_firmwareitk-8lcx-1p\(bk\)tel_firmwareitk-32lcgs-1a\(bk\)telitk-12dg-1p\(bk\)tel_firmwareitk-6d-1p\(bk\)tel_firmwareitk-8lcx-1\(bk\)tel_firmwareitk-8tcgx-1p\(bk\)telitk-6dg-1p\(bk\)tel_firmwareitk-8tcgx-1p\(bk\)tel_firmwareitk-32tcg-1p\(bk\)telitk-6d-1\(bk\)tel_firmwareitk-32tcgs-1p\(bk\)telitk-32tcg-1p\(bk\)tel_firmwareitk-32lcgs-1p\(bk\)telitk-32tcgs-1a\(bk\)tel_firmwareitk-6dg-1p\(bk\)telitk-8lcg-1p\(bk\)telitk-8tcgx-1\(bk\)telitk-6d-1\(bk\)telitk-32tcgs-1a\(bk\)telitk-32lcgs-1a\(bk\)tel_firmwareitk-6d-1p\(bk\)telitk-12d-1p\(bk\)tel_firmwareitk-32lcgs-1\(bk\)tel_firmwareitk-8lcx-1p\(bk\)telitk-32lcgs-1p\(bk\)tel_firmwareitk-12d-1\(bk\)tel_firmwareitk-12d-1\(bk\)telitk-6dgs-1\(bk\)tel_firmwareitk-8lcg-1p\(bk\)tel_firmwareitk-6dgs-1a\(bk\)tel_firmwareitk-32tcgs-1\(bk\)telitk-6dgs-1p\(bk\)telitk-32tcgs-1p\(bk\)tel_firmwareitk-32lcgs-1\(bk\)telitk-8lcx-1\(bk\)telitk-12d-1p\(bk\)telITK-6DGS-1P(BK) TELITK-32LCGS-1P(BK) TELITK-6DG-1P(BK)TELITK-32LCGS-1(BK) TELITK-8TCGX-1(BK)TELITK-6DGS-1A(BK) TELITK-8LCG-1P(BK)TELITK-8LCX-1(BK)TELITK-8TCGX-1P(BK)TELITK-32TCG-1P(BK)TELITK-32TCGS-1A(BK) TELITK-12D-1P(BK)TELITK-6D-1(BK)TELITK-32TCGS-1(BK) TELITK-6D-1P(BK)TELITK-6DGS-1(BK) TELITK-32LCGS-1A(BK) TELITK-12D-1(BK)TELITK-32LCG-1P(BK)TELITK-12DG-1P(BK)TELITK-8LCX-1P(BK)TELITK-32TCGS-1P(BK) TEL
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-18568
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-44.27% / 97.47%
||
7 Day CHG~0.00%
Published-02 Feb, 2021 | 13:22
Updated-04 Aug, 2024 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The D-Link DSR-250 (3.14) DSR-1000N (2.11B201) UPnP service contains a command injection vulnerability, which can cause remote command execution.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dsr-1000ndsr-1000n_firmwaredsr-250dsr-250_firmwaren/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-4884
Matching Score-4
Assigner-Progress Software Corporation
ShareView Details
Matching Score-4
Assigner-Progress Software Corporation
CVSS Score-9.8||CRITICAL
EPSS-52.08% / 97.83%
||
7 Day CHG~0.00%
Published-25 Jun, 2024 | 19:46
Updated-06 Sep, 2024 | 22:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WhatsUp Gold CommunityController Unrestricted File Upload Remote Code Execution Vulnerability

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold.  The Apm.UI.Areas.APM.Controllers.CommunityController allows execution of commands with iisapppool\nmconsole privileges.

Action-Not Available
Vendor-Progress Software Corporation
Product-whatsup_goldWhatsUp Goldwhatsup_gold
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-33238
Matching Score-4
Assigner-Moxa Inc.
ShareView Details
Matching Score-4
Assigner-Moxa Inc.
CVSS Score-7.2||HIGH
EPSS-0.24% / 46.35%
||
7 Day CHG~0.00%
Published-17 Aug, 2023 | 02:04
Updated-28 Oct, 2024 | 06:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Command-injection Vulnerability in Certificate Management

TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from inadequate input validation in the certificate management function, which could potentially allow malicious users to execute remote code on affected devices.

Action-Not Available
Vendor-Moxa Inc.
Product-tn-5900_firmwaretn-4900tn-4900_firmwaretn-5900EDR-810 SeriesEDR-G9010 SeriesTN-4900 SeriesNAT-102 SeriesEDR-G902 SeriesTN-5900 SeriesEDR-G903 Seriestn-5900edr-810nat-102edr-g902tn-4900edr-g9010
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-37171
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.45% / 80.02%
||
7 Day CHG~0.00%
Published-07 Jul, 2023 | 00:00
Updated-12 Nov, 2024 | 19:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a3300ra3300r_firmwaren/aa3300r
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2013-2060
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-22.01% / 95.56%
||
7 Day CHG~0.00%
Published-28 Jan, 2020 | 15:57
Updated-06 Aug, 2024 | 15:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary commands via shell metacharacters in the URL of a request to download a cart.

Action-Not Available
Vendor-Red Hat, Inc.
Product-openshiftOpenShift Origin
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-36287
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-4.68% / 88.91%
||
7 Day CHG~0.00%
Published-08 Apr, 2022 | 19:50
Updated-16 Sep, 2024 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell VNX2 for file version 8.1.21.266 and earlier, contain an unauthenticated remote code execution vulnerability which may lead unauthenticated users to execute commands on the system.

Action-Not Available
Vendor-Dell Inc.
Product-vnxe1600vnx5600vnx5400vnx5800vnx_vg10emc_unity_operating_environmentvnx5200vnx_vg50vnx7600vnx8000VNX2
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-49601
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.74% / 71.91%
||
7 Day CHG-0.60%
Published-28 Mar, 2025 | 01:52
Updated-08 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Command execution.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2013-1599
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-92.28% / 99.71%
||
7 Day CHG~0.00%
Published-28 Jan, 2020 | 19:54
Updated-06 Aug, 2024 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Command Injection vulnerability exists in the /var/www/cgi-bin/rtpd.cgi script in D-Link IP Cameras DCS-3411/3430 firmware 1.02, DCS-5605/5635 1.01, DCS-1100L/1130L 1.04, DCS-1100/1130 1.03, DCS-1100/1130 1.04_US, DCS-2102/2121 1.05_RU, DCS-3410 1.02, DCS-5230 1.02, DCS-5230L 1.02, DCS-6410 1.00, DCS-7410 1.00, DCS-7510 1.00, and WCS-1100 1.02, which could let a remote malicious user execute arbitrary commands through the camera’s web interface.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dcs-2121_firmwaredcs-1130ldcs-3430dcs-5230_firmwaredcs-5230dcs-5605dcs-5230ldcs-1130_firmwaredcs-3410_firmwaredcs-3430_firmwaredcs-3411dcs-5635dcs-6410dcs-7510dcs-1130l_firmwaredcs-2102dcs-7410_firmwaredcs-5605_firmwaredcs-1130dcs-2102_firmwaredcs-7410wcs-1100_firmwarewcs-1100dcs-5230l_firmwaredcs-6410_firmwaredcs-1100_firmwaredcs-3410dcs-2121dcs-1100ldcs-1100dcs-1100l_firmwaredcs-5635_firmwaredcs-3411_firmwaredcs-7510_firmwaren/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-36705
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-11.79% / 93.45%
||
7 Day CHG~0.00%
Published-06 Aug, 2021 | 13:19
Updated-04 Aug, 2024 | 01:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ProLink PRC2402M V1.0.18 and older, the set_TR069 function in the adm.cgi binary, accessible with a page parameter value of TR069 contains a trivial command injection where the value of the TR069_local_port parameter is passed directly to system.

Action-Not Available
Vendor-prolinkn/a
Product-prc2402m_firmwareprc2402mn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2017-6077
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-87.65% / 99.43%
||
7 Day CHG-2.11%
Published-22 Feb, 2017 | 23:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-09-07||Apply updates per vendor instructions.

ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping_IPAddr field of an HTTP POST request.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-dgn2200dgn2200_firmwaren/aWireless Router DGN2200
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-36670
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.31% / 53.51%
||
7 Day CHG~0.00%
Published-18 Jul, 2023 | 00:00
Updated-28 Oct, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remotely exploitable command injection vulnerability was found on the Kratos NGC-IDU 9.1.0.4. An attacker can execute arbitrary Linux commands as root by sending crafted TCP requests to the device.

Action-Not Available
Vendor-kratosdefensen/akratosdefense
Product-ngc_indoor_unit_firmwarengc_indoor_unitn/angc_indoor_unit
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-17456
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-89.99% / 99.56%
||
7 Day CHG-0.72%
Published-19 Aug, 2020 | 18:20
Updated-04 Aug, 2024 | 13:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution via the ipAddr parameter to the system_log.cgi page.

Action-Not Available
Vendor-seowonintechn/a
Product-slr-120d42gslr-120t42gslr-120s42g_firmwareslr-120s_firmwareslr-120s42gslc-130slr-120t42g_firmwareslr-120sslr-120d42g_firmwareslc-130_firmwaren/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2017-5173
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-80.50% / 99.09%
||
7 Day CHG~0.00%
Published-19 May, 2017 | 02:43
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Improper Neutralization of Special Elements (in an OS command) issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An improper neutralization of special elements vulnerability has been identified. If special elements are not properly neutralized, an attacker can call multiple parameters that can allow access to the root level operating system which could allow remote code execution.

Action-Not Available
Vendor-geutebrueckn/a
Product-ip_camera_g-cam_efd-2250ip_camera_g-cam_efd-2250_firmwareGeutebruck IP Cameras
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-4813
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-2.45% / 84.58%
||
7 Day CHG+0.19%
Published-13 May, 2024 | 10:00
Updated-21 Aug, 2025 | 18:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ruijie RG-UAC interface_commit.php os command injection

A vulnerability classified as critical has been found in Ruijie RG-UAC up to 20240506. Affected is an unknown function of the file /view/networkConfig/physicalInterface/interface_commit.php. The manipulation of the argument name leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-263934 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Ruijie Networks Co., Ltd.
Product-rg-uac_6000-x100_firmwarerg-uac_6000-e50mrg-uac_6000-sirg-uac_6000-ei_firmwarerg-uac_6000-isg02_firmwarerg-uac_6000-e10crg-uac_6000-x300d_firmwarerg-uac_6000-e50_firmwarerg-uac_6000-x20m_firmwarerg-uac_6000-e10rg-uac_6000-isg40rg-uac_6000-cc_firmwarerg-uac_6000-x20mrg-uac_6000-xs_firmwarerg-uac_6000-isg10rg-uac_6000-xsrg-uac_6000-earg-uac_6000-e50rg-uac_6000-x100srg-uac_6000-x60rg-uac_6000-u3210_firmwarerg-uac_6000-x60_firmwarerg-uac_6000-isg40_firmwarerg-uac_6000-e10c_firmwarerg-uac_6000-isg02rg-uac_6000-ea_firmwarerg-uac_6000-x100s_firmwarerg-uac_6000-u3210rg-uac_6000-x200rg-uac_6000-isg200rg-uac_6000-e50c_firmwarerg-uac_6000-e50crg-uac_6000-x20me_firmwarerg-uac_6000-e50m_firmwarerg-uac_6000-si_firmwarerg-uac_6000-u3100rg-uac_6000-e20mrg-uac_6000-u3100_firmwarerg-uac_6000-x20merg-uac_6000-e20m_firmwarerg-uac_6000-isg200_firmwarerg-uac_6000-x200_firmwarerg-uac_6000-e20rg-uac_6000-x100rg-uac_6000-e10_firmwarerg-uac_6000-e20crg-uac_6000-x20rg-uac_6000-x300drg-uac_6000-isg10_firmwarerg-uac_6000-x20_firmwarerg-uac_6000-ccrg-uac_6000-e20_firmwarerg-uac_6000-e20c_firmwarerg-uac_6000-eiRG-UAC
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-47608
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.68% / 70.53%
||
7 Day CHG~0.00%
Published-01 Oct, 2024 | 17:01
Updated-07 Oct, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Logicytics vulnerable to shell injections

Logicytics is designed to harvest and collect data for forensic analysis. Logicytics has a basic vuln affecting compromised devices from shell injections. This vulnerability is fixed in 2.3.2.

Action-Not Available
Vendor-definetlynotaiDefinetlyNotAIdefinetlynotai
Product-logicyticsLogicyticslogicytics
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-17368
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.49% / 88.68%
||
7 Day CHG~0.00%
Published-11 Aug, 2020 | 15:59
Updated-04 Aug, 2024 | 13:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Firejail through 0.9.62 mishandles shell metacharacters during use of the --output or --output-stderr option, which may lead to command injection.

Action-Not Available
Vendor-firejail_projectn/aDebian GNU/LinuxopenSUSEFedora Project
Product-firejaildebian_linuxfedoraleapn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-30309
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-9.8||CRITICAL
EPSS-0.65% / 69.87%
||
7 Day CHG~0.00%
Published-13 Jun, 2022 | 13:45
Updated-16 Sep, 2024 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FESTO: CECC-X-M1 and Servo Press Kit YJKP OS Command Injection vulnerability

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-off" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.

Action-Not Available
Vendor-festoFesto
Product-controller_cecc-x-m1-mv-s1controller_cecc-x-m1controller_cecc-x-m1-ys-l2_firmwareservo_press_kit_yjkp_firmwareservo_press_kit_yjkp-controller_cecc-x-m1-ys-l1_firmwareservo_press_kit_yjkpcontroller_cecc-x-m1-mv_firmwarecontroller_cecc-x-m1-y-yjkpcontroller_cecc-x-m1-ys-l2controller_cecc-x-m1-mvcontroller_cecc-x-m1_firmwareservo_press_kit_yjkp-_firmwarecontroller_cecc-x-m1-y-yjkp_firmwarecontroller_cecc-x-m1-ys-l1controller_cecc-x-m1-mv-s1_firmwareController CECC-X-M1-MV (4407605)Controller CECC-X-M1-Y-YJKP (4803891)Controller CECC-X-M1 (8124922)Controller CECC-X-M1-MV-S1 (4407606)Controller CECC-X-M1-YS-L1 (8082793)Controller CECC-X-M1-MV (8124923)Controller CECC-X-M1-MV-S1 (8124924)Controller CECC-X-M1-YS-L2 (8082794)Servo Press Kit YJKP (8077950)Servo Press Kit YJKP- (8058596)Controller CECC-X-M1 (4407603)
CWE ID-CWE-863
Incorrect Authorization
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-47919
Matching Score-4
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Matching Score-4
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-9.8||CRITICAL
EPSS-0.85% / 73.94%
||
7 Day CHG~0.00%
Published-30 Dec, 2024 | 09:43
Updated-30 Dec, 2024 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tiki Wiki CMS – CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Tiki Wiki CMS – CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Action-Not Available
Vendor-Tiki Wiki
Product-CMS
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-15610
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-9.8||CRITICAL
EPSS-2.07% / 83.23%
||
7 Day CHG~0.00%
Published-28 Jul, 2020 | 17:01
Updated-04 Aug, 2024 | 13:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_php_pecl.php. When parsing the modulo parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9728.

Action-Not Available
Vendor-control-webpanelCentOS Web Panel
Product-webpanelCentOS Web Panel
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-47901
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-10||CRITICAL
EPSS-2.84% / 85.66%
||
7 Day CHG~0.00%
Published-23 Oct, 2024 | 14:21
Updated-30 Oct, 2024 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which is not the default configuration)). The web server of affected devices does not sanitize the input parameters in specific GET requests that allow for code execution on operating system level. In combination with other vulnerabilities (CVE-2024-47902, CVE-2024-47903, CVE-2024-47904) this could allow an unauthenticated remote attacker to execute arbitrary code with root privileges.

Action-Not Available
Vendor-Siemens AG
Product-intermesh_7707_fire_subscriberintermesh_7177_hybrid_2.0_subscriberintermesh_7707_fire_subscriber_firmwareInterMesh 7707 Fire SubscriberInterMesh 7177 Hybrid 2.0 Subscriberintermesh_7177_hybrid2.0_subscriberintermesh_7707_fire_subscriber
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-4814
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-2.45% / 84.58%
||
7 Day CHG+0.19%
Published-13 May, 2024 | 10:00
Updated-21 Aug, 2025 | 18:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ruijie RG-UAC static_route_edit_commit.php os command injection

A vulnerability classified as critical was found in Ruijie RG-UAC up to 20240506. Affected by this vulnerability is an unknown functionality of the file /view/networkConfig/RouteConfig/StaticRoute/static_route_edit_commit.php. The manipulation of the argument oldipmask/oldgateway leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263935. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Ruijie Networks Co., Ltd.
Product-rg-uac_6000-x100_firmwarerg-uac_6000-e50mrg-uac_6000-sirg-uac_6000-ei_firmwarerg-uac_6000-isg02_firmwarerg-uac_6000-e10crg-uac_6000-x300d_firmwarerg-uac_6000-e50_firmwarerg-uac_6000-x20m_firmwarerg-uac_6000-e10rg-uac_6000-isg40rg-uac_6000-cc_firmwarerg-uac_6000-x20mrg-uac_6000-xs_firmwarerg-uac_6000-isg10rg-uac_6000-xsrg-uac_6000-earg-uac_6000-e50rg-uac_6000-x100srg-uac_6000-x60rg-uac_6000-u3210_firmwarerg-uac_6000-x60_firmwarerg-uac_6000-isg40_firmwarerg-uac_6000-e10c_firmwarerg-uac_6000-isg02rg-uac_6000-ea_firmwarerg-uac_6000-x100s_firmwarerg-uac_6000-u3210rg-uac_6000-x200rg-uac_6000-isg200rg-uac_6000-e50c_firmwarerg-uac_6000-e50crg-uac_6000-x20me_firmwarerg-uac_6000-e50m_firmwarerg-uac_6000-si_firmwarerg-uac_6000-u3100rg-uac_6000-e20mrg-uac_6000-u3100_firmwarerg-uac_6000-x20merg-uac_6000-e20m_firmwarerg-uac_6000-isg200_firmwarerg-uac_6000-x200_firmwarerg-uac_6000-e20rg-uac_6000-x100rg-uac_6000-e10_firmwarerg-uac_6000-e20crg-uac_6000-x20rg-uac_6000-x300drg-uac_6000-isg10_firmwarerg-uac_6000-x20_firmwarerg-uac_6000-ccrg-uac_6000-e20_firmwarerg-uac_6000-e20c_firmwarerg-uac_6000-eiRG-UACrg-uac
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-33271
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.98% / 75.86%
||
7 Day CHG~0.00%
Published-03 Oct, 2023 | 00:00
Updated-20 Sep, 2024 | 16:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in DTS Monitoring 3.57.0. The parameter common_name within the SSL Certificate check function is vulnerable to OS command injection (blind).

Action-Not Available
Vendor-dtsn/a
Product-monitoringn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-34352
Matching Score-4
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-4
Assigner-QNAP Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-4.18% / 88.25%
||
7 Day CHG~0.00%
Published-01 Oct, 2021 | 02:50
Updated-17 Sep, 2024 | 00:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Command Injection Vulnerability in QVR

A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210902 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-qvrQVR
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-15424
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-9.8||CRITICAL
EPSS-2.07% / 83.23%
||
7 Day CHG~0.00%
Published-28 Jul, 2020 | 17:01
Updated-04 Aug, 2024 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mod_security.php. When parsing the domain parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9735.

Action-Not Available
Vendor-control-webpanelCentOS Web Panel
Product-webpanelCentOS Web Panel
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-15613
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-9.8||CRITICAL
EPSS-2.07% / 83.23%
||
7 Day CHG~0.00%
Published-28 Jul, 2020 | 17:01
Updated-04 Aug, 2024 | 13:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_admin_apis.php. When parsing the line parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9739.

Action-Not Available
Vendor-control-webpanelCentOS Web Panel
Product-webpanelCentOS Web Panel
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-15433
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-9.8||CRITICAL
EPSS-2.07% / 83.23%
||
7 Day CHG~0.00%
Published-28 Jul, 2020 | 17:01
Updated-04 Aug, 2024 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_php_pecl.php. When parsing the phpversion parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9715.

Action-Not Available
Vendor-control-webpanelCentOS Web Panel
Product-webpanelCentOS Web Panel
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-45519
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||CRITICAL
EPSS-94.15% / 99.91%
||
7 Day CHG~0.00%
Published-02 Oct, 2024 | 00:00
Updated-30 Jul, 2025 | 01:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2024-10-24||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute commands.

Action-Not Available
Vendor-n/aSynacor, Inc.Zimbra
Product-collaborationn/azimbra_collaboration_suiteZimbra Collaboration Suite (ZCS)
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-4577
Matching Score-4
Assigner-PHP Group
ShareView Details
Matching Score-4
Assigner-PHP Group
CVSS Score-9.8||CRITICAL
EPSS-94.36% / 99.96%
||
7 Day CHG-0.02%
Published-09 Jun, 2024 | 19:42
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2024-07-03||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Argument Injection in PHP-CGI

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.

Action-Not Available
Vendor-The PHP GroupMicrosoft CorporationFedora Project
Product-windowsphpfedoraPHPphpPHP
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-15435
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-9.8||CRITICAL
EPSS-2.07% / 83.23%
||
7 Day CHG~0.00%
Published-28 Jul, 2020 | 17:01
Updated-04 Aug, 2024 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_dashboard.php. When parsing the service_start parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9719.

Action-Not Available
Vendor-control-webpanelCentOS Web Panel
Product-webpanelCentOS Web Panel
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-15428
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-9.8||CRITICAL
EPSS-2.07% / 83.23%
||
7 Day CHG~0.00%
Published-28 Jul, 2020 | 17:01
Updated-04 Aug, 2024 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_crons.php. When parsing the line parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9714.

Action-Not Available
Vendor-control-webpanelCentOS Web Panel
Product-webpanelCentOS Web Panel
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-33239
Matching Score-4
Assigner-Moxa Inc.
ShareView Details
Matching Score-4
Assigner-Moxa Inc.
CVSS Score-8.8||HIGH
EPSS-1.36% / 79.38%
||
7 Day CHG~0.00%
Published-17 Aug, 2023 | 02:13
Updated-28 Oct, 2024 | 06:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Second Order Command-injection Vulnerability in the Key-generation Function

TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from insufficient input validation in the key-generation function, which could potentially allow malicious users to execute remote code on affected devices.

Action-Not Available
Vendor-Moxa Inc.
Product-tn-5900_firmwaretn-4900tn-4900_firmwaretn-5900EDR-810 SeriesEDR-G9010 SeriesTN-4900 SeriesNAT-102 SeriesEDR-G902 SeriesTN-5900 SeriesEDR-G903 Seriestn-5900edr-810nat-102edr-g902edr-g903tn-4900edr-g9010
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-45682
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.8||HIGH
EPSS-1.67% / 81.37%
||
7 Day CHG~0.00%
Published-17 Sep, 2024 | 17:13
Updated-27 Sep, 2024 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Millbeck Communications Proroute H685t-w Command Injection.

There is a command injection vulnerability that may allow an attacker to inject malicious input on the device's operating system.

Action-Not Available
Vendor-millbeckMillbeck Communicationsmillbeck_communications
Product-proroute_h685t-wproroute_h685t-w_firmwareProroute H685t-wproroute_h685t-w
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 24
  • 25
  • Next
Details not found