Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-7029

Summary
Assigner-icscert
Assigner Org ID-7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At-02 Aug, 2024 | 15:08
Updated At-09 Jan, 2025 | 19:22
Rejected At-
Credits

Command Injection in AVTech AVM1203 (IP Camera)

Commands can be injected over the network and executed without authentication.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:icscert
Assigner Org ID:7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At:02 Aug, 2024 | 15:08
Updated At:09 Jan, 2025 | 19:22
Rejected At:
▼CVE Numbering Authority (CNA)
Command Injection in AVTech AVM1203 (IP Camera)

Commands can be injected over the network and executed without authentication.

Affected Products
Vendor
Avtec (Motorola Solutions)AVTech
Product
AVM1203 (IP Camera)
Default Status
unaffected
Versions
Affected
  • From 0 through FullImg-1023-1007-1011-1009 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-77CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
Type: CWE
CWE ID: CWE-77
Description: CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
Metrics
VersionBase scoreBase severityVector
3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.08.7HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 4.0
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

AVTECH SECURITY Corporation has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of the affected products are encouraged to contact AVTECH https://www.avtech.com.tw/ContactUs.aspx  for additional information.

Configurations
Workarounds
Exploits
Credits
finder
Larry Cashdollar and Aline Eliovich of Akamai Technologies reported this vulnerability to CISA.
finder
An anonymous third-party organization confirmed Akamai's report and identified specific affected products and firmware versions.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-07
government-resource
https://www.akamai.com/blog/security-research/2024-corona-mirai-botnet-infects-zero-day-sirt
N/A
Hyperlink: https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-07
Resource:
government-resource
Hyperlink: https://www.akamai.com/blog/security-research/2024-corona-mirai-botnet-infects-zero-day-sirt
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
Avtec (Motorola Solutions)avtec
Product
avm1203\/ipcamera\/
CPEs
  • cpe:2.3:a:avtec:avm1203\/ipcamera\/:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through fullImg-1023-1007-1011-1009 (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:ics-cert@hq.dhs.gov
Published At:02 Aug, 2024 | 15:16
Updated At:17 Sep, 2024 | 13:30

Commands can be injected over the network and executed without authentication.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.08.7HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 4.0
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Avtec (Motorola Solutions)
avtech
>>avm1203_firmware>>Versions up to fullimg-1023-1007-1011-1009(inclusive)
cpe:2.3:o:avtech:avm1203_firmware:*:*:*:*:*:*:*:*
Avtec (Motorola Solutions)
avtech
>>avm1203>>-
cpe:2.3:h:avtech:avm1203:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-77Primaryics-cert@hq.dhs.gov
CWE ID: CWE-77
Type: Primary
Source: ics-cert@hq.dhs.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.akamai.com/blog/security-research/2024-corona-mirai-botnet-infects-zero-day-sirtics-cert@hq.dhs.gov
Exploit
Third Party Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-07ics-cert@hq.dhs.gov
Third Party Advisory
US Government Resource
Hyperlink: https://www.akamai.com/blog/security-research/2024-corona-mirai-botnet-infects-zero-day-sirt
Source: ics-cert@hq.dhs.gov
Resource:
Exploit
Third Party Advisory
Hyperlink: https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-07
Source: ics-cert@hq.dhs.gov
Resource:
Third Party Advisory
US Government Resource

Change History

0
Information is not available yet

Similar CVEs

1124Records found
CVE-2022-0999
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.8||HIGH
EPSS-0.30% / 52.92%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:38
Updated-16 Apr, 2025 | 17:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
mySCADA myPRO Command Injection

An authenticated user may be able to misuse parameters to inject arbitrary operating system commands into mySCADA myPRO versions 8.25.0 and prior.

Action-Not Available
Vendor-myscadamySCADA
Product-mypromyPRO
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-46687
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-0.27% / 50.32%
||
7 Day CHG~0.00%
Published-09 Feb, 2024 | 03:49
Updated-17 Jun, 2025 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Emerson Rosemount GC370XA, GC700XA, GC1500XA Command Injection

In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could execute arbitrary commands in root context from a remote computer.

Action-Not Available
Vendor-emersonEmerson
Product-gc1500xa_firmwaregc370xagc370xa_firmwaregc700xa_firmwaregc700xagc1500xaRosemount GC700XARosemount GC370XARosemount GC1500XA
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-45465
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.61% / 81.05%
||
7 Day CHG~0.00%
Published-13 Oct, 2023 | 00:00
Updated-18 Sep, 2024 | 14:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the ddnsDomainName parameter in the Dynamic DNS settings.

Action-Not Available
Vendor-n/aNetis Systems Co., Ltd.
Product-n3mn3m_firmwaren/an3m
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-5571
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.14% / 34.23%
||
7 Day CHG~0.00%
Published-04 Jun, 2025 | 05:31
Updated-15 Jul, 2025 | 17:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DCS-932L setSystemAdmin os command injection

A vulnerability was found in D-Link DCS-932L 2.18.01. It has been classified as critical. Affected is the function setSystemAdmin of the file /setSystemAdmin. The manipulation of the argument AdminID leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-D-Link Corporation
Product-dcs-932ldcs-932l_firmwareDCS-932L
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-3219
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-1.80% / 82.06%
||
7 Day CHG~0.00%
Published-03 Jun, 2020 | 17:41
Updated-15 Nov, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software Web UI Command Injection Vulnerability

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with administrative privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of user-supplied input to the web UI. An attacker could exploit this vulnerability by submitting crafted input to the web UI. A successful exploit could allow an attacker to execute arbitrary commands with administrative privileges on an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Software 16.1.1
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-20
Improper Input Validation
CVE-2025-5573
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 36.73%
||
7 Day CHG~0.00%
Published-04 Jun, 2025 | 06:00
Updated-06 Jun, 2025 | 18:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DCS-932L setSystemWizard setSystemControl os command injection

A vulnerability was found in D-Link DCS-932L 2.18.01. It has been rated as critical. Affected by this issue is the function setSystemWizard/setSystemControl of the file /setSystemWizard. The manipulation of the argument AdminID leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-D-Link Corporation
Product-dcs-932ldcs-932l_firmwareDCS-932L
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-54131
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.04% / 12.63%
||
7 Day CHG+0.01%
Published-01 Aug, 2025 | 23:05
Updated-25 Aug, 2025 | 01:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cursor bypasses its allow list to execute arbitrary commands

Cursor is a code editor built for programming with AI. In versions below 1.3, an attacker can bypass the allow list in auto-run mode with a backtick (`) or $(cmd). If a user has swapped Cursor from its default settings (requiring approval for every terminal call) to an allowlist, an attacker can execute arbitrary command execution outside of the allowlist without user approval. An attacker can trigger this vulnerability if chained with indirect prompt injection. This is fixed in version 1.3.

Action-Not Available
Vendor-anyspherecursor
Product-cursorcursor
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-5438
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.53% / 66.40%
||
7 Day CHG~0.00%
Published-02 Jun, 2025 | 09:00
Updated-02 Jul, 2025 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 WPS command injection

A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been declared as critical. Affected by this vulnerability is the function WPS of the file /goform/WPS. The manipulation of the argument PIN leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Linksys Holdings, Inc.
Product-re9000_firmwarere6250re7000re6300re6300_firmwarere7000_firmwarere6500_firmwarere9000re6350re6350_firmwarere6250_firmwarere6500RE7000RE6350RE9000RE6500RE6300RE6250
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-5447
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.56% / 67.46%
||
7 Day CHG~0.00%
Published-02 Jun, 2025 | 13:31
Updated-02 Jul, 2025 | 01:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 ssid1MACFilter os command injection

A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been declared as critical. This vulnerability affects the function ssid1MACFilter of the file /goform/ssid1MACFilter. The manipulation of the argument apselect_%d/newap_text_%d leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Linksys Holdings, Inc.
Product-re6300re6500re9000re6250re6350re7000re9000_firmwarere7000_firmwarere6500_firmwarere6300_firmwarere6350_firmwarere6250_firmwareRE7000RE6350RE9000RE6500RE6300RE6250
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-46976
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.99% / 86.01%
||
7 Day CHG~0.00%
Published-31 Oct, 2023 | 00:00
Updated-06 Sep, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A3300R 17.0.0cu.557_B20221024 contains a command injection via the file_name parameter in the UploadFirmwareFile function.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a3300ra3300r_firmwaren/aa3300r_firmware
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45541
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.56% / 67.27%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:53
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7900 before 1.0.4.38, R7900P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX200 before 1.0.3.106, MR60 before 1.0.6.110, RAX45 before 1.0.2.72, RAX80 before 1.0.3.106, MS60 before 1.0.6.110, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, RBR750 before 3.2.16.6, RBR850 before 3.2.16.6, RBS750 before 3.2.16.6, RBS850 before 3.2.16.6, RBK752 before 3.2.16.6, and RBK852 before 3.2.16.6.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rax80rax75r8000r7900r8000prax50rbs850rax45ms60_firmwarerbr750r8000_firmwarer8000p_firmwarerax200r7900prax200_firmwarerbs750_firmwaremr60mr60_firmwarerbs850_firmwarerbr850rax80_firmwarerbr750_firmwarerbk752_firmwarer7900_firmwarerbk752rbs750rax75_firmwarerax50_firmwarerax45_firmwarerbk852_firmwarerbk852r7900p_firmwarems60rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-46455
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-7.87% / 91.66%
||
7 Day CHG~0.00%
Published-04 Feb, 2022 | 01:33
Updated-04 Aug, 2024 | 05:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetStationSettings. This vulnerability allows attackers to execute arbitrary commands via the station_access_enable parameter.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-823_pro_firmwaredir-823_pron/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45623
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.3||HIGH
EPSS-1.61% / 81.05%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:34
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects R7800 before 1.0.2.74, R9000 before 1.0.5.2, and XR500 before 2.3.2.66.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r7800r9000_firmwarexr500_firmwarer7800_firmwarer9000xr500n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45548
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.34% / 56.39%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:52
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.60, DM200 before 1.0.0.66, EX2700 before 1.0.1.56, EX6150v2 before 1.0.1.86, EX6200v2 before 1.0.1.86, EX6250 before 1.0.0.128, EX6400 before 1.0.2.144, EX6400v2 before 1.0.0.128, EX6410 before 1.0.0.128, EX6420 before 1.0.0.128, EX7300 before 1.0.2.144, EX7300v2 before 1.0.0.128, EX7320 before 1.0.0.128, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.5.26, R9000 before 1.0.5.2, RAX120 before 1.0.1.128, WN3000RPv2 before 1.0.0.78, WN3000RPv3 before 1.0.2.80, WNR2000v5 before 1.0.0.74, XR500 before 2.3.2.66, RBK20 before 2.7.3.22, RBR20 before 2.7.3.22, RBS20 before 2.7.3.22, RBK40 before 2.7.3.22, RBR40 before 2.7.3.22, and RBS40 before 2.7.3.22.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wn3000rpv2rbk20ex6400_firmwareex6150v2_firmwareex7300_firmwarer8900_firmwarerbr40_firmwarerbs20_firmwared7800ex6150v2dm200_firmwarerbk20_firmwarerbk40ex7320_firmwareex6410ex6420_firmwarerbr20wn3000rpv3ex7300v2_firmwarewnr2000v5_firmwareex6250_firmwarexr500_firmwarer7500v2_firmwarerbk40_firmwarerax120ex6400v2_firmwarexr500ex7300ex6420ex7300v2rbs40d7800_firmwaredm200r8900ex6250r9000_firmwarewn3000rpv3_firmwarerbs40_firmwarewn3000rpv2_firmwareex6410_firmwarerbs20ex2700rbr40r9000ex6200v2_firmwareex6400v2r7500v2r7800rax120_firmwareex2700_firmwarerbr20_firmwareex7320r7800_firmwareex6400ex6200v2n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-46452
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-5.86% / 90.22%
||
7 Day CHG~0.00%
Published-04 Feb, 2022 | 01:33
Updated-04 Aug, 2024 | 05:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetNetworkTomographySettings. This vulnerability allows attackers to execute arbitrary commands via the tomography_ping_address, tomography_ping_number, tomography_ping_size, tomography_ping_timeout, and tomography_ping_ttl parameters.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-823_pro_firmwaredir-823_pron/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45742
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-20.32% / 95.31%
||
7 Day CHG~0.00%
Published-04 Feb, 2022 | 01:33
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a720ra720r_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45630
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||CRITICAL
EPSS-2.18% / 83.69%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:32
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-cbr40_firmwarerbs750_firmwarecbr750rbs850_firmwarerbr850rbr750_firmwarecbr750_firmwarecbr40rbs850rbk752_firmwarerbk752rbr750rbs750rbk852_firmwarerbk852rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45738
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-25.81% / 96.05%
||
7 Day CHG~0.00%
Published-04 Feb, 2022 | 01:33
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function UploadFirmwareFile. This vulnerability allows attackers to execute arbitrary commands via the parameter FileName.

Action-Not Available
Vendor-n/aTOTOLINK
Product-x5000r_firmwarex5000rn/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45617
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.53% / 80.56%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:35
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX7500 before 1.0.0.72, R6400 before 1.0.1.68, R6900P before 1.3.2.132, R7000 before 1.0.11.116, R7000P before 1.3.2.132, R7900 before 1.0.4.38, R7960P before 1.4.1.66, R8000 before 1.0.4.66, RAX200 before 1.0.3.106, RS400 before 1.5.1.80, XR300 before 1.0.3.68, MK62 before 1.0.6.110, MR60 before 1.0.6.110, R6400v2 before 1.0.4.106, R8000P before 1.4.1.66, RAX20 before 1.0.2.64, RAX45 before 1.0.2.82, RAX80 before 1.0.3.106, MS60 before 1.0.6.110, R6700v3 before 1.0.4.106, R7900P before 1.4.1.66, RAX15 before 1.0.2.64, RAX50 before 1.0.2.82, RAX75 before 1.0.3.106, RBR750 before 3.2.16.22, RBR850 before 3.2.16.22, RBS750 before 3.2.16.22, RBS850 before 3.2.16.22, RBK752 before 3.2.16.22, and RBK852 before 3.2.16.22.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-cbr40_firmwareeax80rax15r6400_firmwarerax50r6900p_firmwareex7500_firmwarer7960prax45rs400r7000_firmwareeax80_firmwarer6700v3rax20r6700v3_firmwarerax20_firmwarer7900peax20_firmwaremr60r6400v2rbs850_firmwarerbr850r7000rax80_firmwarecbr40rbk752_firmwarer7900_firmwarerbk852r7900p_firmwarems60r8000_firmwareex7500rax80rs400_firmwarer8000rax75mk62r6900pr7900r8000prbs850ms60_firmwarerbr750r8000p_firmwarerax200r7000p_firmwarerax200_firmwarerbs750_firmwaremk62_firmwaremr60_firmwarexr300rbr750_firmwareeax20r7000pr6400v2_firmwarexr300_firmwarerbk752rbs750r7960p_firmwarerax15_firmwarerax75_firmwarerax50_firmwarer6400rax45_firmwarerbk852_firmwarerbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-46226
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-7.87% / 91.66%
||
7 Day CHG~0.00%
Published-04 Feb, 2022 | 01:33
Updated-04 Aug, 2024 | 05:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function wget_test.asp. This vulnerability allows attackers to execute arbitrary commands via the url parameter.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-di-7200gv2_firmwaredi-7200gv2n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-28446
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-9.8||CRITICAL
EPSS-13.72% / 94.01%
||
7 Day CHG~0.00%
Published-25 Jul, 2022 | 14:05
Updated-17 Sep, 2024 | 04:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Command Injection

The package ntesseract before 0.2.9 are vulnerable to Command Injection via lib/tesseract.js.

Action-Not Available
Vendor-ntesseract_projectn/a
Product-ntesseractntesseract
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-47104
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 27.67%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 00:00
Updated-09 Sep, 2024 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

tinyfiledialogs (aka tiny file dialogs) before 3.15.0 allows shell metacharacters (such as a backquote or a dollar sign) in titles, messages, and other input data. NOTE: this issue exists because of an incomplete fix for CVE-2020-36767, which only considered single and double quote characters.

Action-Not Available
Vendor-vareillen/avareilleLinux Kernel Organization, Inc
Product-tiny_file_dialogslinux_kerneln/atinyfiledialogs
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-45622
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-2.67% / 85.22%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:34
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, EX7500 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6400 before 1.0.1.70, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.116, R7000P before 1.3.3.140, R7850 before 1.0.5.68, R7900 before 1.0.4.38, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, XR1000 before 1.0.0.58, and XR300 before 1.0.3.68.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-cbr40_firmwareeax80rax15lax20r6400_firmwarerax50r6900p_firmwareex7500_firmwarerax45r7960prs400r7000_firmwarerax40v2_firmwareeax80_firmwarer6700v3rax20r6700v3_firmwarer7900prax20_firmwareeax20_firmwaremr60rax35v2rax43_firmwarerax40v2cbr750r6400v2rbs850_firmwarerbr850r7000rax43rax80_firmwarecbr750_firmwarecbr40rbk752_firmwarer7900_firmwarerbk852r7900p_firmwarems60lax20_firmwarer8000_firmwarexr1000_firmwarerax80ex7500xr1000rs400_firmwarer8000rax75mk62r6900pr7900r8000prbs850ms60_firmwarerbr750r8000p_firmwarer7850rax200r7000p_firmwarerax200_firmwarerbs750_firmwaremk62_firmwarer7850_firmwaremr60_firmwarexr300rbr750_firmwareeax20r7000pr6400v2_firmwarexr300_firmwarerax35v2_firmwarerbk752rbs750r7960p_firmwarerax15_firmwarerax75_firmwarerax50_firmwarerbk852_firmwarerax45_firmwarer6400rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45619
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.86% / 74.21%
||
7 Day CHG+0.48%
Published-26 Dec, 2021 | 00:35
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects EX6200v2 before 1.0.1.86, EX6250 before 1.0.0.134, EX7700 before 1.0.0.216, EX8000 before 1.0.1.232, LBR1020 before 2.6.3.58, LBR20 before 2.6.3.50, R7800 before 1.0.2.80, R8900 before 1.0.5.26, R9000 before 1.0.5.26, RBS50Y before 2.7.3.22, WNR2000v5 before 1.0.0.76, XR700 before 1.0.1.36, EX6150v2 before 1.0.1.98, EX7300 before 1.0.2.158, EX7320 before 1.0.0.134, RAX10 before 1.0.2.88, RAX120 before 1.2.0.16, RAX70 before 1.0.2.88, EX6100v2 before 1.0.1.98, EX6400 before 1.0.2.158, EX7300v2 before 1.0.0.134, R6700AX before 1.0.2.88, RAX120v2 before 1.2.0.16, RAX78 before 1.0.2.88, EX6410 before 1.0.0.134, RBR10 before 2.7.3.22, RBR20 before 2.7.3.22, RBR350 before 4.3.4.7, RBR40 before 2.7.3.22, RBR50 before 2.7.3.22, EX6420 before 1.0.0.134, RBS10 before 2.7.3.22, RBS20 before 2.7.3.22, RBS350 before 4.3.4.7, RBS40 before 2.7.3.22, RBS50 before 2.7.3.22, EX6400v2 before 1.0.0.134, RBK12 before 2.7.3.22, RBK20 before 2.7.3.22, RBK352 before 4.3.4.7, RBK40 before 2.7.3.22, and RBK50 before 2.7.3.22.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rax70rbk12rbk50_firmwareex6150v2_firmwarer8900_firmwarerbr40_firmwarerbr350_firmwareex6410ex6420_firmwareex7300v2_firmwarewnr2000v5_firmwareex6250_firmwarerbk352xr700_firmwareex7300rbk12_firmwarerax10rax120v2rbs40rbs50y_firmwarer8900rbs40_firmwarer9000_firmwarerbr10rax78_firmwarerbs10_firmwareex6410_firmwarelbr1020_firmwarerbs20rbs50_firmwarerbs50yr9000ex6200v2_firmwareex6400v2ex6100v2ex7700_firmwarer7800rax120_firmwarerbs10wnr2000v5r7800_firmwareex6100v2_firmwarerbk20_firmwarelbr1020xr700ex6400ex6200v2rbk20ex6400_firmwareex7300_firmwarerbs20_firmwareex6150v2r6700axrax120v2_firmwareex8000rbk40ex7320_firmwarerbr20rax78rax70_firmwarerbk40_firmwarerax120rax10_firmwareex6400v2_firmwareex6420ex7300v2ex8000_firmwareex6250rbr10_firmwarerbr40rbs50rbs350rbr50_firmwarerbr50ex7700lbr20rbr20_firmwareex7320rbk352_firmwarerbk50rbr350lbr20_firmwarerbs350_firmwarer6700ax_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-46457
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-7.87% / 91.66%
||
7 Day CHG~0.00%
Published-04 Feb, 2022 | 01:33
Updated-04 Aug, 2024 | 05:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function ChgSambaUserSettings. This vulnerability allows attackers to execute arbitrary commands via the samba_name parameter.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-823_pro_firmwaredir-823_pron/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-5606
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-1.07% / 76.87%
||
7 Day CHG~0.00%
Published-04 Jun, 2025 | 19:00
Updated-10 Jun, 2025 | 15:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC18 SetIPTVCfg formSetIptv command injection

A vulnerability was found in Tenda AC18 15.03.05.05. It has been declared as critical. This vulnerability affects the function formSetIptv of the file /goform/SetIPTVCfg. The manipulation of the argument list leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac18ac18_firmwareAC18
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-54424
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.1||HIGH
EPSS-0.15% / 36.89%
||
7 Day CHG+0.11%
Published-01 Aug, 2025 | 23:04
Updated-26 Aug, 2025 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
1Panel Agent Bypasses Certificate Verification Leading to Arbitrary Command Execution

1Panel is a web interface and MCP Server that manages websites, files, containers, databases, and LLMs on a Linux server. In versions 2.0.5 and below, the HTTPS protocol used for communication between the Core and Agent endpoints has incomplete certificate verification during certificate validation, leading to unauthorized interface access. Due to the presence of numerous command execution or high-privilege interfaces in 1Panel, this results in Remote Code Execution (RCE). This is fixed in version 2.0.6. The CVE has been translated from Simplified Chinese using GitHub Copilot.

Action-Not Available
Vendor-FIT2CLOUD Inc.1Panel (FIT2CLOUD Inc.)
Product-1panel1Panel
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-28423
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-9.8||CRITICAL
EPSS-0.49% / 64.39%
||
7 Day CHG~0.00%
Published-02 Aug, 2022 | 13:28
Updated-16 Sep, 2024 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Command Injection

This affects all versions of package monorepo-build.

Action-Not Available
Vendor-monorepo-build_projectn/a
Product-monorepo-buildmonorepo-build
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-57105
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.36% / 57.51%
||
7 Day CHG~0.00%
Published-22 Aug, 2025 | 00:00
Updated-26 Aug, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DI-7400G+ router has a command injection vulnerability, which allows attackers to execute arbitrary commands on the device. The sub_478D28 function in in mng_platform.asp, and sub_4A12DC function in wayos_ac_server.asp of the jhttpd program, with the parameter ac_mng_srv_host.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45733
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-25.81% / 96.05%
||
7 Day CHG~0.00%
Published-04 Feb, 2022 | 01:34
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function NTPSyncWithHost. This vulnerability allows attackers to execute arbitrary commands via the parameter host_time.

Action-Not Available
Vendor-n/aTOTOLINK
Product-x5000r_firmwarex5000rn/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-5440
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.39% / 59.13%
||
7 Day CHG~0.00%
Published-02 Jun, 2025 | 10:00
Updated-02 Jul, 2025 | 18:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 NTP os command injection

A vulnerability classified as critical has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function NTP of the file /goform/NTP. The manipulation of the argument manual_year_select/manual_month_select/manual_day_select/manual_hour_select/manual_min_select/manual_sec_select leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Linksys Holdings, Inc.
Product-re9000_firmwarere6250re7000re6300re6300_firmwarere7000_firmwarere6500_firmwarere9000re6350re6350_firmwarere6250_firmwarere6500RE7000RE6350RE9000RE6500RE6300RE6250
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-46228
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-7.87% / 91.66%
||
7 Day CHG~0.00%
Published-04 Feb, 2022 | 01:33
Updated-04 Aug, 2024 | 05:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function httpd_debug.asp. This vulnerability allows attackers to execute arbitrary commands via the time parameter.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-di-7200gv2_firmwaredi-7200gv2n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45618
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-1.53% / 80.56%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:35
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7800 before 1.0.1.64, EX6200v2 before 1.0.1.86, EX6250 before 1.0.0.134, EX7700 before 1.0.0.216, EX8000 before 1.0.1.232, LBR20 before 2.6.3.50, R7800 before 1.0.2.80, R8900 before 1.0.5.26, R9000 before 1.0.5.26, RAX120 before 1.2.0.16, RBS50Y before 1.0.0.56, WNR2000v5 before 1.0.0.76, XR450 before 2.3.2.114, XR500 before 2.3.2.114, XR700 before 1.0.1.36, EX6150v2 before 1.0.1.98, EX7300 before 1.0.2.158, EX7320 before 1.0.0.134, EX6100v2 before 1.0.1.98, EX6400 before 1.0.2.158, EX7300v2 before 1.0.0.134, EX6410 before 1.0.0.134, RBR10 before 2.6.1.44, RBR20 before 2.6.2.104, RBR40 before 2.6.2.104, RBR50 before 2.7.2.102, EX6420 before 1.0.0.134, RBS10 before 2.6.1.44, RBS20 before 2.6.2.104, RBS40 before 2.6.2.104, RBS50 before 2.7.2.102, EX6400v2 before 1.0.0.134, RBK12 before 2.6.1.44, RBK20 before 2.6.2.104, RBK40 before 2.6.2.104, and RBK50 before 2.7.2.102.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbk12ex6150v2_firmwarer8900_firmwarerbr40_firmwareex6410ex6420_firmwareex7300v2_firmwarewnr2000v5_firmwareex6250_firmwarexr500_firmwarexr700_firmwarexr450_firmwareex7300rbk12_firmwarerbs40rbs50y_firmwarer8900r9000_firmwarerbs40_firmwarerbr10rbs10_firmwareex6410_firmwarerbs20rbs50_firmwarerbs50yr9000ex6200v2_firmwareex6400v2ex6100v2ex7700_firmwarer7800rax120_firmwarerbs10wnr2000v5r7800_firmwareex6100v2_firmwarerbk20_firmwareex6400xr700xr450ex6200v2rbk20ex6400_firmwareex7300_firmwarerbs20_firmwared7800ex6150v2ex8000rbk40ex7320_firmwarerbr20rbk40_firmwarerax120xr500ex6400v2_firmwareex6420ex7300v2d7800_firmwareex8000_firmwareex6250rbr10_firmwarerbr40rbs50rbr50_firmwarerbr50ex7700lbr20rbr20_firmwareex7320rbk50lbr20_firmwarerbk50_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45595
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.6||HIGH
EPSS-0.15% / 35.76%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:41
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects LBR20 before 2.6.3.50, RBS50Y before 2.7.3.22, RBR10 before 2.7.3.22, RBR20 before 2.7.3.22, RBR40 before 2.7.3.22, RBR50 before 2.7.3.22, RBS10 before 2.7.3.22, RBS20 before 2.7.3.22, RBS40 before 2.7.3.22, RBS50 before 2.7.3.22, RBK12 before 2.7.3.22, RBK20 before 2.7.3.22, RBK40 before 2.7.3.22, and RBK50 before 2.7.3.22.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs40rbs50y_firmwarerbk12rbs40_firmwarerbk20rbr10_firmwarerbr10rbs10_firmwarerbr40_firmwarerbs20_firmwarerbs50_firmwarerbs20rbr40rbs50yrbs50rbr50_firmwarerbk40rbr20rbr50lbr20rbs10rbr20_firmwarerbk50rbk40_firmwarelbr20_firmwarerbk50_firmwarerbk20_firmwarerbk12_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-28445
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 61.72%
||
7 Day CHG~0.00%
Published-25 Jul, 2022 | 14:10
Updated-16 Sep, 2024 | 17:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Command Injection

This affects all versions of package npm-help. The injection point is located in line 13 in index.js file in export.latestVersion() function.

Action-Not Available
Vendor-npm-help_projectn/a
Product-npm-helpnpm-help
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45556
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.50% / 64.99%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:50
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects GS108Tv2 before 5.4.2.36, GS110TPP before 7.0.7.2, GS110TPv2 before 5.4.2.36., GS110TPv3 before 7.0.7.2, GS308T before 1.0.3.2, GS310TP before 1.0.3.2, GS724TPP before 2.0.6.3, GS724TPv2 before 2.0.6.3, GS728TPPv2 before 6.0.8.2, GS728TPv2 before 6.0.8.2, GS752TPP before 6.0.8.2, GS752TPv2 before 6.0.8.2, MS510TXM before 1.0.4.2, and MS510TXUP before 1.0.4.2.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-gs728tppv2gs308tgs310tp_firmwaregs308t_firmwaregs110tpv3_firmwaregs110tppgs108tv2_firmwaregs724tpp_firmwaregs728tpv2_firmwaregs752tpv2_firmwarems510txup_firmwaregs110tpv2_firmwaregs752tppms510txupgs108tv2gs752tpv2gs752tpp_firmwarems510txm_firmwaregs724tpv2ms510txmgs724tpv2_firmwaregs110tpv2gs110tpp_firmwaregs110tpv3gs728tppv2_firmwaregs724tppgs728tpv2gs310tpn/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45557
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.53% / 66.36%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:50
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects GC108P before 1.0.8.2, GC108PP before 1.0.8.2, GS108Tv3 before 7.0.7.2, GS110TPv3 before 7.0.7.2, GS110TPP before 7.0.7.2, GS110TUP before 1.0.5.3, GS710TUP before 1.0.5.3, GS308T before 1.0.3.2, GS310TP before 1.0.3.2, GS710TUP before 1.0.5.3, GS716TP before 1.0.4.2, GS716TPP before 1.0.4.2, GS724TPP before 2.0.6.3, GS724TPv2 before 2.0.6.3, GS724TPP before 2.0.6.3, GS728TPPv2 before 6.0.8.2, GS728TPv2 before 6.0.8.2, GS752TPv2 before 6.0.8.2, GS752TPP before 6.0.8.2, GS750E before 1.0.1.10, MS510TXM before 1.0.4.2, and MS510TXUP before 1.0.4.2.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-gs710tup_firmwaregs728tppv2gc108p_firmwaregs308tgs310tp_firmwaregs108tv3gs110tpv3_firmwaregs110tupgs110tppgs728tpv2_firmwaregs752tpv2_firmwaregs716tppms510txup_firmwaregs752tppms510txupgs752tpv2gs716tp_firmwarems510txm_firmwarems510txmgs110tpp_firmwaregs728tppv2_firmwaregc108pgs728tpv2gs716tpp_firmwaregs710tupgc108ppgs308t_firmwaregs108tv3_firmwaregs724tpp_firmwaregs110tup_firmwaregs724tppgc108pp_firmwaregs752tpp_firmwaregs750egs724tpv2gs724tpv2_firmwaregs750e_firmwaregs110tpv3gs716tpgs310tpn/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45551
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.6||HIGH
EPSS-0.78% / 72.77%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:51
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.42, R6080 before 1.0.0.42, R6050 before 1.0.1.26, JR6150 before 1.0.1.26, R6120 before 1.0.0.66, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.64, R6800 before 1.2.0.62, R6700v2 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 before 1.2.0.62, AC2100 before 1.2.0.62, AC2400 before 1.2.0.62, AC2600 before 1.2.0.62, and WNR2020 before 1.1.0.62.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r6700v2_firmwarewnr2020_firmwarer6120r7450_firmwarewnr2020r6220_firmwareac2600r6080_firmwareac2400r6900v2r6120_firmwarer6800r6900v2_firmwarer6050r6260_firmwarer6260r6220r6020ac2400_firmwarer6020_firmwared7000r6080d7000_firmwarer6230r6230_firmwareac2100_firmwared6200_firmwarer6050_firmwarer6700v2ac2100r7450d6200jr6150_firmwarejr6150r6800_firmwareac2600_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-46227
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-13.88% / 94.05%
||
7 Day CHG~0.00%
Published-04 Feb, 2022 | 01:33
Updated-04 Aug, 2024 | 05:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function proxy_client.asp. This vulnerability allows attackers to execute arbitrary commands via the proxy_srv, proxy_srvport, proxy_lanip, proxy_lanport parameters.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-di-7200gv2_firmwaredi-7200gv2n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-5444
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.56% / 67.24%
||
7 Day CHG~0.00%
Published-02 Jun, 2025 | 12:00
Updated-10 Jun, 2025 | 15:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 RP_UpgradeFWByBBS os command injection

A vulnerability has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 and classified as critical. Affected by this vulnerability is the function RP_UpgradeFWByBBS of the file /goform/RP_UpgradeFWByBBS. The manipulation of the argument type/ch/ssidhex/security/extch/pwd/mode/ip/nm/gw leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Linksys Holdings, Inc.
Product-re6350re6350_firmwarere6500re7000_firmwarere6300_firmwarere6500_firmwarere6300re6250_firmwarere9000_firmwarere7000re6250re9000RE7000RE6350RE9000RE6500RE6300RE6250
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-45596
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.54% / 66.56%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:39
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs850rbk752_firmwarerbk752rbs750_firmwarerbr750rbs750cbr750rbs850_firmwarerbr850rbk852_firmwarerbr750_firmwarerbk852cbr750_firmwarerbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-28436
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-7.3||HIGH
EPSS-0.46% / 63.33%
||
7 Day CHG~0.00%
Published-25 Jul, 2022 | 14:09
Updated-17 Sep, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Command Injection

This affects all versions of package google-cloudstorage-commands.

Action-Not Available
Vendor-google-cloudstorage-commands_projectn/a
Product-google-cloudstorage-commandsgoogle-cloudstorage-commands
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45621
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-1.53% / 80.56%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:34
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 3.2.18.2, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, EX3700 before 1.0.0.94, EX3800 before 1.0.0.94, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7000 before 1.0.1.104, EX7500 before 1.0.0.74, LAX20 before 1.1.6.28, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6300v2 before 1.0.4.52, R6400 before 1.0.1.70, R6400v2 before 1.0.4.106, R6700v3 before 1.0.4.106, R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, R7100LG before 1.0.0.72, R7850 before 1.0.5.74, R7900 before 1.0.4.46, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, R8300 before 1.0.2.154, R8500 before 1.0.2.154, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, XR1000 before 1.0.0.58, and XR300 before 1.0.3.68.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-cbr40_firmwareeax80r6300v2_firmwarerax15lax20r6400_firmwarer6300v2r7100lgex3700rax50r6900p_firmwareex7500_firmwarer7100lg_firmwarerax45r8300r8500_firmwarers400r7960prax40v2_firmwarer7000_firmwareeax80_firmwarer6700v3rax20r6700v3_firmwareex6130r7900prax20_firmwareeax20_firmwaremr60rax35v2rax43_firmwarerax40v2cbr750rbs850_firmwarer6400v2rbr850rax43rax80_firmwarer7000cbr750_firmwarecbr40rbk752_firmwareex3800r7900_firmwareex3700_firmwareex7000_firmwareex6120rbk852r7900p_firmwarems60lax20_firmwarer8000_firmwarexr1000_firmwarerax80xr1000ex7500rs400_firmwarer8000rax75ex7000r6900pex3800_firmwarer7900r8000prbs850ms60_firmwarerbr750r8000p_firmwarer7850rax200r7000p_firmwarerax200_firmwarer8500ex6130_firmwarerbs750_firmwarer7850_firmwaremr60_firmwarer8300_firmwarexr300rbr750_firmwareeax20r7000pr6400v2_firmwarexr300_firmwarerax35v2_firmwarerbk752rbs750r7960p_firmwarerax15_firmwarerax75_firmwarerax50_firmwarerbk852_firmwarerax45_firmwarer6400ex6120_firmwarerbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-55591
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-5.76% / 90.12%
||
7 Day CHG+1.59%
Published-18 Aug, 2025 | 00:00
Updated-21 Aug, 2025 | 14:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK-A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability in the devicemac parameter in the formMapDel endpoint.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a3002ra3002r_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2022-24144
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-12.70% / 93.73%
||
7 Day CHG~0.00%
Published-04 Feb, 2022 | 01:33
Updated-03 Aug, 2024 | 04:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function WanParameterSetting. This vulnerability allows attackers to execute arbitrary commands via the gateway, dns1, and dns2 parameters.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ax3ax3_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45614
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-1.53% / 80.56%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:36
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7000v2 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX43 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX35v2 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, and XR1000 before 1.0.0.58.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-xr1000_firmwarerax80xr1000rax15rax75lax20mk62rax50rbs850d7000v2ms60_firmwarerax45rax40v2_firmwarerbr750rax20rax200lax20_firmwarerax20_firmwarerax200_firmwarerbs750_firmwaremk62_firmwaremr60rax35v2rax43_firmwarerax40v2mr60_firmwared7000v2_firmwarerbs850_firmwarerbr850rax43rax80_firmwarerbr750_firmwarerbk752_firmwarerax35v2_firmwarerbk752rbs750rax15_firmwarerax75_firmwarerax50_firmwarerax45_firmwarerbk852_firmwarerbk852ms60rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45544
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.54% / 66.56%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:53
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7850 before 1.0.5.74, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, RAX200 before 1.0.4.120, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rax200_firmwarerax80r7900p_firmwarerbr850_firmwarer7850_firmwarerbs850_firmwarer8000rax75rbr850rax80_firmwarer8000prbs850r7960pr8000p_firmwarer7960p_firmwarer7850rax200rax75_firmwarerbk852_firmwarerbk852r7900pr8000_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-28908
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-7.77% / 91.60%
||
7 Day CHG~0.00%
Published-24 May, 2021 | 12:44
Updated-04 Aug, 2024 | 16:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to nagios.

Action-Not Available
Vendor-n/aNagios Enterprises, LLC
Product-fusionn/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2022-24148
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-9.14% / 92.36%
||
7 Day CHG~0.00%
Published-04 Feb, 2022 | 01:33
Updated-03 Aug, 2024 | 04:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function mDMZSetCfg. This vulnerability allows attackers to execute arbitrary commands via the dmzIp parameter.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ax3ax3_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-28451
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-9.8||CRITICAL
EPSS-0.53% / 66.33%
||
7 Day CHG~0.00%
Published-02 Aug, 2022 | 13:25
Updated-17 Sep, 2024 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Command Injection

This affects the package image-tiler before 2.0.2.

Action-Not Available
Vendor-image-tiler_projectn/a
Product-image-tilerimage-tiler
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • ...
  • 22
  • 23
  • Next
Details not found