Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-9579

Summary
Assigner-hp
Assigner Org ID-74586083-13ce-40fd-b46a-8e5d23cfbcb2
Published At-05 Nov, 2024 | 16:22
Updated At-05 Nov, 2024 | 19:32
Rejected At-
Credits

Certain Poly Video Conference Devices – Potential Remote Code Execution

A potential vulnerability was discovered in certain Poly video conferencing devices. The firmware flaw does not properly sanitize user input. The exploitation of this vulnerability is dependent on a layered attack and cannot be exploited by itself.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:hp
Assigner Org ID:74586083-13ce-40fd-b46a-8e5d23cfbcb2
Published At:05 Nov, 2024 | 16:22
Updated At:05 Nov, 2024 | 19:32
Rejected At:
▼CVE Numbering Authority (CNA)
Certain Poly Video Conference Devices – Potential Remote Code Execution

A potential vulnerability was discovered in certain Poly video conferencing devices. The firmware flaw does not properly sanitize user input. The exploitation of this vulnerability is dependent on a layered attack and cannot be exploited by itself.

Affected Products
Vendor
HP Inc.HP, Inc.
Product
Certain Poly Video Conference Devices
Default Status
unaffected
Versions
Affected
  • See HP security bulletin reference for affected versions
Problem Types
TypeCWE IDDescription
CWECWE-77CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
Type: CWE
CWE ID: CWE-77
Description: CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.hp.com/us-en/document/ish_11536495-11536533-16/hpsbpy03900
N/A
Hyperlink: https://support.hp.com/us-en/document/ish_11536495-11536533-16/hpsbpy03900
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
poly
Product
tc8_firmware
CPEs
  • cpe:2.3:o:poly:tc8_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 6.3.2 (custom)
Vendor
poly
Product
tc10_firmware
CPEs
  • cpe:2.3:o:poly:tc10_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 6.3.2 (custom)
Vendor
poly
Product
g7500_firmware
CPEs
  • cpe:2.3:o:poly:g7500_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 4.3.2 (custom)
Vendor
poly
Product
studio_x30_firmware
CPEs
  • cpe:2.3:o:poly:studio_x30_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 4.3.2 (custom)
Vendor
poly
Product
studio_x50_firmware
CPEs
  • cpe:2.3:o:poly:studio_x50_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 4.3.2 (custom)
Vendor
poly
Product
studio_x70_firmware
CPEs
  • cpe:2.3:o:poly:studio_x70_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 4.3.2 (custom)
Vendor
poly
Product
studio_x52_firmware
CPEs
  • cpe:2.3:o:poly:studio_x52_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 4.3.2 (custom)
Vendor
poly
Product
studio_g62_firmware
CPEs
  • cpe:2.3:o:poly:studio_g62_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 4.3.2 (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:hp-security-alert@hp.com
Published At:05 Nov, 2024 | 17:15
Updated At:08 Nov, 2024 | 18:08

A potential vulnerability was discovered in certain Poly video conferencing devices. The firmware flaw does not properly sanitize user input. The exploitation of this vulnerability is dependent on a layered attack and cannot be exploited by itself.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary3.17.5HIGH
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
HP Inc.
hp
>>poly_tc8_firmware>>Versions before 6.3.2(exclusive)
cpe:2.3:o:hp:poly_tc8_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>poly_tc8>>-
cpe:2.3:h:hp:poly_tc8:-:*:*:*:*:*:*:*
HP Inc.
hp
>>poly_tc10_firmware>>Versions before 6.3.2(exclusive)
cpe:2.3:o:hp:poly_tc10_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>poly_tc10>>-
cpe:2.3:h:hp:poly_tc10:-:*:*:*:*:*:*:*
HP Inc.
hp
>>poly_studio_g7500_firmware>>Versions before 4.3.2(exclusive)
cpe:2.3:o:hp:poly_studio_g7500_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>poly_studio_g7500>>-
cpe:2.3:h:hp:poly_studio_g7500:-:*:*:*:*:*:*:*
HP Inc.
hp
>>poly_studio_x30_firmware>>Versions up to 4.3.2(inclusive)
cpe:2.3:o:hp:poly_studio_x30_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>poly_studio_x30>>-
cpe:2.3:h:hp:poly_studio_x30:-:*:*:*:*:*:*:*
HP Inc.
hp
>>poly_studio_x50_firmware>>Versions before 4.3.2(exclusive)
cpe:2.3:o:hp:poly_studio_x50_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>poly_studio_x50>>-
cpe:2.3:h:hp:poly_studio_x50:-:*:*:*:*:*:*:*
HP Inc.
hp
>>poly_studio_x70_firmware>>Versions before 4.3.2(exclusive)
cpe:2.3:o:hp:poly_studio_x70_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>poly_studio_x70>>-
cpe:2.3:h:hp:poly_studio_x70:-:*:*:*:*:*:*:*
HP Inc.
hp
>>poly_studio_x52_firmware>>Versions before 4.3.2(exclusive)
cpe:2.3:o:hp:poly_studio_x52_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>poly_studio_x52>>-
cpe:2.3:h:hp:poly_studio_x52:-:*:*:*:*:*:*:*
HP Inc.
hp
>>poly_studio_g62_firmware>>Versions before 4.3.2(exclusive)
cpe:2.3:o:hp:poly_studio_g62_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>poly_studio_g62>>-
cpe:2.3:h:hp:poly_studio_g62:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-77Primarynvd@nist.gov
CWE-77Secondaryhp-security-alert@hp.com
CWE ID: CWE-77
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-77
Type: Secondary
Source: hp-security-alert@hp.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://support.hp.com/us-en/document/ish_11536495-11536533-16/hpsbpy03900hp-security-alert@hp.com
Vendor Advisory
Hyperlink: https://support.hp.com/us-en/document/ish_11536495-11536533-16/hpsbpy03900
Source: hp-security-alert@hp.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

20Records found
CVE-2019-5390
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-20.35% / 95.31%
||
7 Day CHG~0.00%
Published-05 Jun, 2019 | 14:55
Updated-04 Aug, 2024 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote command injection vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

Action-Not Available
Vendor-n/aHP Inc.
Product-intelligent_management_centerHPE Intelligent Management Center (IMC) PLAT
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-37145
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-3.15% / 86.37%
||
7 Day CHG~0.00%
Published-07 Sep, 2021 | 22:22
Updated-04 Aug, 2024 | 02:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A command-injection vulnerability in an authenticated Telnet connection in Poly (formerly Polycom) CX5500 and CX5100 1.3.5 leads an attacker to Privilege Escalation and Remote Code Execution capability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Action-Not Available
Vendor-polyn/a
Product-cx5500cx5500_firmwarecx5100_firmwarecx5100n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2005-2773
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-89.82% / 99.54%
||
7 Day CHG~0.00%
Published-02 Sep, 2005 | 04:00
Updated-30 Jul, 2025 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-15||Apply updates per vendor instructions.

HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node parameter to connectedNodes.ovpl, (2) cdpView.ovpl, (3) freeIPaddrs.ovpl, and (4) ecscmg.ovpl.

Action-Not Available
Vendor-n/aHP Inc.
Product-openview_network_node_managern/aOpenView Network Node Manager
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2012-1823
Matching Score-6
Assigner-CERT/CC
ShareView Details
Matching Score-6
Assigner-CERT/CC
CVSS Score-9.8||CRITICAL
EPSS-94.29% / 99.93%
||
7 Day CHG-0.06%
Published-11 May, 2012 | 10:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-15||Apply updates per vendor instructions.

sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.

Action-Not Available
Vendor-n/aHP Inc.Fedora ProjectThe PHP GroupSUSEApple Inc.Red Hat, Inc.openSUSEDebian GNU/Linux
Product-storage_for_public_cloudenterprise_linux_eusenterprise_linux_workstationhp-uxmac_os_xopensusegluster_storage_server_for_on-premisestorageapplication_stacklinux_enterprise_serverlinux_enterprise_software_development_kitenterprise_linux_desktopenterprise_linux_server_ausfedoradebian_linuxenterprise_linux_serverphpn/aPHP
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-45625
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-0.07% / 22.57%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 22:57
Updated-02 Aug, 2024 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

Action-Not Available
Vendor-HP Inc.Aruba NetworksHewlett Packard Enterprise (HPE)
Product-arubaosinstantosAruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-50274
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.8||HIGH
EPSS-0.28% / 51.08%
||
7 Day CHG~0.00%
Published-23 Jan, 2024 | 17:02
Updated-30 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HPE OneView may allow command injection with local privilege escalation.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)HP Inc.
Product-oneviewHPE OneView
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-26296
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-8.8||HIGH
EPSS-2.50% / 84.72%
||
7 Day CHG~0.00%
Published-12 Jun, 2023 | 21:18
Updated-06 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.

Action-Not Available
Vendor-HP Inc.
Product-hp_device_managerHP Device Manager
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-26295
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-9.8||CRITICAL
EPSS-2.38% / 84.38%
||
7 Day CHG~0.00%
Published-12 Jun, 2023 | 21:18
Updated-06 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.

Action-Not Available
Vendor-HP Inc.
Product-hp_device_managerHP Device Manager
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-26294
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-7.8||HIGH
EPSS-0.66% / 70.11%
||
7 Day CHG~0.00%
Published-12 Jun, 2023 | 21:17
Updated-06 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.

Action-Not Available
Vendor-HP Inc.
Product-hp_device_managerHP Device Manager
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-22789
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-0.30% / 52.84%
||
7 Day CHG~0.00%
Published-08 May, 2023 | 14:08
Updated-31 Jan, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Remote Command Execution in Aruba InstantOS or ArubaOS 10 Command Line Interface

Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

Action-Not Available
Vendor-HP Inc.Aruba NetworksHewlett Packard Enterprise (HPE)
Product-instantosarubaosAruba Access Points running InstantOS and ArubaOS 10
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2016-8523
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-8.8||HIGH
EPSS-36.78% / 97.02%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 17:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Arbitrary Code Execution vulnerability in HPE Smart Storage Administrator version before v2.60.18.0 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-smart_storage_administratorSmart Storage Administrator
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-22788
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-0.30% / 52.84%
||
7 Day CHG~0.00%
Published-08 May, 2023 | 14:08
Updated-28 Jan, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Remote Command Execution in Aruba InstantOS or ArubaOS 10 Command Line Interface

Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

Action-Not Available
Vendor-HP Inc.Aruba NetworksHewlett Packard Enterprise (HPE)
Product-instantosarubaosAruba Access Points running InstantOS and ArubaOS 10
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-26297
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-8.8||HIGH
EPSS-2.50% / 84.72%
||
7 Day CHG~0.00%
Published-12 Jun, 2023 | 21:19
Updated-06 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.

Action-Not Available
Vendor-HP Inc.
Product-hp_device_managerHP Device Manager
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2016-2002
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-9.45% / 92.49%
||
7 Day CHG~0.00%
Published-20 Apr, 2016 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The validateAdminConfig handler in the Analytics Management Console in HPE Vertica 7.0.x before 7.0.2.12, 7.1.x before 7.1.2-12, and 7.2.x before 7.2.2-1 allows remote attackers to execute arbitrary commands via the mcPort parameter, aka ZDI-CAN-3417.

Action-Not Available
Vendor-n/aHP Inc.
Product-vertican/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-26298
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-8.8||HIGH
EPSS-2.50% / 84.72%
||
7 Day CHG~0.00%
Published-12 Jun, 2023 | 21:20
Updated-06 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.

Action-Not Available
Vendor-HP Inc.
Product-hp_device_managerHP Device Manager
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-22790
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-0.30% / 52.84%
||
7 Day CHG~0.00%
Published-08 May, 2023 | 14:08
Updated-31 Jan, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Remote Command Execution in Aruba InstantOS or ArubaOS 10 Command Line Interface

Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

Action-Not Available
Vendor-HP Inc.Aruba NetworksHewlett Packard Enterprise (HPE)
Product-instantosarubaosAruba Access Points running InstantOS and ArubaOS 10
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-43663
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.81% / 73.31%
||
7 Day CHG~0.00%
Published-30 Mar, 2022 | 23:40
Updated-04 Aug, 2024 | 04:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection vulnerability via the component cloudupdate_check.

Action-Not Available
Vendor-n/aTOTOLINK
Product-ex300_v2_firmwareex300_v2n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-26320
Matching Score-4
Assigner-Xiaomi Technology Co., Ltd.
ShareView Details
Matching Score-4
Assigner-Xiaomi Technology Co., Ltd.
CVSS Score-7.5||HIGH
EPSS-1.01% / 76.23%
||
7 Day CHG~0.00%
Published-11 Oct, 2023 | 06:49
Updated-08 Oct, 2024 | 10:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Xiaomi Router external request interface vulnerability leads to stack overflow

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Xiaomi Xiaomi Router allows Command Injection.

Action-Not Available
Vendor-Xiaomi
Product-xiaomi_router_ax3200_firmwarexiaomi_router_ax3200Xiaomi Routerxiaomi_router
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-48978
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.69% / 70.82%
||
7 Day CHG~0.00%
Published-21 Aug, 2025 | 00:01
Updated-22 Aug, 2025 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Improper Input Validation in EdgeMAX EdgeSwitch (Version 1.11.0 and earlier) could allow a Command Injection by a malicious actor with access to EdgeSwitch adjacent network. Affected Products: EdgeMAX EdgeSwitch (Version 1.11.0 and earlier) Mitigation: Update the EdgeMAX EdgeSwitch to Version 1.11.1 or later.

Action-Not Available
Vendor-Ubiquiti Inc.
Product-EdgeMAX EdgeSwitch
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-27211
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.72% / 71.47%
||
7 Day CHG+0.10%
Published-04 Aug, 2025 | 22:12
Updated-05 Aug, 2025 | 14:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Improper Input Validation in EdgeMAX EdgeSwitch (Version 1.10.4 and earlier) could allow a Command Injection by a malicious actor with access to EdgeSwitch adjacent network.

Action-Not Available
Vendor-Ubiquiti Inc.
Product-EdgeMAX EdgeSwitch
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
Details not found