Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-3881

Summary
Assigner-zdi
Assigner Org ID-99f1926a-a320-47d8-bbb5-42feb611262e
Published At-22 May, 2025 | 00:48
Updated At-22 May, 2025 | 18:38
Rejected At-
Credits

eCharge Hardy Barth cPH2 check_req.php ntp Command Injection Remote Code Execution Vulnerability

eCharge Hardy Barth cPH2 check_req.php ntp Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of eCharge Hardy Barth cPH2 charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the ntp parameter provided to the check_req.php endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the www-data user. Was ZDI-CAN-23113.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:zdi
Assigner Org ID:99f1926a-a320-47d8-bbb5-42feb611262e
Published At:22 May, 2025 | 00:48
Updated At:22 May, 2025 | 18:38
Rejected At:
▼CVE Numbering Authority (CNA)
eCharge Hardy Barth cPH2 check_req.php ntp Command Injection Remote Code Execution Vulnerability

eCharge Hardy Barth cPH2 check_req.php ntp Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of eCharge Hardy Barth cPH2 charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the ntp parameter provided to the check_req.php endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the www-data user. Was ZDI-CAN-23113.

Affected Products
Vendor
eCharge Hardy Barth
Product
cPH2
Default Status
unknown
Versions
Affected
  • 2.0.4
Problem Types
TypeCWE IDDescription
CWECWE-78CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Type: CWE
CWE ID: CWE-78
Description: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Metrics
VersionBase scoreBase severityVector
3.08.8HIGH
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.0
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.zerodayinitiative.com/advisories/ZDI-25-247/
x_research-advisory
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-25-247/
Resource:
x_research-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:zdi-disclosures@trendmicro.com
Published At:22 May, 2025 | 01:15
Updated At:13 Aug, 2025 | 16:27

eCharge Hardy Barth cPH2 check_req.php ntp Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of eCharge Hardy Barth cPH2 charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the ntp parameter provided to the check_req.php endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the www-data user. Was ZDI-CAN-23113.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.08.8HIGH
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.0
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
hardy-barth
hardy-barth
>>cph2_echarge_firmware>>2.0.4
cpe:2.3:o:hardy-barth:cph2_echarge_firmware:2.0.4:*:*:*:*:*:*:*
hardy-barth
hardy-barth
>>cph2_echarge>>-
cpe:2.3:h:hardy-barth:cph2_echarge:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-78Primaryzdi-disclosures@trendmicro.com
CWE ID: CWE-78
Type: Primary
Source: zdi-disclosures@trendmicro.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.zerodayinitiative.com/advisories/ZDI-25-247/zdi-disclosures@trendmicro.com
Third Party Advisory
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-25-247/
Source: zdi-disclosures@trendmicro.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

72Records found
CVE-2025-3882
Matching Score-10
Assigner-Zero Day Initiative
ShareView Details
Matching Score-10
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.28% / 50.74%
||
7 Day CHG~0.00%
Published-22 May, 2025 | 00:48
Updated-13 Aug, 2025 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
eCharge Hardy Barth cPH2 nwcheckexec.php dest Command Injection Remote Code Execution Vulnerability

eCharge Hardy Barth cPH2 nwcheckexec.php dest Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of eCharge Hardy Barth cPH2 charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the dest parameter provided to the nwcheckexec.php endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the www-data user. Was ZDI-CAN-23114.

Action-Not Available
Vendor-hardy-bartheCharge Hardy Barth
Product-cph2_echarge_firmwarecph2_echargecPH2
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-3883
Matching Score-10
Assigner-Zero Day Initiative
ShareView Details
Matching Score-10
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.28% / 50.74%
||
7 Day CHG~0.00%
Published-22 May, 2025 | 00:48
Updated-13 Aug, 2025 | 16:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
eCharge Hardy Barth cPH2 index.php Command Injection Remote Code Execution Vulnerability

eCharge Hardy Barth cPH2 index.php Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of eCharge Hardy Barth cPH2 charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of GET parameters provided to the index.php endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the www-data user. Was ZDI-CAN-23115.

Action-Not Available
Vendor-hardy-bartheCharge Hardy Barth
Product-cph2_echarge_firmwarecph2_echargecPH2
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-46359
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-93.68% / 99.84%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 00:00
Updated-28 Oct, 2024 | 02:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An OS command injection vulnerability in Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier, may allow an unauthenticated remote attacker to execute arbitrary commands on the system via a specifically crafted arguments passed to the connectivity check feature.

Action-Not Available
Vendor-hardy-barthn/a
Product-cph2_echarge_firmwarecph2_echargen/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-27804
Matching Score-6
Assigner-SEC Consult Vulnerability Lab
ShareView Details
Matching Score-6
Assigner-SEC Consult Vulnerability Lab
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 34.40%
||
7 Day CHG~0.00%
Published-21 May, 2025 | 11:35
Updated-21 May, 2025 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OS Command Injection Vulnerability in eCharge Hardy Barth cPH2 / cPP2 charging stations

Several OS command injection vulnerabilities exist in the device firmware in the /var/salia/mqtt.php script. By publishing a specially crafted message to a certain MQTT topic arbitrary OS commands can be executed with root permissions.

Action-Not Available
Vendor-eCharge Hardy Barth
Product-cPH2 / cPP2 charging stations
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-21127
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.24% / 47.51%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 17:29
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wac505_firmwarewac510_firmwarewac505wac510n/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-21130
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.70% / 70.99%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 17:35
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wac505_firmwarewac510_firmwarewac505wac510n/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-21162
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.33% / 55.40%
||
7 Day CHG~0.00%
Published-23 Apr, 2020 | 20:16
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D6400 before 1.0.0.78, EX6200 before 1.0.3.86, EX7000 before 1.0.0.64, R6250 before 1.0.4.8, R6300v2 before 1.0.4.6, R6400 before 1.0.1.12, R6700 before 1.0.1.16, R7000 before 1.0.7.10, R7100LG before 1.0.0.42, R7300DST before 1.0.0.44, R7900 before 1.0.1.12, R8000 before 1.0.3.36, R8300 before 1.0.2.74, R8500 before 1.0.2.74, WNDR3400v3 before 1.0.1.14, and WNR3500Lv2 before 1.2.0.48.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r8000r6400_firmwareex7000ex6200r7100lgr7900wndr3400r8300r7100lg_firmwarer7300dst_firmwarer8500_firmwarer7000_firmwared6400_firmwarer7300dstr6300_firmwarer6250_firmwarer8500wndr3400_firmwarer6700r8300_firmwarer7000wnr3500l_firmwareex6200_firmwared6400wnr3500lr7900_firmwareex7000_firmwarer6300r6400r6700_firmwarer8000_firmwarer6250n/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-21126
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.70% / 71.10%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 15:51
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wac505_firmwarewac510_firmwarewac505wac510n/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-1878
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-0.21% / 44.11%
||
7 Day CHG~0.00%
Published-20 Jun, 2019 | 03:05
Updated-20 Nov, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco TelePresence Endpoint Command Shell Injection Vulnerability

A vulnerability in the Cisco Discovery Protocol (CDP) implementation for the Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could allow an unauthenticated, adjacent attacker to inject arbitrary shell commands that are executed by the device. The vulnerability is due to insufficient input validation of received CDP packets. An attacker could exploit this vulnerability by sending crafted CDP packets to an affected device. A successful exploit could allow the attacker to execute arbitrary shell commands or scripts on the targeted device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-telepresence_cetelepresence_tcCisco TelePresence TC Software
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-16200
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.38% / 58.44%
||
7 Day CHG~0.00%
Published-09 Jan, 2019 | 22:00
Updated-05 Aug, 2024 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to execute arbitrary OS commands.

Action-Not Available
Vendor-toshibaToshiba Lighting & Technology Corporation
Product-hem-gw26a_firmwarehem-gw16ahem-gw16a_firmwarehem-gw26aToshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-16195
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.32% / 54.01%
||
7 Day CHG~0.00%
Published-09 Jan, 2019 | 22:00
Updated-05 Aug, 2024 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands via SOAP interface of UPnP.

Action-Not Available
Vendor-NEC Corporation
Product-aterm_wf1200craterm_wg1200craterm_wg1200cr_firmwareaterm_wf1200cr_firmwareAterm WF1200CR and Aterm WG1200CR
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-16593
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.28% / 50.82%
||
7 Day CHG~0.00%
Published-19 Jun, 2019 | 18:18
Updated-05 Aug, 2024 | 10:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Photo Sharing Plus component on Sony Bravia TV through 8.587 devices allows Shell Metacharacter Injection.

Action-Not Available
Vendor-n/aSony Group Corporation
Product-kd-43xe7002kd-55xe7005kdl-32r503ckdl-32wd753kdl-40r555ckd-65xe7005kdl-48r555ckd-65xe7093kd-55xe7077kdl-32wd759kd-49xe7073kdl-49wd758kdl-49wd756kdl-43wd751kd-43xe7000kdl-48r553ckdl-48r550ckd-43xe7093kdl-49wd754kdl-32wd754kd-55xe7093kdl-32wd758kd-49xe7003wf6kdl-32wd750kdl-43wd752wd65_firmwarexe70_firmwarekd-65xe7003kdl-40r553ckdl-40wd650kd-55xe7003kd-55xe7004kdl-48wd650kdl-49we750r5c_firmwarekdl-49wd759kdl-48wd655kd-49xe7002kdl-43we753kd-43xe7004kdl-43wd753wd75_firmwarekdl-49wd751kdl-49we663kdl-43wd756kdl-49we754kdl-43we754kd-49xe7004kdl-40we660kd-55xe7002kdl-32r500ckdl-49we753kdl-32r505cxf70_firmwarekdl-32wd756kdl-49wd753kdl-49wd755kdl-43wd754kdl-32wd757kdl-49wd757kdl-32wd755kd-43xe7003kdl-43wd757kdl-43we750kdl-32we610kd-49xe7093kdl-49we665kdl-32wd752kd-55xe7000kd-65xe7004kd-55xe7096kdl-32wd751kdl-40wd655kdl-49we660kd-49xe7005kdl-43wd758kdl-40r550ckd-43xe7096kd-65xe7096kd-43xe7077kdl-49we755kd-43xe7005kdl-48wd653kdl-40wd653kd-43xe7073kd-65xe7002kd-49xe7000kdl-49wd750we75_firmwarewe6_firmwarekdl-40we665kdl-43wd759kd-49xe7096kdl-49wd752kdl-32we615kdl-43wd755kdl-43we755xf70kd-49xe7077kd-55xe7073kdl-32we613kdl-40we663wf6_firmwarekdl-43wd750n/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-15380
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.17% / 37.97%
||
7 Day CHG~0.00%
Published-20 Feb, 2019 | 23:00
Updated-20 Nov, 2024 | 17:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco HyperFlex Software Command Injection Vulnerability

A vulnerability in the cluster service manager of Cisco HyperFlex Software could allow an unauthenticated, adjacent attacker to execute commands as the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by connecting to the cluster service manager and injecting commands into the bound process. A successful exploit could allow the attacker to run commands on the affected host as the root user. This vulnerability affects Cisco HyperFlex Software releases prior to 3.5(2a).

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-hyperflex_hx_data_platformCisco HyperFlex HX-Series
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-8654
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.19% / 40.62%
||
7 Day CHG+0.03%
Published-06 Aug, 2025 | 01:18
Updated-07 Aug, 2025 | 16:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kenwood DMX958XR ReadMVGImage Command Injection Remote Code Execution Vulnerability

Kenwood DMX958XR ReadMVGImage Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ReadMVGImage function. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26313.

Action-Not Available
Vendor-jvckenwoodKenwood
Product-dmx958xrdmx958xr_firmwareDMX958XR
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-50206
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.42% / 79.81%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 02:14
Updated-10 Mar, 2025 | 16:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link G416 flupl query_type edit Command Injection Remote Code Execution Vulnerability

D-Link G416 flupl query_type edit Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21299.

Action-Not Available
Vendor-D-Link Corporation
Product-g416g416_firmwareG416g416_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-3210
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.36% / 57.38%
||
7 Day CHG~0.00%
Published-29 Mar, 2023 | 00:00
Updated-14 Feb, 2025 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the xupnpd service, which listens on TCP port 4044 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15905.

Action-Not Available
Vendor-D-Link Corporation
Product-dir-2150dir-2150_firmwareDIR-2150
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-0556
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.32% / 54.01%
||
7 Day CHG~0.00%
Published-09 Apr, 2018 | 13:00
Updated-05 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.

Action-Not Available
Vendor-BUFFALO INC.
Product-wzr-1750dhp2wzr-1750dhp2_firmwareWZR-1750DHP2
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-0523
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.32% / 54.01%
||
7 Day CHG~0.00%
Published-09 Mar, 2018 | 16:00
Updated-05 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.

Action-Not Available
Vendor-BUFFALO INC.
Product-wxr-1900dhp2_firmwarewxr-1900dhp2WXR-1900DHP2
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-50217
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.82% / 82.12%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 02:14
Updated-10 Mar, 2025 | 16:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link G416 awsfile rm Command Injection Remote Code Execution Vulnerability

D-Link G416 awsfile rm Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21811.

Action-Not Available
Vendor-D-Link Corporation
Product-g416g416_firmwareG416g416_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-50216
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.82% / 82.12%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 02:14
Updated-10 Mar, 2025 | 16:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link G416 awsfile tar File Handling Command Injection Remote Code Execution Vulnerability

D-Link G416 awsfile tar File Handling Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21810.

Action-Not Available
Vendor-D-Link Corporation
Product-g416g416_firmwareG416g416
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-50200
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.82% / 82.12%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 02:14
Updated-10 Mar, 2025 | 16:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link G416 cfgsave backusb Command Injection Remote Code Execution Vulnerability

D-Link G416 cfgsave backusb Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21288.

Action-Not Available
Vendor-D-Link Corporation
Product-g416g416_firmwareG416g416
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-50213
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.42% / 79.81%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 02:14
Updated-10 Mar, 2025 | 16:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link G416 nodered File Handling Command Injection Remote Code Execution Vulnerability

D-Link G416 nodered File Handling Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21807.

Action-Not Available
Vendor-D-Link Corporation
Product-g416g416_firmwareG416g416_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-50215
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.89% / 82.43%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 02:14
Updated-10 Mar, 2025 | 16:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link G416 nodered gz File Handling Command Injection Remote Code Execution Vulnerability

D-Link G416 nodered gz File Handling Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21809.

Action-Not Available
Vendor-D-Link Corporation
Product-g416g416_firmwareG416g416
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-50198
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.82% / 82.12%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 02:14
Updated-10 Mar, 2025 | 16:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link G416 cfgsave Command Injection Remote Code Execution Vulnerability

D-Link G416 cfgsave Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 wireless routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21286.

Action-Not Available
Vendor-D-Link Corporation
Product-g416g416_firmwareG416
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-50202
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.82% / 82.12%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 02:14
Updated-10 Mar, 2025 | 16:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link G416 flupl pythonmodules Command Injection Remote Code Execution Vulnerability

D-Link G416 flupl pythonmodules Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 wireless routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21295.

Action-Not Available
Vendor-D-Link Corporation
Product-g416g416_firmwareG416
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-50204
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.82% / 82.12%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 02:14
Updated-10 Mar, 2025 | 16:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link G416 flupl pythonapp Command Injection Remote Code Execution Vulnerability

D-Link G416 flupl pythonapp Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 wireless routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21297.

Action-Not Available
Vendor-D-Link Corporation
Product-g416g416_firmwareG416g416_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-50214
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.89% / 82.43%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 02:14
Updated-10 Mar, 2025 | 16:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link G416 nodered tar File Handling Command Injection Remote Code Execution Vulnerability

D-Link G416 nodered tar File Handling Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21808.

Action-Not Available
Vendor-D-Link Corporation
Product-g416g416_firmwareG416g416_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-50203
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.89% / 82.43%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 02:14
Updated-10 Mar, 2025 | 16:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link G416 nodered chmod Command Injection Remote Code Execution Vulnerability

D-Link G416 nodered chmod Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21296.

Action-Not Available
Vendor-D-Link Corporation
Product-g416g416_firmwareG416g416
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-50207
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.42% / 79.81%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 02:14
Updated-10 Mar, 2025 | 16:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link G416 flupl filename Command Injection Remote Code Execution Vulnerability

D-Link G416 flupl filename Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21300.

Action-Not Available
Vendor-D-Link Corporation
Product-g416g416_firmwareG416g416_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-50205
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.42% / 79.81%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 02:14
Updated-10 Mar, 2025 | 16:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link G416 awsfile chmod Command Injection Remote Code Execution Vulnerability

D-Link G416 awsfile chmod Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21298.

Action-Not Available
Vendor-D-Link Corporation
Product-g416g416_firmwareG416g416_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-50201
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.82% / 82.12%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 02:14
Updated-10 Mar, 2025 | 16:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link G416 cfgsave upusb Command Injection Remote Code Execution Vulnerability

D-Link G416 cfgsave upusb Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21289.

Action-Not Available
Vendor-D-Link Corporation
Product-g416g416_firmwareG416g416_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-3205
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.40% / 59.92%
||
7 Day CHG~0.00%
Published-03 Jun, 2020 | 17:40
Updated-15 Nov, 2024 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS Software for Cisco Industrial Routers Virtual Device Server Inter-VM Channel Command Injection Vulnerability

A vulnerability in the implementation of the inter-VM channel of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, adjacent attacker to execute arbitrary shell commands on the Virtual Device Server (VDS) of an affected device. The vulnerability is due to insufficient validation of signaling packets that are destined to VDS. An attacker could exploit this vulnerability by sending malicious packets to an affected device. A successful exploit could allow the attacker to execute arbitrary commands in the context of the Linux shell of VDS with the privileges of the root user. Because the device is designed on a hypervisor architecture, exploitation of a vulnerability that affects the inter-VM channel may lead to a complete system compromise. For more information about this vulnerability, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios11201240829809Cisco IOS 12.2(60)EZ16
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2017-2185
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.91% / 74.82%
||
7 Day CHG~0.00%
Published-07 Jul, 2017 | 13:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via WebUI.

Action-Not Available
Vendor-kddiKDDI CORPORATION
Product-home_spot_cube_2_firmwarehome_spot_cube_2HOME SPOT CUBE2
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2017-2112
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-3.75% / 87.56%
||
7 Day CHG~0.00%
Published-28 Apr, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.

Action-Not Available
Vendor-iodataI-O DATA DEVICE, INC.
Product-ts-wptcam2_firmwarets-ptcam_firmwarets-wlc2_firmwarets-ptcam\/poets-ptcam\/poe_firmwarets-ptcamts-wptcam2ts-wrlc_firmwarets-wptcam_firmwarets-wrlcts-wlc2ts-wlce_firmwarets-wptcamts-wlceTS-WLC2TS-WPTCAMTS-WPTCAM2TS-WLCETS-WRLCTS-PTCAM/POE
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-27861
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.44% / 62.29%
||
7 Day CHG~0.00%
Published-11 Feb, 2021 | 23:35
Updated-04 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Orbi 2.5.1.16 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UA_Parser utility. A crafted Host Name option in a DHCP request can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11076.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-rbk33_firmwarecbr40_firmwarerbk12rbk43scbk40_firmwarerbr40_firmwareex6200rbk14_firmwarerbk15_firmwarerbk52wrbk20_router_firmwarerbk23wrbk20w_firmwarerbk43_router_firmwarerbk43_satellite_firmwarerbk15rbk22_router_firmwarerbk12_firmwarerbs40rbs40_firmwarerbk33rbk20_satellite_firmwarecbk43rbk43s_router_firmwarerbr10rbk44_satellite_firmwarerbs10_firmwarerbs20rbs50_firmwareex6200_firmwarecbr40rbk20wex7700_firmwarerbk23rbs10rbk43s_satellite_firmwarerbk22_satellite_firmwarerbk20rbk50vrbk14rbk23w_firmwarerbk50v_firmwarerbs20_firmwarerbk44rbk52w_firmwarerbk30_firmwareex8000rbk40rbr20rbk23_satellite_firmwarecbk43_firmwarerbk23_router_firmwarerbk13rbk40_satellite_firmwarerbk43ex8000_firmwarerbk44_router_firmwarerbr10_firmwarerbk22rbr40rbs50cbk40rbr50_firmwarerbr50ex7700rbk13_firmwarerbk30rbr20_firmwarerbk40_router_firmwarerbk50rbk50_firmwareOrbi
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2017-16923
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-3.47% / 87.09%
||
7 Day CHG~0.00%
Published-21 Nov, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Command Injection vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01, and Ac18 ac18_kf_V15.03.05.19(6318_)_cn devices allows remote unauthenticated attackers to execute arbitrary OS commands via a crafted cgi-bin/luci/usbeject?dev_name= GET request from the LAN. This occurs because the "sub_A6E8 usbeject_process_entry" function executes a system function with untrusted input.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac9_firmwareac18ac15ac9ac15_firmwareac18_firmwaren/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-44403
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.73% / 81.70%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 02:13
Updated-12 Mar, 2025 | 17:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-1325 HNAP SetWLanRadioSettings Channel Command Injection Remote Code Execution Vulnerability

D-Link DAP-1325 HNAP SetWLanRadioSettings Channel Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of a request parameter provided to the HNAP1 SOAP endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18822.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-1325_firmwaredap-1325DAP-1325dap-1325
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-10882
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-45.82% / 97.54%
||
7 Day CHG~0.00%
Published-25 Mar, 2020 | 19:15
Updated-04 Aug, 2024 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tdpServer service, which listens on UDP port 20002 by default. When parsing the slave_mac parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the root user. Was ZDI-CAN-9650.

Action-Not Available
Vendor-TP-Link Systems Inc.
Product-ac1750ac1750_firmwareArcher A7
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-41192
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.47% / 80.10%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 02:11
Updated-12 Mar, 2025 | 17:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-1325 HNAP SetAPLanSettings PrimaryDNS Command Injection Remote Code Execution Vulnerability

D-Link DAP-1325 HNAP SetAPLanSettings PrimaryDNS Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of a request parameter provided to the HNAP1 SOAP endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18812.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-1325_firmwaredap-1325DAP-1325dap-1325_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-41199
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.47% / 80.10%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 02:11
Updated-12 Mar, 2025 | 17:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-1325 HNAP SetHostIPv6StaticSettings StaticDNS2 Command Injection Remote Code Execution Vulnerability

D-Link DAP-1325 HNAP SetHostIPv6StaticSettings StaticDNS2 Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of a request parameter provided to the HNAP1 SOAP endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18819.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-1325_firmwaredap-1325DAP-1325dap-1325_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-41195
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.47% / 80.10%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 02:11
Updated-12 Mar, 2025 | 17:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-1325 HNAP SetHostIPv6Settings IPv6Mode Command Injection Remote Code Execution Vulnerability

D-Link DAP-1325 HNAP SetHostIPv6Settings IPv6Mode Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of a request parameter provided to the HNAP1 SOAP endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18815.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-1325_firmwaredap-1325DAP-1325dap-1325_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-41200
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.47% / 80.10%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 02:11
Updated-12 Mar, 2025 | 17:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-1325 HNAP SetHostIPv6StaticSettings StaticPrefixLength Command Injection Remote Code Execution Vulnerability

D-Link DAP-1325 HNAP SetHostIPv6StaticSettings StaticPrefixLength Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of a request parameter provided to the HNAP1 SOAP endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18820.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-1325_firmwaredap-1325DAP-1325dap-1325
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-41191
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.47% / 80.10%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 02:11
Updated-12 Mar, 2025 | 17:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-1325 HNAP SetAPLanSettings Mode Command Injection Remote Code Execution Vulnerability

D-Link DAP-1325 HNAP SetAPLanSettings Mode Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of a request parameter provided to the HNAP1 SOAP endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18811.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-1325_firmwaredap-1325DAP-1325dap-1325_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-41194
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.47% / 80.10%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 02:11
Updated-12 Mar, 2025 | 17:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-1325 HNAP SetAPLanSettings SubnetMask Command Injection Remote Code Execution Vulnerability

D-Link DAP-1325 HNAP SetAPLanSettings SubnetMask Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of a request parameter provided to the HNAP1 SOAP endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18814.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-1325_firmwaredap-1325DAP-1325dap-1325
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-41188
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.47% / 80.10%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 02:11
Updated-12 Mar, 2025 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-1325 HNAP SetAPLanSettings DeviceName Command Injection Remote Code Execution Vulnerability

D-Link DAP-1325 HNAP SetAPLanSettings DeviceName Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of a request parameter provided to the HNAP1 SOAP endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18808.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-1325_firmwaredap-1325DAP-1325dap-1325_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-41190
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.47% / 80.10%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 02:11
Updated-12 Mar, 2025 | 17:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-1325 HNAP SetAPLanSettings IPAddr Command Injection Remote Code Execution Vulnerability

D-Link DAP-1325 HNAP SetAPLanSettings IPAddr Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of a request parameter provided to the HNAP1 SOAP endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18810.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-1325_firmwaredap-1325DAP-1325dap-1325_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-41193
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.47% / 80.10%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 02:11
Updated-12 Mar, 2025 | 17:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-1325 HNAP SetAPLanSettings SecondaryDNS Command Injection Remote Code Execution Vulnerability

D-Link DAP-1325 HNAP SetAPLanSettings SecondaryDNS Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of a request parameter provided to the HNAP1 SOAP endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18813.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-1325_firmwaredap-1325DAP-1325dap-1325_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-41198
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.47% / 80.10%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 02:11
Updated-12 Mar, 2025 | 17:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-1325 HNAP SetHostIPv6StaticSettings StaticDNS1 Command Injection Remote Code Execution Vulnerability

D-Link DAP-1325 HNAP SetHostIPv6StaticSettings StaticDNS1 Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of a request parameter provided to the HNAP1 SOAP endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18818.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-1325_firmwaredap-1325DAP-1325dap-1325_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-41197
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.47% / 80.10%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 02:11
Updated-12 Mar, 2025 | 17:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-1325 HNAP SetHostIPv6StaticSettings StaticDefaultGateway Command Injection Remote Code Execution Vulnerability

D-Link DAP-1325 HNAP SetHostIPv6StaticSettings StaticDefaultGateway Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of a request parameter provided to the HNAP1 SOAP endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18817.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-1325_firmwaredap-1325DAP-1325dap-1325_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-41201
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.47% / 80.10%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 02:11
Updated-12 Mar, 2025 | 17:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-1325 HNAP SetSetupWizardStatus Enabled Command Injection Remote Code Execution Vulnerability

D-Link DAP-1325 HNAP SetSetupWizardStatus Enabled Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of a request parameter provided to the HNAP1 SOAP endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18821.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-1325_firmwaredap-1325DAP-1325dap-1325_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
  • Previous
  • 1
  • 2
  • Next
Details not found