Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-8693

Summary
Assigner-Zyxel
Assigner Org ID-96e50032-ad0d-4058-a115-4d2c13821f9f
Published At-18 Nov, 2025 | 01:25
Updated At-26 Feb, 2026 | 16:56
Rejected At-
Credits

A post-authentication command injection vulnerability in the "priv" parameter of Zyxel DX3300-T0 firmware version 5.50(ABVY.6.3)C0 and earlier could allow an authenticated attacker to execute operating system (OS) commands on an affected device.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Zyxel
Assigner Org ID:96e50032-ad0d-4058-a115-4d2c13821f9f
Published At:18 Nov, 2025 | 01:25
Updated At:26 Feb, 2026 | 16:56
Rejected At:
â–¼CVE Numbering Authority (CNA)

A post-authentication command injection vulnerability in the "priv" parameter of Zyxel DX3300-T0 firmware version 5.50(ABVY.6.3)C0 and earlier could allow an authenticated attacker to execute operating system (OS) commands on an affected device.

Affected Products
Vendor
Zyxel Networks CorporationZyxel
Product
DX3300-T0 firmware
Default Status
unaffected
Versions
Affected
  • <= 5.50(ABVY.6.3)C0
Problem Types
TypeCWE IDDescription
CWECWE-78CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Type: CWE
CWE ID: CWE-78
Description: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Metrics
VersionBase scoreBase severityVector
3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-uncontrolled-resource-consumption-and-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-security-routers-and-wireless-extenders-11-18-2025
vendor-advisory
Hyperlink: https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-uncontrolled-resource-consumption-and-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-security-routers-and-wireless-extenders-11-18-2025
Resource:
vendor-advisory
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@zyxel.com.tw
Published At:18 Nov, 2025 | 02:15
Updated At:15 Dec, 2025 | 14:03

A post-authentication command injection vulnerability in the "priv" parameter of Zyxel DX3300-T0 firmware version 5.50(ABVY.6.3)C0 and earlier could allow an authenticated attacker to execute operating system (OS) commands on an affected device.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches

Zyxel Networks Corporation
zyxel
>>dm4200-b0_firmware>>Versions up to 5.17\(acbs.1.3\)c0(inclusive)
cpe:2.3:o:zyxel:dm4200-b0_firmware:*:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>dm4200-b0>>-
cpe:2.3:h:zyxel:dm4200-b0:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>dx3300-t0_firmware>>Versions up to 5.50\(abvy.6.3\)c0(inclusive)
cpe:2.3:o:zyxel:dx3300-t0_firmware:*:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>dx3300-t0>>-
cpe:2.3:h:zyxel:dx3300-t0:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>dx3300-t1_firmware>>Versions up to 5.50\(abvy.6.3\)c0(inclusive)
cpe:2.3:o:zyxel:dx3300-t1_firmware:*:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>dx3300-t1>>-
cpe:2.3:h:zyxel:dx3300-t1:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>dx3301-t0_firmware>>Versions up to 5.50\(abvy.6.3\)c0(inclusive)
cpe:2.3:o:zyxel:dx3301-t0_firmware:*:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>dx3301-t0>>-
cpe:2.3:h:zyxel:dx3301-t0:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>dx4510-b1_firmware>>Versions up to 5.17\(abyl.9\)c0(inclusive)
cpe:2.3:o:zyxel:dx4510-b1_firmware:*:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>dx4510-b1>>-
cpe:2.3:h:zyxel:dx4510-b1:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>dx5401-b0_firmware>>Versions up to 5.17\(abyo.7\)b2(inclusive)
cpe:2.3:o:zyxel:dx5401-b0_firmware:*:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>dx5401-b0>>-
cpe:2.3:h:zyxel:dx5401-b0:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>dx5401-b1_firmware>>Versions up to 5.17\(abyo.7\)b2(inclusive)
cpe:2.3:o:zyxel:dx5401-b1_firmware:*:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>dx5401-b1>>-
cpe:2.3:h:zyxel:dx5401-b1:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>ee3301-00_firmware>>Versions up to 5.63\(acmu.1.1\)c0(inclusive)
cpe:2.3:o:zyxel:ee3301-00_firmware:*:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>ee3301-00>>-
cpe:2.3:h:zyxel:ee3301-00:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>ee5301-00_firmware>>Versions up to 5.63\(acld.1.1\)c0(inclusive)
cpe:2.3:o:zyxel:ee5301-00_firmware:*:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>ee5301-00>>-
cpe:2.3:h:zyxel:ee5301-00:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>ee6510-10_firmware>>Versions up to 5.19\(acjq.3\)c0(inclusive)
cpe:2.3:o:zyxel:ee6510-10_firmware:*:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>ee6510-10>>-
cpe:2.3:h:zyxel:ee6510-10:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>ex3300-t0_firmware>>Versions up to 5.50\(abvy.6.3\)c0(inclusive)
cpe:2.3:o:zyxel:ex3300-t0_firmware:*:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>ex3300-t0>>-
cpe:2.3:h:zyxel:ex3300-t0:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>ex3300-t0_firmware>>Versions up to 5.50\(acdi.2.1\)c0(inclusive)
cpe:2.3:o:zyxel:ex3300-t0_firmware:*:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>ex3300-t0>>-
cpe:2.3:h:zyxel:ex3300-t0:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>ex3300-t1_firmware>>Versions up to 5.50\(abvy.6.3\)c0(inclusive)
cpe:2.3:o:zyxel:ex3300-t1_firmware:*:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>ex3300-t1>>-
cpe:2.3:h:zyxel:ex3300-t1:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>ex3301-t0_firmware>>Versions up to 5.50\(abvy.6.3\)c0(inclusive)
cpe:2.3:o:zyxel:ex3301-t0_firmware:*:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>ex3301-t0>>-
cpe:2.3:h:zyxel:ex3301-t0:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>ex3500-t0_firmware>>Versions up to 5.44\(achr.4\)c0(inclusive)
cpe:2.3:o:zyxel:ex3500-t0_firmware:*:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>ex3500-t0>>-
cpe:2.3:h:zyxel:ex3500-t0:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>ex3501-t0_firmware>>Versions up to 5.44\(achr.4\)c0(inclusive)
cpe:2.3:o:zyxel:ex3501-t0_firmware:*:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>ex3501-t0>>-
cpe:2.3:h:zyxel:ex3501-t0:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>ex3510-b0_firmware>>Versions up to 5.17\(abup.15\)c0(inclusive)
cpe:2.3:o:zyxel:ex3510-b0_firmware:*:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>ex3510-b0>>-
cpe:2.3:h:zyxel:ex3510-b0:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>ex3510-b1_firmware>>Versions up to 5.17\(abup.15\)c0(inclusive)
cpe:2.3:o:zyxel:ex3510-b1_firmware:*:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>ex3510-b1>>-
cpe:2.3:h:zyxel:ex3510-b1:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>ex3600-t0_firmware>>Versions up to 5.70\(acif.1.2\)c0(inclusive)
cpe:2.3:o:zyxel:ex3600-t0_firmware:*:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>ex3600-t0>>-
cpe:2.3:h:zyxel:ex3600-t0:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>ex5401-b0_firmware>>Versions up to 5.17\(abyo.7\)b2(inclusive)
cpe:2.3:o:zyxel:ex5401-b0_firmware:*:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>ex5401-b0>>-
cpe:2.3:h:zyxel:ex5401-b0:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>ex5401-b1_firmware>>Versions up to 5.17\(abyo.7\)b2(inclusive)
cpe:2.3:o:zyxel:ex5401-b1_firmware:*:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>ex5401-b1>>-
cpe:2.3:h:zyxel:ex5401-b1:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>ex5501-b0_firmware>>Versions up to 5.17\(abry.5.5\)c0(inclusive)
cpe:2.3:o:zyxel:ex5501-b0_firmware:*:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>ex5501-b0>>-
cpe:2.3:h:zyxel:ex5501-b0:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>ex5510-b0_firmware>>Versions up to 5.17\(abqx.10\)c0(inclusive)
cpe:2.3:o:zyxel:ex5510-b0_firmware:*:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>ex5510-b0>>-
cpe:2.3:h:zyxel:ex5510-b0:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>ex5512-t0_firmware>>Versions up to 5.70\(aceg.5\)c0(inclusive)
cpe:2.3:o:zyxel:ex5512-t0_firmware:*:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>ex5512-t0>>-
cpe:2.3:h:zyxel:ex5512-t0:-:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>ex5601-t0_firmware>>Versions up to 5.70\(acdz.4.1\)c0(inclusive)
cpe:2.3:o:zyxel:ex5601-t0_firmware:*:*:*:*:*:*:*:*
Zyxel Networks Corporation
zyxel
>>ex5601-t0>>-
cpe:2.3:h:zyxel:ex5601-t0:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-78Secondarysecurity@zyxel.com.tw
CWE ID: CWE-78
Type: Secondary
Source: security@zyxel.com.tw
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-uncontrolled-resource-consumption-and-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-security-routers-and-wireless-extenders-11-18-2025security@zyxel.com.tw
Vendor Advisory
Hyperlink: https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-uncontrolled-resource-consumption-and-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-security-routers-and-wireless-extenders-11-18-2025
Source: security@zyxel.com.tw
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

1143Records found

CVE-2026-8264
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-2.89% / 85.20%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 02:15
Updated-11 May, 2026 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC6 httpd WifiApScan formWifiApScan os command injection

A weakness has been identified in Tenda AC6 15.03.06.23. Affected by this vulnerability is the function formWifiApScan of the file /goform/WifiApScan of the component httpd. Executing a manipulation of the argument wl2g.public.country/wl5g.public.country can lead to os command injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac6ac6_firmwareAC6
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-43536
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-1.41% / 69.39%
||
7 Day CHG~0.00%
Published-03 Jan, 2023 | 20:03
Updated-10 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploits could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)Aruba Networks
Product-clearpass_policy_managerAruba ClearPass Policy Manager
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-16663
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-84.70% / 99.68%
||
7 Day CHG~0.00%
Published-28 Oct, 2019 | 11:53
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to search.crud.php because the catCommand parameter is passed to the exec function without filtering, which can lead to command execution.

Action-Not Available
Vendor-rconfign/a
Product-rconfign/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-22481
Matching Score-4
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-4
Assigner-QNAP Systems, Inc.
CVSS Score-8.7||HIGH
EPSS-0.92% / 56.06%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 15:53
Updated-26 Feb, 2026 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QTS, QuTS hero

A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.2.4.3079 build 20250321 and later QuTS hero h5.2.4.3079 build 20250321 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-quts_heroqtsQuTS heroQTS
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-7816
Matching Score-4
Assigner-PostgreSQL
ShareView Details
Matching Score-4
Assigner-PostgreSQL
CVSS Score-8.7||HIGH
EPSS-1.44% / 70.05%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 14:35
Updated-26 May, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
pgAdmin 4: OS command injection in Import/Export query export via psql metacommand breakout

OS command injection (CWE-78) vulnerability in pgAdmin 4 Import/Export query export. User-supplied input was interpolated directly into a psql \copy metacommand template without sanitization. An authenticated user could inject ") TO PROGRAM 'cmd'" to break out of the \copy (...) context and achieve arbitrary command execution on the pgAdmin server, or ") TO '/path'" for arbitrary file write. Additional fields (format, on_error, log_verbosity) were also raw-interpolated and exploitable. Fix adds a parens-balance parser modeled on psql's strtokx tokenizer, allow-lists format/on_error/log_verbosity, rejects null bytes in the query, and tightens type and gating checks. This issue affects pgAdmin 4: before 9.15.

Action-Not Available
Vendor-pgadminpgadmin.org
Product-pgadmin_4pgAdmin 4
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-26274
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.4||MEDIUM
EPSS-2.71% / 84.19%
||
7 Day CHG~0.00%
Published-16 Dec, 2020 | 19:30
Updated-04 Aug, 2024 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Command Injection Vulnerability in systeminformation

In systeminformation (npm package) before version 4.31.1 there is a command injection vulnerability. The problem was fixed in version 4.31.1 with a shell string sanitation fix.

Action-Not Available
Vendor-systeminformationsebhildebrandt
Product-systeminformationsysteminformation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-25759
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-2.27% / 80.96%
||
7 Day CHG~0.00%
Published-15 Dec, 2020 | 19:28
Updated-04 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on D-Link DSR-250 3.17 devices. Certain functionality in the Unified Services Router web interface could allow an authenticated attacker to execute arbitrary commands, due to a lack of validation of inputs provided in multipart HTTP POST requests.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dsr-500_firmwaredsr-1000_firmwaredsr-500dsr-500n_firmwaredsr-150dsr-250ndsr-150ndsr-250n_firmwaredsr-1000n_firmwaredsr-250dsr-150n_firmwaredsr-500acdsr-1000ac_firmwaredsr-150_firmwaredsr-1000dsr-1000acdsr-500ac_firmwaredsr-500ndsr-250_firmwaredsr-1000nn/a
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-3880
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-4.42% / 90.17%
||
7 Day CHG~0.00%
Published-16 Apr, 2024 | 19:00
Updated-27 Jan, 2025 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda W30E WriteFacMac formWriteFacMac os command injection

A vulnerability has been found in Tenda W30E 1.0.1.25(633) and classified as critical. This vulnerability affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-260914 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-w30ew30e_firmwareW30Ew30e
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-7096
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-4.08% / 89.46%
||
7 Day CHG~0.00%
Published-27 Apr, 2026 | 06:45
Updated-30 Apr, 2026 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda HG3 formgponConf os command injection

A security flaw has been discovered in Tenda HG3 2.0 300003070. This vulnerability affects the function formgponConf of the file /boaform/admin/formgponConf. The manipulation of the argument fmgpon_loid results in os command injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-hg3_firmwarehg3HG3
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-7119
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-3.27% / 86.89%
||
7 Day CHG~0.00%
Published-27 Apr, 2026 | 11:30
Updated-30 Apr, 2026 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda HG3 formCountrystr os command injection

A vulnerability was detected in Tenda HG3 2.0. The impacted element is an unknown function of the file /boaform/formCountrystr. The manipulation of the argument countrystr results in os command injection. The attack may be performed from remote. The exploit is now public and may be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-hg3_firmwarehg3HG3
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-42139
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-18.16% / 96.85%
||
7 Day CHG~0.00%
Published-13 Dec, 2022 | 00:00
Updated-22 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Delta Electronics DVW-W02W2-E2 1.5.0.10 is vulnerable to Command Injection via Crafted URL.

Action-Not Available
Vendor-n/aDelta Electronics, Inc.
Product-dvw-w02w2-e2_firmwaredvw-w02w2-e2n/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-20349
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.32% / 24.23%
||
7 Day CHG+0.01%
Published-13 Nov, 2025 | 16:18
Updated-26 Feb, 2026 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco DNA Center API Command Injection Vulnerability

A vulnerability in the REST API of Cisco Catalyst Center could allow an authenticated, remote attacker to execute arbitrary commands in a restricted container as the root user. This vulnerability is due to insufficient validation of user-supplied input in REST API request parameters. An attacker could exploit this vulnerability by sending a crafted API request to an affected device. A successful exploit could allow the attacker to inject arbitrary commands that would then be executed in a restricted container with root privileges. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Observer.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-catalyst_centerCisco Digital Network Architecture Center (DNA Center)
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-6281
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-8.7||HIGH
EPSS-0.45% / 35.71%
||
7 Day CHG~0.00%
Published-13 May, 2026 | 14:15
Updated-13 May, 2026 | 18:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user on the local network to execute arbitrary commands on the device.

Action-Not Available
Vendor-Lenovo Group Limited
Product-Personal Cloud A1Personal Cloud A1sPersonal Cloud T2Personal Cloud X1sPersonal Cloud T2sPersonal Cloud T2ProHome Storage Hub X20Personal Cloud T1Personal Cloud X1Home Storage Hub T20
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-2276
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-8.8||HIGH
EPSS-1.62% / 73.19%
||
7 Day CHG~0.00%
Published-16 Sep, 2020 | 13:20
Updated-04 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Selection tasks Plugin 1.0 and earlier executes a user-specified program on the Jenkins controller, allowing attackers with Job/Configure permission to execute an arbitrary system command on the Jenkins controller as the OS user that the Jenkins process is running as.

Action-Not Available
Vendor-Jenkins
Product-selection_tasksJenkins Selection tasks Plugin
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-5707
Matching Score-4
Assigner-Amazon
ShareView Details
Matching Score-4
Assigner-Amazon
CVSS Score-8.7||HIGH
EPSS-0.99% / 58.35%
||
7 Day CHG~0.00%
Published-06 Apr, 2026 | 21:25
Updated-10 Apr, 2026 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Command Injection via Virtual Desktop Session Name in AWS Research and Engineering Studio (RES)

Unsanitized input in an OS command in the virtual desktop session name handling in AWS Research and Engineering Studio (RES) version 2025.03 through 2025.12.01 might allow a remote authenticated actor to execute arbitrary commands as root on the virtual desktop host via a crafted session name. To remediate this issue, users are advised to upgrade to RES version 2026.03 or apply the corresponding mitigation patch to their existing environment.

Action-Not Available
Vendor-amazonAWS
Product-research_and_engineering_studioResearch and Engineering Studio (RES)
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-5709
Matching Score-4
Assigner-Amazon
ShareView Details
Matching Score-4
Assigner-Amazon
CVSS Score-7.7||HIGH
EPSS-1.09% / 61.24%
||
7 Day CHG~0.00%
Published-06 Apr, 2026 | 21:32
Updated-10 Apr, 2026 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AWS Research and Engineering Studio (RES) FileBrowser Command Injection

Unsanitized input in the FileBrowser API in AWS Research and Engineering Studio (RES) version 2024.10 through 2025.12.01 might allow a remote authenticated actor to execute arbitrary commands on the cluster-manager EC2 instance via crafted input when using the FileBrowser functionality. To remediate this issue, users are advised to upgrade to RES version 2026.03 or apply the corresponding mitigation patch to their existing environment.

Action-Not Available
Vendor-amazonAWS
Product-research_and_engineering_studioResearch and Engineering Studio (RES)
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-20186
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-1.16% / 63.24%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 17:37
Updated-26 Feb, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web-based management interface of the Wireless LAN Controller feature of Cisco IOS XE Software could allow an authenticated, remote attacker with a lobby ambassador user account to perform a command injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary Cisco IOS XE Software CLI commands with privilege level 15. Note: This vulnerability is exploitable only if the attacker obtains the credentials for a lobby ambassador account. This account is not configured by default.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Software
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-5967
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-8.7||HIGH
EPSS-0.37% / 29.15%
||
7 Day CHG~0.00%
Published-20 Apr, 2026 | 07:44
Updated-12 May, 2026 | 15:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TeamT5|ThreatSonar Anti-Ransomware - Privilege Escalation

ThreatSonar Anti-Ransomware developed by TeamT5 has an Privilege Escalation vulnerability. Authenticated remote attackers with shell access can inject OS commands and execute them with root privileges.

Action-Not Available
Vendor-teamt5TeamT5
Product-threatsonar_anti-ransomwareThreatSonar Anti-Ransomware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-42290
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-7.2||HIGH
EPSS-1.01% / 59.03%
||
7 Day CHG~0.00%
Published-13 Jan, 2023 | 02:28
Updated-07 Apr, 2025 | 17:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_a100_firmwaredgx_a100NVIDIA DGX servers
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2013-2024
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-4.52% / 90.38%
||
7 Day CHG~0.00%
Published-31 Oct, 2019 | 19:57
Updated-06 Aug, 2024 | 15:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OS command injection vulnerability in the "qs" procedure from the "utils" module in Chicken before 4.9.0.

Action-Not Available
Vendor-call-ccchickenDebian GNU/Linux
Product-chickendebian_linuxchicken
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-20029
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-8.7||HIGH
EPSS-7.84% / 93.97%
||
7 Day CHG~0.00%
Published-05 Feb, 2025 | 17:31
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP iControl REST and tmsh vulnerability

Command injection vulnerability exists in iControl REST and BIG-IP TMOS Shell (tmsh) save command, which may allow an authenticated attacker to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_global_traffic_managerbig-ip_application_acceleration_managerbig-ip_carrier-grade_natbig-ip_ddos_hybrid_defenderbig-ip_advanced_firewall_managerbig-ip_policy_enforcement_managerbig-ip_local_traffic_managerbig-ip_webacceleratorbig-ip_access_policy_managerbig-ip_advanced_web_application_firewallbig-ip_fraud_protection_servicebig-ip_analyticsbig-ip_ssl_orchestratorbig-ip_edge_gatewaybig-ip_link_controllerbig-ip_container_ingress_servicesbig-ip_application_security_managerbig-ip_automation_toolchainbig-ip_domain_name_systembig-ip_application_visibility_and_reportingbig-ip_websafeBIG-IP
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-41955
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-1.49% / 71.05%
||
7 Day CHG~0.00%
Published-14 Jan, 2023 | 00:09
Updated-03 Aug, 2024 | 12:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Autolab is vulnerable to remote code execution (RCE) via MOSS functionality

Autolab is a course management service, initially developed by a team of students at Carnegie Mellon University, that enables instructors to offer autograded programming assignments to their students over the Web. A remote code execution vulnerability was discovered in Autolab's MOSS functionality, whereby an instructor with access to the feature might be able to execute code on the server hosting Autolab. This vulnerability has been patched in version 2.10.0. As a workaround, disable the MOSS feature if it is unneeded by replacing the body of `run_moss` in `app/controllers/courses_controller.rb` with `render(plain: "Feature disabled", status: :bad_request) && return`.

Action-Not Available
Vendor-autolabprojectautolab
Product-autolabAutolab
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2019-1650
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-3.48% / 87.66%
||
7 Day CHG~0.00%
Published-24 Jan, 2019 | 15:00
Updated-20 Nov, 2024 | 17:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco SD-WAN Solution Arbitrary File Overwrite Vulnerability

A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the save command in the CLI of the affected software. An attacker could exploit this vulnerability by modifying the save command in the CLI of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the underlying operating system of an affected device and escalate their privileges to the root user.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-vedge_2000sd-wanvedge_100_firmwarevbond_orchestratorvedge_5000_firmwarevedge_1000_firmwarevedge_5000vsmart_controllervedge_100vmanage_network_managementvedge_2000_firmwarevedge_1000Cisco SD-WAN Solution
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-15254
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-3.26% / 86.86%
||
7 Day CHG~0.00%
Published-30 Dec, 2025 | 15:32
Updated-24 Feb, 2026 | 07:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda W6-S ATE Service ate TendaAte os command injection

A vulnerability was found in Tenda W6-S 1.0.0.4(510). This affects the function TendaAte of the file /goform/ate of the component ATE Service. Performing a manipulation results in os command injection. The attack may be initiated remotely. The exploit has been made public and could be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-w6-s_firmwarew6-sW6-S
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-15388
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-8.7||HIGH
EPSS-0.87% / 54.46%
||
7 Day CHG~0.00%
Published-31 Dec, 2025 | 09:01
Updated-31 Dec, 2025 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QNO Technology|VPN Firewall - OS Command Injection

VPN Firewall developed by QNO Technology has an OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server.

Action-Not Available
Vendor-QNO Technology
Product-VPN Firewall
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-42289
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-7.2||HIGH
EPSS-1.01% / 59.03%
||
7 Day CHG~0.00%
Published-13 Jan, 2023 | 02:09
Updated-07 Apr, 2025 | 17:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_a100_firmwaredgx_a100NVIDIA DGX servers
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-57999
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-7.7||HIGH
EPSS-1.18% / 63.86%
||
7 Day CHG~0.00%
Published-29 Jun, 2026 | 18:16
Updated-30 Jun, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
luci-app-tailscale-community - Command Injection via tailscale.do_login RPC

luci-app-tailscale-community contains a command injection vulnerability in the tailscale.do_login RPC method that allows authenticated users to execute arbitrary commands as root. The vulnerability exists because user-controlled loginserver and loginserver_authkey parameters are improperly quoted within a double-quoted shell command, allowing shell substitutions like $() to be evaluated by the outer shell before argument processing.

Action-Not Available
Vendor-OpenWrt
Product-luci-app-tailscale-community
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-58000
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-1.40% / 69.20%
||
7 Day CHG~0.00%
Published-29 Jun, 2026 | 18:16
Updated-30 Jun, 2026 | 12:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
luci-proto-openvpn - Command Injection via cl_meta Parameter in generateKey

luci-proto-openvpn through 0.11.1, fixed in commit e4ff45e, contains a command injection vulnerability in the generateKey ubus method where the cl_meta parameter is interpolated into a shell command without proper escaping or quoting. An authenticated LuCI user with OpenVPN protocol configuration access can inject arbitrary shell metacharacters into cl_meta to execute commands as root via the popen function.

Action-Not Available
Vendor-OpenWrt
Product-luci-proto-openvpn
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2013-10050
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-9.64% / 94.90%
||
7 Day CHG~0.00%
Published-01 Aug, 2025 | 20:39
Updated-26 May, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link Devices tools_vct.xgi Authenticated RCE

An OS command injection vulnerability exists in multiple D-Link routers (confirmed on DIR-300 rev A v1.05 and DIR-615 rev D v4.13) via the authenticated tools_vct.xgi CGI endpoint. The web interface fails to properly sanitize user-supplied input in the pingIp parameter, allowing attackers with valid credentials to inject arbitrary shell commands. Exploitation enables full device compromise, including spawning a telnet daemon and establishing a root shell. The vulnerability is present in firmware versions that expose tools_vct.xgi and use the Mathopd/1.5p6 web server. No vendor patch is available, and affected models are end-of-life.

Action-Not Available
Vendor-D-Link Corporation
Product-dir-300dir-615_firmwaredir-300_firmwaredir-615DIR-615 rev DDIR-300 rev A
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2013-10073
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-3.51% / 87.78%
||
7 Day CHG+0.30%
Published-30 Oct, 2025 | 21:32
Updated-17 Nov, 2025 | 18:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nagios XI < 2012R1.6 Auto-Discovery Shell Command Injection

Nagios XI versions prior to 2012R1.6 contain a shell command injection vulnerability in the Auto-Discovery tool. User-controlled input is passed to a shell without adequate sanitation or argument quoting, allowing an authenticated user with access to discovery functionality to execute arbitrary commands with the privileges of the application service.

Action-Not Available
Vendor-Nagios Enterprises, LLC
Product-nagios_xiXI
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-58452
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-2.42% / 82.18%
||
7 Day CHG~0.00%
Published-01 Jul, 2026 | 15:31
Updated-01 Jul, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
JAIOTlink C492A-W6 4.8.30.57701411 OS Command Injection via SetMAC Endpoint

JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain an OS command injection vulnerability that allows authenticated attackers to achieve remote code execution by supplying a malicious Wireless parameter to the HTTP PUT NetSDK/Factory SetMAC endpoint. Attackers can craft a string beginning with a valid MAC-like prefix followed by a semicolon and a shell payload, which bypasses partial sscanf() validation and is passed unsanitized into an echo shell command executed through a system() wrapper.

Action-Not Available
Vendor-JAIOTlink
Product-C492A-W6 Wi-Fi IP Camera
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-17352
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-4.10% / 89.51%
||
7 Day CHG~0.00%
Published-07 Aug, 2020 | 19:50
Updated-04 Aug, 2024 | 13:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code.

Action-Not Available
Vendor-n/aSophos Ltd.
Product-xg_firewall_firmwaren/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-16790
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.24% / 65.62%
||
7 Day CHG~0.00%
Published-30 Dec, 2019 | 19:15
Updated-31 Dec, 2025 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Code Execution in Tiny File Manager

In Tiny File Manager before 2.3.9, there is a remote code execution via Upload from URL and Edit/Rename files. Only authenticated users are impacted.

Action-Not Available
Vendor-prasathmaniTiny File Manager
Product-tiny_file_managerTiny File Manager
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-1829
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-11.41% / 95.47%
||
7 Day CHG~0.00%
Published-02 Mar, 2025 | 19:00
Updated-03 Apr, 2025 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK X18 cstecgi.cgi setMtknatCfg os command injection

A vulnerability was found in TOTOLINK X18 9.1.0cu.2024_B20220329. It has been declared as critical. This vulnerability affects the function setMtknatCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument mtkhnatEnable leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-TOTOLINK
Product-x18x18_firmwareX18
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-16964
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-2.00% / 78.37%
||
7 Day CHG~0.00%
Published-21 Oct, 2019 | 18:15
Updated-05 Aug, 2024 | 01:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

app/call_centers/cmd.php in the Call Center Queue Module in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated attackers (with at least the permission call_center_queue_add or call_center_queue_edit) to execute any commands on the host as www-data.

Action-Not Available
Vendor-fusionpbxn/a
Product-fusionpbxn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2012-6610
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-10.88% / 95.32%
||
7 Day CHG~0.00%
Published-28 Jan, 2020 | 16:28
Updated-06 Aug, 2024 | 21:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote authenticated users to execute arbitrary commands as demonstrated by a ; (semicolon) to the ping command feature.

Action-Not Available
Vendor-polycomn/a
Product-hdx_video_end_pointsuc_aplhdx_8000n/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-5351
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-4.46% / 90.26%
||
7 Day CHG~0.00%
Published-02 Apr, 2026 | 15:45
Updated-07 Apr, 2026 | 17:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Trendnet TEW-657BRM setup.cgi add_wps_client os command injection

A weakness has been identified in Trendnet TEW-657BRM 1.00.1. This affects the function add_wps_client of the file /setup.cgi. This manipulation of the argument wl_enrolee_pin causes os command injection. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor confirms, that "[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website's product support page and notify customers who registered their products with us." This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-TRENDnet, Inc.
Product-tew-657brm_firmwaretew-657brmTEW-657BRM
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-5352
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-4.12% / 89.56%
||
7 Day CHG~0.00%
Published-02 Apr, 2026 | 16:00
Updated-07 Apr, 2026 | 17:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Trendnet TEW-657BRM setup.cgi edit os command injection

A security vulnerability has been detected in Trendnet TEW-657BRM 1.00.1. This impacts the function Edit of the file /setup.cgi. Such manipulation of the argument pcdb_list leads to os command injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor confirms, that "[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website's product support page and notify customers who registered their products with us." This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-TRENDnet, Inc.
Product-tew-657brm_firmwaretew-657brmTEW-657BRM
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-5353
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-4.78% / 90.83%
||
7 Day CHG~0.00%
Published-02 Apr, 2026 | 16:15
Updated-07 Apr, 2026 | 17:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Trendnet TEW-657BRM setup.cgi ping_test os command injection

A vulnerability was detected in Trendnet TEW-657BRM 1.00.1. Affected is the function ping_test of the file /setup.cgi. Performing a manipulation of the argument c4_IPAddr results in os command injection. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor confirms, that "[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website's product support page and notify customers who registered their products with us." This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-TRENDnet, Inc.
Product-tew-657brm_firmwaretew-657brmTEW-657BRM
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-5354
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-4.78% / 90.83%
||
7 Day CHG~0.00%
Published-02 Apr, 2026 | 16:30
Updated-07 Apr, 2026 | 17:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Trendnet TEW-657BRM setup.cgi vpn_connect os command injection

A flaw has been found in Trendnet TEW-657BRM 1.00.1. Affected by this vulnerability is the function vpn_connect of the file /setup.cgi. Executing a manipulation of the argument policy_name can lead to os command injection. The attack can be executed remotely. The exploit has been published and may be used. The vendor confirms, that "[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website's product support page and notify customers who registered their products with us." This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-TRENDnet, Inc.
Product-tew-657brm_firmwaretew-657brmTEW-657BRM
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-5355
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-4.78% / 90.83%
||
7 Day CHG~0.00%
Published-02 Apr, 2026 | 16:45
Updated-07 Apr, 2026 | 17:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Trendnet TEW-657BRM setup.cgi vpn_drop os command injection

A vulnerability has been found in Trendnet TEW-657BRM 1.00.1. Affected by this issue is the function vpn_drop of the file /setup.cgi. The manipulation of the argument policy_name leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor confirms, that "[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website's product support page and notify customers who registered their products with us." This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-TRENDnet, Inc.
Product-tew-657brm_firmwaretew-657brmTEW-657BRM
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-15499
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-5.27% / 91.56%
||
7 Day CHG~0.00%
Published-09 Jan, 2026 | 21:32
Updated-23 Feb, 2026 | 08:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sangfor Operation and Maintenance Management System VersionController.java uploadCN os command injection

A vulnerability has been found in Sangfor Operation and Maintenance Management System up to 3.0.8. This vulnerability affects the function uploadCN of the file VersionController.java. The manipulation of the argument filename leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Sangfor Technologies Inc.
Product-operation_and_maintenance_management_systemOperation and Maintenance Management System
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-15389
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-8.7||HIGH
EPSS-1.05% / 60.21%
||
7 Day CHG~0.00%
Published-31 Dec, 2025 | 09:12
Updated-31 Dec, 2025 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QNO Technology|VPN Firewall - OS Command Injection

VPN Firewall developed by QNO Technology has an OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server.

Action-Not Available
Vendor-QNO Technology
Product-VPN Firewall
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-5547
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-1.91% / 77.26%
||
7 Day CHG~0.00%
Published-05 Apr, 2026 | 07:15
Updated-30 Apr, 2026 | 13:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC10 httpd formAddMacfilterRule os command injection

A vulnerability has been found in Tenda AC10 16.03.10.10_multi_TDE01. Affected is the function formAddMacfilterRule of the file /bin/httpd. Such manipulation leads to os command injection. It is possible to launch the attack remotely. Multiple endpoints might be affected.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac10_firmwareac10AC10
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-40969
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-5.81% / 92.23%
||
7 Day CHG~0.00%
Published-26 Jan, 2023 | 21:24
Updated-27 Mar, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An os command injection vulnerability exists in the httpd delfile.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-Siretta Ltd.
Product-quartz-gold_firmwarequartz-goldQUARTZ-GOLD
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-15467
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-3.15% / 86.38%
||
7 Day CHG~0.00%
Published-04 Aug, 2020 | 12:48
Updated-04 Aug, 2024 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The administrative interface of Cohesive Networks vns3:vpn appliances before version 4.11.1 is vulnerable to authenticated remote code execution leading to server compromise.

Action-Not Available
Vendor-cohesiven/a
Product-vns3n/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-66213
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.4||CRITICAL
EPSS-2.97% / 85.57%
||
7 Day CHG~0.00%
Published-23 Dec, 2025 | 22:06
Updated-17 Mar, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in File Storage Directory Mount Path

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the File Storage Directory Mount Path functionality allows users with application/service management permissions to execute arbitrary commands as root on managed servers. The file_storage_directory_source parameter is passed directly to shell commands without proper sanitization, enabling full remote code execution on the host system. Version 4.0.0-beta.451 fixes the issue.

Action-Not Available
Vendor-coollabscoollabsio
Product-coolifycoolify
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-16701
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-19.61% / 97.06%
||
7 Day CHG~0.00%
Published-25 Sep, 2019 | 15:45
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

pfSense through 2.3.4 through 2.4.4-p3 allows Remote Code Injection via a methodCall XML document with a pfsense.exec_php call containing shell metacharacters in a parameter value.

Action-Not Available
Vendor-netgaten/a
Product-pfsensen/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-6541
Matching Score-4
Assigner-TP-Link Systems Inc.
ShareView Details
Matching Score-4
Assigner-TP-Link Systems Inc.
CVSS Score-8.6||HIGH
EPSS-0.64% / 46.22%
||
7 Day CHG~0.00%
Published-21 Oct, 2025 | 00:21
Updated-24 Oct, 2025 | 13:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OS command injection using information obtained from the web management interface

An arbitrary OS command may be executed on the product by the user who can log in to the web management interface.

Action-Not Available
Vendor-TP-Link Systems Inc.TP-Link Systems Inc.
Product-er7212pcer7412-m2_firmwarefr205_firmwarefr365_firmwareer8411_firmwareer7412-m2er706w_firmwareg36_firmwareer7212pc_firmwarefr307-m2er706wer8411er706w-4ger605_firmwarefr365er707-m2er7206fr205er706w-4g_firmwarefr307-m2_firmwareer7206_firmwareg611er605g611_firmwareg36er707-m2_firmwareOmada Pro gatewaysFesta gatewaysOmada gateways
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-13687
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.34% / 26.43%
||
7 Day CHG~0.00%
Published-03 Mar, 2026 | 20:45
Updated-04 Mar, 2026 | 03:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DataStage on Cloud Pak for Data is vulnerable to arbitrary code injection due to runtime environment

IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the user-defined function component.

Action-Not Available
Vendor-IBM Corporation
Product-datastage_on_cloud_pak_for_dataDataStage on Cloud Pak for Data
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 22
  • 23
  • Next
Details not found