Search CVEs

Commands can be injected over the network and executed without authentication.

Remote Code Execution vulnerability that allows unauthenticated attackers to inject arbitrary commands into the hostname of the device.

Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the Iface parameter in the action_wireless function.

An attacker may inject commands via specially-crafted post requests.

An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetNetworkSettings' functionality of prog.cgi, where th

An unauthenticated remote attacker can execute OS commands via UDP on the device due to missing authentication.

An unauthenticated command injection vulnerability exists in the Start_EPI function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The vulnerability occurs bec

An OS command injection vulnerability in the web management interface of certain ASUS router models allows remote authenticated administrators to execute arbitrary system commands via a crafted parame

There is a command injection vulnerability that may allow an attacker to inject malicious input on the device's operating system.

An arbitrary OS command may be executed on the product by a remote unauthenticated attacker.

A command injection vulnerability could allow an authenticated user to execute operating system commands as root via a specially crafted API request.

DCME-320 v7.4.12.90 was discovered to contain a command injection vulnerability.

An unauthenticated remote command execution vulnerability exists in Samsung WLAN AP WEA453e firmware prior to version 5.2.4.T1 via improper input validation in the “Tech Support” diagnostic functional

Atcom 100M IP Phones firmware version 2.7.x.x contains an authenticated command injection vulnerability in the web configuration CGI script that allows attackers to execute arbitrary system commands.

This vulnerability allows authenticated attackers to execute commands via the hostname of the device.

Netgear EX6120 v1.0.0.68, Netgear EX6100 v1.0.2.28, and Netgear EX3700 v1.0.0.96 are vulnerable to command injection in operating_mode.cgi via the ap_mode parameter.

Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the iface parameter in the action_bandwidth function.

An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi?action=cgi_query. The use of wget without input sanitization allows attackers to inject shell commands th

An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetDynamicDNSSettings' functionality, where the 'Server

WGS-80HPT-V2 and WGS-4215-8T2S are vulnerable to a command injection attack that could allow an unauthenticated attacker to execute OS commands on the host system.