Several OS command injection vulnerabilities exist in the device firmware in the /var/salia/mqtt.php script. By publishing a specially crafted message to a certain MQTT topic arbitrary OS commands can
Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device.
An OS command injection vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow local network attackers to execute commands.
We have already fi
OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the action_wireless in file /usr/lib/lua/luci/control/admin
An OS command injection vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow remote attackers to execute commands.
We have already fixed the
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3)
Cato Networks’ Socket versions prior to 25 contain a command injection vulnerability that allows an authenticated attacker with access to the Socket web interface (UI) to execute arbitrary operating s
A command injection vulnerability could allow an authenticated user to execute operating system commands as root via a specially crafted API request.
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause command injection in BLMon that is executed in the operating sy
OS Command Injection vulnerability in Ruijie RG-YST EST, YSTAP_3.0(1)B11P280YST250F V1.xxV2.xx allowing attackers to execute arbitrary commands via a crafted POST request to the pwdmodify in file /usr
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses an inherently dangerous function which could allow an attacker to send a malicious MQTT message resulting in devices executing arb
An OS command injection (CWE-78) vulnerability in FortiWAN version 4.5.7 and below Command Line Interface may allow a local, authenticated and unprivileged attacker to escalate their privileges to roo
The affected product permits OS command injection through improperly restricted commands, potentially allowing attackers to execute arbitrary code.
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in WN-7D36QR and WN-7D36QR/UE. If this vulnerability is exploited, an arbitrary OS command may b
Command injection vulnerability in the Edge Computing UI for the
TRO600 series radios that allows for the execution of arbitrary system commands. If exploited, an attacker with write access to the
web
A command injection vulnerability in the device’s Root CA certificate transfer workflow allows a high-privileged attacker to send crafted HTTP POST requests that result in arbitrary command execution
Multiple wireless router models from Sapido have an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server. The af
OS Command Injection in iSTAR Ultra products web application allows an authenticated attacker to gain even more privileged access ('root' user) to the device firmware.
OS command injection vulnerability exists in AIPHONE IX SYSTEM and IXG SYSTEM. A network-adjacent authenticated attacker may execute an arbitrary OS command with root privileges by sending a specially
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in +F FS010M versions prior to V2.0.0_1101. If this vulnerability is exploited, an arbitrary OS
Page 1+ Next →