A remote command injection vulnerability exists in Vacron Network Video Recorder (NVR) devices v1.4 due to improper input sanitization in the board.cgi script. The vulnerability allows unauthenticated
Vacron Camera ping Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Vacron Camera devices. Authe
An authenticated command injection vulnerability exists in the Beward N100 IP Camera firmware version M2.1.6.04C014 via the ServerName and TimeZone parameters in the servetest CGI page. An attacker wi
Certain models of NVR developed by Digiever has an OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device.
An OS command injection vulnerability exists in AVTECH IP camera, DVR, and NVR devices via the PwdGrp.cgi endpoint, which handles user and group management operations. Authenticated users can supply i
An OS command injection vulnerability exists in AVTECH DVR, NVR, and IP camera devices within the adcommand.cgi endpoint, which interfaces with the ActionD daemon. Authenticated users can invoke the D
An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi?action=cgi_query. The use of wget without input sanitization allows attackers to inject shell commands th
A command injection vulnerability exists in LILIN Digital Video Recorder (DVR) devices prior to firmware version 2.0b60_20200207 via the Server field in the NTPUpdate configuration. The web service at
An OS command injection vulnerability exists in white-labeled DVRs manufactured by TVT, affecting a custom HTTP service called "Cross Web Server" that listens on TCP ports 81 and 82. The web interface
A vulnerability, which was classified as critical, was found in Netcore NBR1005GPEV2, B6V2, COVER5, NAP830, NAP930, NBR100V2, NBR200V2 and POWER13 up to 20250508. This affects an unknown part of the f
The E-Mail Security Virtual Appliance (ESVA) (tested on version ESVA_2057) contains an unauthenticated command injection vulnerability in the learn-msg.cgi script. The CGI handler fails to sanitize us
An OS command injection vulnerability exists in EnGenius EnShare Cloud Service version 1.4.11 and earlier. The usbinteract.cgi script fails to properly sanitize user input passed to the path parameter
An unauthenticated command injection vulnerability exists in the Start_EPI function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The vulnerability occurs bec
A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function UploadOpenVpnCert of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of
A command injection vulnerability exists in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to place arbi
A command injection vulnerability in the szc script of the ccurtsinger/stabilizer repository allows remote attackers to execute arbitrary system commands via unsanitized user input passed to os.system
A command injection vulnerability exists in LILIN Digital Video Recorder (DVR) devices prior to firmware version 2.0b60_20200207 due to insufficient sanitization of the FTP and NTP Server fields in th
A vulnerability, which was classified as critical, has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected by this issue is some unknown f
VideoFlow Digital Video Protection DVP 2.10 contains an authenticated remote code execution vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting a cross
A command injection vulnerability has been identified in the Telnet command-line interface (CLI) of TP-Link TL-MR6400 v5.3. This issue is caused by insufficient sanitization of data processed during
Page 1+ Next →