Total
798 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-39001 | 1 Opnsense | 1 Opnsense | 2024-11-21 | N/A | 9.8 CRITICAL |
| A command injection vulnerability in the component diag_backup.php of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary commands via a crafted backup configuration file. | |||||
| CVE-2023-38942 | 1 Dango | 1 Dango-translator | 2024-11-21 | N/A | 9.8 CRITICAL |
| Dango-Translator v4.5.5 was discovered to contain a remote command execution (RCE) vulnerability via the component app/config/cloud_config.json. | |||||
| CVE-2023-38941 | 1 Ehco1996 | 1 Django-sspanel | 2024-11-21 | N/A | 9.8 CRITICAL |
| django-sspanel v2022.2.2 was discovered to contain a remote command execution (RCE) vulnerability via the component sspanel/admin_view.py -> GoodsCreateView._post. | |||||
| CVE-2023-38928 | 1 Netgear | 2 R7100lg, R7100lg Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Netgear R7100LG 1.0.0.78 was discovered to contain a command injection vulnerability via the password parameter at usb_remote_invite.cgi. | |||||
| CVE-2023-38866 | 1 Comfast | 2 Cf-xr11, Cf-xr11 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub_415588. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter interface and display_name. | |||||
| CVE-2023-38865 | 1 Comfast | 2 Cf-xr11, Cf-xr11 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub_4143F0. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter timestr. | |||||
| CVE-2023-38864 | 1 Comfast | 2 Cf-xr11, Cf-xr11 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the protal_delete_picname parameter in the sub_41171C function at bin/webmgnt. | |||||
| CVE-2023-38863 | 1 Comfast | 2 Cf-xr11, Cf-xr11 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the ifname and mac parameters in the sub_410074 function at bin/webmgnt. | |||||
| CVE-2023-38862 | 1 Comfast | 2 Cf-xr11, Cf-xr11 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the destination parameter of sub_431F64 function in bin/webmgnt. | |||||
| CVE-2023-38861 | 1 Wavlink | 2 Wl-wn575a3, Wl-wn575a3 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue in Wavlink WL_WNJ575A3 v.R75A3_V1410_220513 allows a remote attacker to execute arbitrary code via username parameter of the set_sys_adm function in adm.cgi. | |||||
| CVE-2023-38336 | 1 Netkit | 1 Netkit | 2024-11-21 | N/A | 9.8 CRITICAL |
| netkit-rcp in rsh-client 0.17-24 allows command injection via filenames because /bin/sh is used by susystem, a related issue to CVE-2006-0225, CVE-2019-7283, and CVE-2020-15778. | |||||
| CVE-2023-38034 | 1 Ui | 47 U6-enterprise, U6-enterprise-iw, U6-extender and 44 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| A command injection vulnerability in the DHCP Client function of all UniFi Access Points and Switches, excluding the Switch Flex Mini, could allow a Remote Code Execution (RCE). Affected Products: All UniFi Access Points (Version 6.5.53 and earlier) All UniFi Switches (Version 6.5.32 and earlier) -USW Flex Mini excluded. Mitigation: Update UniFi Access Points to Version 6.5.62 or later. Update UniFi Switches to Version 6.5.59 or later. | |||||
| CVE-2023-38027 | 1 Myspotcam | 2 Sense, Sense Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| SpotCam Co., Ltd. SpotCam Sense’s hidden Telnet function has a vulnerability of OS command injection. An remote unauthenticated attacker can exploit this vulnerability to execute command injection attack to perform arbitrary system commands or disrupt service. | |||||
| CVE-2023-37794 | 1 Wayos | 2 Fbm-291w, Fbm-291w Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| WAYOS FBM-291W 19.09.11V was discovered to contain a command injection vulnerability via the component /upgrade_filter.asp. | |||||
| CVE-2023-37679 | 1 Nextgen | 1 Mirth Connect | 2024-11-21 | N/A | 9.8 CRITICAL |
| A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server. | |||||
| CVE-2023-37567 | 1 Elecom | 2 Wrc-1167ghbk3-a, Wrc-1167ghbk3-a Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a remote unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port of the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, and LAN-W301NR all versions. | |||||
| CVE-2023-37214 | 1 Heights-t | 2 Ero1xs-pro, Ero1xs-pro Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Heights Telecom ERO1xS-Pro Dual-Band FW version BZ_ERO1XP.025. | |||||
| CVE-2023-37149 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadSetting function. | |||||
| CVE-2023-37148 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the ussd parameter in the setUssd function. | |||||
| CVE-2023-37146 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function. | |||||