Total
1851 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-38866 | 1 Comfast | 2 Cf-xr11, Cf-xr11 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub_415588. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter interface and display_name. | |||||
| CVE-2023-38865 | 1 Comfast | 2 Cf-xr11, Cf-xr11 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub_4143F0. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter timestr. | |||||
| CVE-2023-38864 | 1 Comfast | 2 Cf-xr11, Cf-xr11 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the protal_delete_picname parameter in the sub_41171C function at bin/webmgnt. | |||||
| CVE-2023-38863 | 1 Comfast | 2 Cf-xr11, Cf-xr11 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the ifname and mac parameters in the sub_410074 function at bin/webmgnt. | |||||
| CVE-2023-38862 | 1 Comfast | 2 Cf-xr11, Cf-xr11 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the destination parameter of sub_431F64 function in bin/webmgnt. | |||||
| CVE-2023-38861 | 1 Wavlink | 2 Wl-wn575a3, Wl-wn575a3 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue in Wavlink WL_WNJ575A3 v.R75A3_V1410_220513 allows a remote attacker to execute arbitrary code via username parameter of the set_sys_adm function in adm.cgi. | |||||
| CVE-2023-38829 | 1 Netis-systems | 2 Wf2409e, Wf2409e Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| An issue in NETIS SYSTEMS WF2409E v.3.6.42541 allows a remote attacker to execute arbitrary code via the ping and traceroute functions of the diagnostic tools component in the admin management interface. | |||||
| CVE-2023-38690 | 1 Matrix | 1 Matrix Irc Bridge | 2024-11-21 | N/A | 5.8 MEDIUM |
| matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to version 1.0.1, it is possible to craft a command with newlines which would not be properly parsed. This would mean you could pass a string of commands as a channel name, which would then be run by the IRC bridge bot. Versions 1.0.1 and above are patched. There are no robust workarounds to the bug. One may disable dynamic channels in the config to disable the most common execution method but others may exist. | |||||
| CVE-2023-38336 | 1 Netkit | 1 Netkit | 2024-11-21 | N/A | 9.8 CRITICAL |
| netkit-rcp in rsh-client 0.17-24 allows command injection via filenames because /bin/sh is used by susystem, a related issue to CVE-2006-0225, CVE-2019-7283, and CVE-2020-15778. | |||||
| CVE-2023-38286 | 2 Codecentric, Thymeleaf | 2 Spring Boot Admin, Thymeleaf | 2024-11-21 | N/A | 7.5 HIGH |
| Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin (aka Spring Boot Admin) through 3.1.1 and other products, allows sandbox bypass via crafted HTML. This may be relevant for SSTI (Server Side Template Injection) and code execution in spring-boot-admin if MailNotifier is enabled and there is write access to environment variables via the UI. | |||||
| CVE-2023-38193 | 1 Superwebmailer | 1 Superwebmailer | 2024-11-21 | N/A | 8.8 HIGH |
| An issue was discovered in SuperWebMailer 9.00.0.01710. It allows Remote Code Execution via a crafted sendmail command line. | |||||
| CVE-2023-38034 | 1 Ui | 47 U6-enterprise, U6-enterprise-iw, U6-extender and 44 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| A command injection vulnerability in the DHCP Client function of all UniFi Access Points and Switches, excluding the Switch Flex Mini, could allow a Remote Code Execution (RCE). Affected Products: All UniFi Access Points (Version 6.5.53 and earlier) All UniFi Switches (Version 6.5.32 and earlier) -USW Flex Mini excluded. Mitigation: Update UniFi Access Points to Version 6.5.62 or later. Update UniFi Switches to Version 6.5.59 or later. | |||||
| CVE-2023-38027 | 1 Myspotcam | 2 Sense, Sense Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| SpotCam Co., Ltd. SpotCam Sense’s hidden Telnet function has a vulnerability of OS command injection. An remote unauthenticated attacker can exploit this vulnerability to execute command injection attack to perform arbitrary system commands or disrupt service. | |||||
| CVE-2023-37794 | 1 Wayos | 2 Fbm-291w, Fbm-291w Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| WAYOS FBM-291W 19.09.11V was discovered to contain a command injection vulnerability via the component /upgrade_filter.asp. | |||||
| CVE-2023-37679 | 1 Nextgen | 1 Mirth Connect | 2024-11-21 | N/A | 9.8 CRITICAL |
| A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server. | |||||
| CVE-2023-37568 | 1 Elecom | 4 Wrc-1167gebk-s, Wrc-1167gebk-s Firmware, Wrc-1167ghbk-s and 1 more | 2024-11-21 | N/A | 8.0 HIGH |
| ELECOM wireless LAN routers WRC-1167GHBK-S v1.03 and earlier, and WRC-1167GEBK-S v1.03 and earlier allow a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page. | |||||
| CVE-2023-37567 | 1 Elecom | 2 Wrc-1167ghbk3-a, Wrc-1167ghbk3-a Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a remote unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port of the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, and LAN-W301NR all versions. | |||||
| CVE-2023-37566 | 1 Elecom | 4 Wrc-1167febk-a, Wrc-1167febk-a Firmware, Wrc-1167ghbk3-a and 1 more | 2024-11-21 | N/A | 8.0 HIGH |
| Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, and LAN-W301NR all versions. | |||||
| CVE-2023-37469 | 1 Icewhale | 1 Casaos | 2024-11-21 | N/A | 8.8 HIGH |
| CasaOS is an open-source personal cloud system. Prior to version 0.4.4, if an authenticated user using CasaOS is able to successfully connect to a controlled SMB server, they are able to execute arbitrary commands. Version 0.4.4 contains a patch for the issue. | |||||
| CVE-2023-37214 | 1 Heights-t | 2 Ero1xs-pro, Ero1xs-pro Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Heights Telecom ERO1xS-Pro Dual-Band FW version BZ_ERO1XP.025. | |||||