Total
2378 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-51296 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | N/A | 8.8 HIGH |
| In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the pingtrace function. | |||||
| CVE-2024-51299 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | N/A | 8.8 HIGH |
| In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the dumpSyslog function. | |||||
| CVE-2024-51300 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | N/A | 8.8 HIGH |
| In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_rrd function. | |||||
| CVE-2024-51301 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | N/A | 8.8 HIGH |
| In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the packet_monitor function. | |||||
| CVE-2024-51258 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | N/A | 8.8 HIGH |
| DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doSSLTunnel function. | |||||
| CVE-2024-51254 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | N/A | 8.8 HIGH |
| DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the sign_cacertificate function. | |||||
| CVE-2024-51259 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | N/A | 9.8 CRITICAL |
| DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the setup_cacertificate function. | |||||
| CVE-2024-51255 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | N/A | 9.8 CRITICAL |
| DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the ruequest_certificate function. | |||||
| CVE-2024-51260 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | N/A | 9.8 CRITICAL |
| DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the acme_process function. | |||||
| CVE-2024-48153 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | N/A | 9.8 CRITICAL |
| DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_subconfig function. | |||||
| CVE-2024-30891 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-04-10 | N/A | 8.8 HIGH |
| A command injection vulnerability exists in /goform/exeCommand in Tenda AC18 v15.03.05.05, which allows attackers to construct cmdinput parameters for arbitrary command execution. | |||||
| CVE-2022-39073 | 1 Zte | 2 Mf286r, Mf286r Firmware | 2025-04-10 | N/A | 9.8 CRITICAL |
| There is a command injection vulnerability in ZTE MF286R, Due to insufficient validation of the input parameters, an attacker could use the vulnerability to execute arbitrary commands. | |||||
| CVE-2022-25923 | 1 Exec-local-bin Project | 1 Exec-local-bin | 2025-04-10 | N/A | 7.4 HIGH |
| Versions of the package exec-local-bin before 1.2.0 are vulnerable to Command Injection via the theProcess() functionality due to improper user-input sanitization. | |||||
| CVE-2025-25632 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-04-09 | N/A | 9.8 CRITICAL |
| Tenda AC15 v15.03.05.19 is vulnerable to Command Injection via the handler function in /goform/telnet. | |||||
| CVE-2025-22912 | 1 Edimax | 2 Re11s, Re11s Firmware | 2025-04-09 | N/A | 9.8 CRITICAL |
| RE11S v1.11 was discovered to contain a command injection vulnerability via the component /goform/formAccept. | |||||
| CVE-2025-22949 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2025-04-09 | N/A | 9.8 CRITICAL |
| Tenda ac9 v1.0 firmware v15.03.05.19 is vulnerable to command injection in /goform/SetSambaCfg, which may lead to remote arbitrary code execution. | |||||
| CVE-2025-27083 | 2025-04-09 | N/A | 7.2 HIGH | ||
| Authenticated command injection vulnerabilities exist in the AOS-10 GW and AOS-8 Controller/Mobility Conductor web-based management interface. Successful exploitation of these vulnerabilities allows an Authenticated attacker to execute arbitrary commands as a privileged user on the underlying operating system. | |||||
| CVE-2024-32282 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2025-04-09 | N/A | 6.3 MEDIUM |
| Tenda FH1202 v1.2.0.14(408) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter. | |||||
| CVE-2024-34204 | 1 Totolink | 2 Cp450, Cp450 Firmware | 2025-04-09 | N/A | 9.8 CRITICAL |
| TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the setUpgradeFW function via the FileName parameter. | |||||
| CVE-2024-34206 | 1 Totolink | 2 Cp450, Cp450 Firmware | 2025-04-09 | N/A | 6.5 MEDIUM |
| TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter. | |||||