Total
3312 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-43510 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 4.7 Medium |
| A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a non-privileged user on the underlying operating system leading to partial system compromise. | ||||
| CVE-2023-43477 | 1 Telstra | 2 Arcadyan Lh1000, Arcadyan Lh1000 Firmware | 2024-11-21 | 6.8 Medium |
| The ping_from parameter of ping_tracerte.cgi in the web UI of Telstra Smart Modem Gen 2 (Arcadyan LH1000), firmware versions < 0.18.15r, was not properly sanitized before being used in a system call, which could allow an authenticated attacker to achieve command injection as root on the device. | ||||
| CVE-2023-43455 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | 9.8 Critical |
| An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the command parameter of the setting/setTracerouteCfg component. | ||||
| CVE-2023-43453 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | 9.8 Critical |
| An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the IP parameter of the setDiagnosisCfg component. | ||||
| CVE-2023-43322 | 1 Zpesystems | 1 Nodegrid Os | 2024-11-21 | 8.8 High |
| ZPE Systems, Inc Nodegrid OS v5.0.0 to v5.0.17, v5.2.0 to v5.2.19, v5.4.0 to v5.4.16, v5.6.0 to v5.6.13, v5.8.0 to v5.8.10, and v5.10.0 to v5.10.3 was discovered to contain a command injection vulnerability via the endpoint /v1/system/toolkit/files/. | ||||
| CVE-2023-43207 | 1 Dlink | 2 Dwl-6610ap, Dwl-6610ap Firmware | 2024-11-21 | 8 High |
| D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function config_upload_handler. This vulnerability allows attackers to execute arbitrary commands via the configRestore parameter. | ||||
| CVE-2023-43206 | 1 Dlink | 2 Dwl-6610ap, Dwl-6610ap Firmware | 2024-11-21 | 8 High |
| D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function web_cert_download_handler. This vulnerability allows attackers to execute arbitrary commands via the certDownload parameter. | ||||
| CVE-2023-43204 | 1 Dlink | 2 Dwl-6610ap, Dwl-6610ap Firmware | 2024-11-21 | 8 High |
| D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function sub_2EF50. This vulnerability allows attackers to execute arbitrary commands via the manual-time-string parameter. | ||||
| CVE-2023-43202 | 1 Dlink | 2 Dwl-6610ap, Dwl-6610ap Firmware | 2024-11-21 | 8 High |
| D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function pcap_download_handler. This vulnerability allows attackers to execute arbitrary commands via the update.device.packet-capture.tftp-file-name parameter. | ||||
| CVE-2023-43138 | 2 Tp-link, Tplink | 3 Tl-er5120g, Tl-er5120g Firmware, Tl-er5120g | 2024-11-21 | 8.8 High |
| TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds NAPT rules after authentication, and the rule name has an injection point. | ||||
| CVE-2023-43137 | 2 Tp-link, Tplink | 3 Tl-er5120g, Tl-er5120g Firmware, Tl-er5120g | 2024-11-21 | 8.8 High |
| TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds ACL rules after authentication, and the rule name parameter has injection points. | ||||
| CVE-2023-43128 | 2 D-link, Dlink | 4 Dir-806 1200m11ac, Dir806a1 Fw100cnb11, Dir-806 and 1 more | 2024-11-21 | 9.8 Critical |
| D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection due to lax filtering of HTTP_ST parameters. | ||||
| CVE-2023-42810 | 1 Systeminformation | 1 Systeminformation | 2024-11-21 | 9.8 Critical |
| systeminformation is a System Information Library for Node.JS. Versions 5.0.0 through 5.21.6 have a SSID Command Injection Vulnerability. The problem was fixed with a parameter check in version 5.21.7. As a workaround, check or sanitize parameter strings that are passed to `wifiConnections()`, `wifiNetworks()` (string only). | ||||
| CVE-2023-42326 | 1 Netgate | 2 Pfsense, Pfsense Plus | 2024-11-21 | 8.8 High |
| An issue in Netgate pfSense v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the interfaces_gif_edit.php and interfaces_gre_edit.php components. | ||||
| CVE-2023-42136 | 1 Paxtechnology | 9 A50, A6650, A77 and 6 more | 2024-11-21 | 7.8 High |
| PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow the execution of arbitrary commands with system account privilege by shell injection starting with a specific word. The attacker must have shell access to the device in order to exploit this vulnerability. | ||||
| CVE-2023-41303 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| Command injection vulnerability in the distributed file system module. Successful exploitation of this vulnerability may cause variables in the sock structure to be modified. | ||||
| CVE-2023-41283 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2024-11-21 | 5.5 Medium |
| An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTScloud c5.1.5.2651 and later | ||||
| CVE-2023-41031 | 1 Juplink | 2 Rx4-1500, Rx4-1500 Firmware | 2024-11-21 | 8 High |
| Command injection in homemng.htm in Juplink RX4-1500 versions V1.0.2, V1.0.3, V1.0.4, and V1.0.5 allows remote authenticated attackers to execute commands via specially crafted requests to the vulnerable endpoint. | ||||
| CVE-2023-41029 | 1 Juplink | 2 Rx4-1500, Rx4-1500 Firmware | 2024-11-21 | 8 High |
| Command injection vulnerability in the homemng.htm endpoint in Juplink RX4-1500 Wifi router firmware versions V1.0.2, V1.0.3, V1.0.4, and V1.0.5 allows authenticated remote attackers to execute commands as root via specially crafted HTTP requests to the vulnerable endpoint. | ||||
| CVE-2023-41011 | 2 China Mobile Communications, Chinamobile | 3 China Mobile Intelligent Home Gateway, Intelligent Home Gateway, Intelligent Home Gateway Firmware | 2024-11-21 | 9.8 Critical |
| Command Execution vulnerability in China Mobile Communications China Mobile Intelligent Home Gateway v.HG6543C4 allows a remote attacker to execute arbitrary code via the shortcut_telnet.cg component. | ||||