Total
4387 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-13316 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2024-11-21 | N/A |
| System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "subnet" POST parameter. | ||||
| CVE-2018-13314 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2024-11-21 | N/A |
| System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ipAddr" POST parameter. | ||||
| CVE-2018-13311 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2024-11-21 | N/A |
| System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "sambaUser" POST parameter. | ||||
| CVE-2018-13307 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2024-11-21 | N/A |
| System command injection in fromNtp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ntpServerIp2" POST parameter. Certain payloads cause the device to become permanently inoperable. | ||||
| CVE-2018-13306 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2024-11-21 | N/A |
| System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ftpUser" POST parameter. | ||||
| CVE-2018-13285 | 1 Synology | 1 Router Manager | 2024-11-21 | N/A |
| Command injection vulnerability in ftpd in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command. | ||||
| CVE-2018-13023 | 1 Mi | 2 Mi Router 3, Miwifi Os | 2024-11-21 | N/A |
| System command injection vulnerability in wifi_access in Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute system commands via the "timeout" URL parameter. | ||||
| CVE-2018-12972 | 1 Opentsdb | 1 Opentsdb | 2024-11-21 | N/A |
| An issue was discovered in OpenTSDB 2.3.0. Many parameters to the /q URI can execute commands, including o, key, style, and yrange and y2range and their JSON input. | ||||
| CVE-2018-12692 | 1 Tp-link | 2 Tl-wa850re, Tl-wa850re Firmware | 2024-11-21 | N/A |
| TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the wps_setup_pin parameter to /data/wps.setup.json. | ||||
| CVE-2018-12670 | 1 Sv3c | 4 H.264 Poe Ip Camera Firmware, Sv-b01poe-1080p-l, Sv-b11vpoe-1080p-l and 1 more | 2024-11-21 | N/A |
| SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices allow OS Command Injection. | ||||
| CVE-2018-12591 | 1 Ubnt | 2 Edgeswitch, Edgeswitch Firmware | 2024-11-21 | N/A |
| Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an improperly neutralized element in an OS command due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with access to an admin account could escape the restricted CLI and execute arbitrary shell instructions. | ||||
| CVE-2018-12577 | 1 Tp-link | 2 Tl-wr841n, Tl-wr841n Firmware | 2024-11-21 | N/A |
| The Ping and Traceroute features on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow authenticated blind Command Injection. | ||||
| CVE-2018-12483 | 1 Ocsinventory-ng | 1 Ocsinventory Ng | 2024-11-21 | N/A |
| OCS Inventory 2.4.1 is prone to a remote command-execution vulnerability. Specifically, this issue occurs because the content of the ipdiscover_analyser rzo GET parameter is concatenated to a string used in an exec() call in the PHP code. Authentication is needed in order to exploit this vulnerability. | ||||
| CVE-2018-12465 | 1 Microfocus | 1 Secure Messaging Gateway | 2024-11-21 | N/A |
| An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway (SMG) allows a remote attacker authenticated as a privileged user to execute arbitrary OS commands on the SMG server. This can be exploited in conjunction with CVE-2018-12464 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that used GWAVA product name (i.e. GWAVA 6.5). | ||||
| CVE-2018-12317 | 1 Asustor | 2 As-602t, Data Master | 2024-11-21 | N/A |
| OS command injection in group.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root by modifying the "name" POST parameter. | ||||
| CVE-2018-12316 | 1 Asustor | 2 As602t, Data Master | 2024-11-21 | N/A |
| OS Command Injection in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands by modifying the filename POST parameter. | ||||
| CVE-2018-12313 | 1 Asustor | 2 As602t, Data Master | 2024-11-21 | N/A |
| OS command injection in snmp.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands without authentication via the "rocommunity" URL parameter. | ||||
| CVE-2018-12312 | 1 Asustor | 2 As602t, Data Master | 2024-11-21 | N/A |
| OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "secret_key" URL parameter. | ||||
| CVE-2018-12307 | 1 Asustor | 2 As602t, Data Master | 2024-11-21 | N/A |
| OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "name" POST parameter. | ||||
| CVE-2018-12268 | 1 Acccheck Project | 1 Acccheck.pl | 2024-11-21 | N/A |
| acccheck.pl in acccheck 0.2.1 allows Command Injection via shell metacharacters in a username or password file, as demonstrated by injection into an smbclient command line. | ||||