Total
1397 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-24153 | 1 Totolink | 2 T8, T8 Firmware | 2023-02-10 | N/A | 9.8 CRITICAL |
| A command injection vulnerability in the version parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | |||||
| CVE-2023-24152 | 1 Totolink | 2 T8, T8 Firmware | 2023-02-09 | N/A | 9.8 CRITICAL |
| A command injection vulnerability in the serverIp parameter in the function meshSlaveUpdate of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | |||||
| CVE-2023-24151 | 1 Totolink | 2 T8, T8 Firmware | 2023-02-09 | N/A | 9.8 CRITICAL |
| A command injection vulnerability in the ip parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | |||||
| CVE-2023-24150 | 1 Totolink | 2 T8, T8 Firmware | 2023-02-09 | N/A | 9.8 CRITICAL |
| A command injection vulnerability in the serverIp parameter in the function meshSlaveDlfw of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | |||||
| CVE-2023-24154 | 1 Totolink | 2 T8, T8 Firmware | 2023-02-09 | N/A | 9.8 CRITICAL |
| TOTOLINK T8 V4.1.5cu was discovered to contain a command injection vulnerability via the slaveIpList parameter in the function setUpgradeFW. | |||||
| CVE-2023-24156 | 1 Totolink | 2 T8, T8 Firmware | 2023-02-09 | N/A | 9.8 CRITICAL |
| A command injection vulnerability in the ip parameter in the function recvSlaveUpgstatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | |||||
| CVE-2023-0638 | 1 Trendnet | 2 Tew-811dru, Tew-811dru Firmware | 2023-02-09 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in TRENDnet TEW-811DRU 1.0.10.0 and classified as critical. This vulnerability affects unknown code of the component Web Interface. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-220018 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-24157 | 1 Totolink | 2 T8, T8 Firmware | 2023-02-09 | N/A | 9.8 CRITICAL |
| A command injection vulnerability in the serverIp parameter in the function updateWifiInfo of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | |||||
| CVE-2023-0640 | 1 Trendnet | 2 Tew-652brp, Tew-652brp Firmware | 2023-02-09 | N/A | 9.8 CRITICAL |
| A vulnerability was found in TRENDnet TEW-652BRP 3.04b01. It has been classified as critical. Affected is an unknown function of the file ping.ccp of the component Web Interface. The manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220020. | |||||
| CVE-2023-24148 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2023-02-09 | N/A | 9.8 CRITICAL |
| TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadUserData function. | |||||
| CVE-2023-22657 | 1 F5 | 2 F5os-a, F5os-c | 2023-02-09 | N/A | 7.8 HIGH |
| On F5OS-A beginning in version 1.2.0 to before 1.3.0 and F5OS-C beginning in version 1.3.0 to before 1.5.0, processing F5OS tenant file names may allow for command injection. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2023-0646 | 1 Dst-admin Project | 1 Dst-admin | 2023-02-09 | N/A | 7.5 HIGH |
| A vulnerability classified as critical was found in dst-admin 1.5.0. Affected by this vulnerability is an unknown functionality of the file /home/cavesConsole. The manipulation of the argument command leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220033 was assigned to this vulnerability. | |||||
| CVE-2023-0647 | 1 Dst-admin Project | 1 Dst-admin | 2023-02-09 | N/A | 7.5 HIGH |
| A vulnerability, which was classified as critical, has been found in dst-admin 1.5.0. Affected by this issue is some unknown functionality of the file /home/kickPlayer. The manipulation of the argument userId leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-220034 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-0649 | 1 Dst-admin Project | 1 Dst-admin | 2023-02-09 | N/A | 7.5 HIGH |
| A vulnerability has been found in dst-admin 1.5.0 and classified as critical. This vulnerability affects unknown code of the file /home/sendBroadcast. The manipulation of the argument message leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220036. | |||||
| CVE-2023-0648 | 1 Dst-admin Project | 1 Dst-admin | 2023-02-09 | N/A | 7.5 HIGH |
| A vulnerability, which was classified as critical, was found in dst-admin 1.5.0. This affects an unknown part of the file /home/masterConsole. The manipulation of the argument command leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-220035. | |||||
| CVE-2023-0611 | 1 Trendnet | 2 Tew-652brp, Tew-652brp Firmware | 2023-02-08 | N/A | 8.8 HIGH |
| A vulnerability, which was classified as critical, has been found in TRENDnet TEW-652BRP 3.04B01. This issue affects some unknown processing of the file get_set.ccp of the component Web Management Interface. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-219935. | |||||
| CVE-2022-45095 | 1 Dell | 1 Emc Powerscale Onefs | 2023-02-08 | N/A | 6.7 MEDIUM |
| Dell PowerScale OneFS, 8.2.x-9.4.x, contain a command injection vulnerability. An authenticated user having access local shell and having the privilege to gather logs from the cluster could potentially exploit this vulnerability, leading to execute arbitrary commands, denial of service, information disclosure, and data deletion. | |||||
| CVE-2022-25916 | 1 Mt7688-wiscan Project | 1 Mt7688-wiscan | 2023-02-08 | N/A | 7.8 HIGH |
| Versions of the package mt7688-wiscan before 0.8.3 are vulnerable to Command Injection due to improper input sanitization in the 'wiscan.scan' function. | |||||
| CVE-2023-24612 | 1 Pdfbook Project | 1 Pdfbook | 2023-02-07 | N/A | 9.8 CRITICAL |
| The PdfBook extension through 2.0.5 before b07b6a64 for MediaWiki allows command injection via an option. | |||||
| CVE-2022-48107 | 1 Dlink | 2 Dir 878, Dir 878 Firmware | 2023-02-07 | N/A | 9.8 CRITICAL |
| D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /setnetworksettings/IPAddress. This vulnerability allows attackers to escalate privileges to root via a crafted payload. | |||||