Total
2452 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-13330 | 1 Terra-master | 1 Terramaster Operating System | 2019-10-02 | 9.0 HIGH | 7.2 HIGH |
| System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands during group creation via the "groupname" parameter. | |||||
| CVE-2018-13318 | 1 Buffalo | 2 Ts5600d1206, Ts5600d1206 Firmware | 2019-10-02 | 6.5 MEDIUM | 7.2 HIGH |
| System command injection in User.create method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute system commands via the "name" parameter. | |||||
| CVE-2018-13316 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2019-10-02 | 10.0 HIGH | 9.8 CRITICAL |
| System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "subnet" POST parameter. | |||||
| CVE-2018-13314 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2019-10-02 | 10.0 HIGH | 9.8 CRITICAL |
| System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ipAddr" POST parameter. | |||||
| CVE-2018-13311 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2019-10-02 | 10.0 HIGH | 9.8 CRITICAL |
| System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "sambaUser" POST parameter. | |||||
| CVE-2018-13307 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2019-10-02 | 10.0 HIGH | 9.8 CRITICAL |
| System command injection in fromNtp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ntpServerIp2" POST parameter. Certain payloads cause the device to become permanently inoperable. | |||||
| CVE-2018-13306 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2019-10-02 | 10.0 HIGH | 9.8 CRITICAL |
| System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ftpUser" POST parameter. | |||||
| CVE-2018-16144 | 1 Opsview | 1 Opsview | 2019-10-02 | 10.0 HIGH | 9.8 CRITICAL |
| The test connection functionality in the NetAudit section of Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to command injection due to improper sanitization of the rancid_password parameter. | |||||
| CVE-2018-13320 | 1 Buffalo | 2 Ts5600d1206, Ts5600d1206 Firmware | 2019-10-02 | 6.5 MEDIUM | 7.2 HIGH |
| System Command Injection in network.set_auth_settings in Buffalo TS5600D1206 version 3.70-0.10 allows attackers to execute system commands via the adminUsername and adminPassword parameters. | |||||
| CVE-2018-13023 | 1 Mi | 2 Mi Router 3, Miwifi Os | 2019-10-02 | 9.0 HIGH | 8.8 HIGH |
| System command injection vulnerability in wifi_access in Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute system commands via the "timeout" URL parameter. | |||||
| CVE-2018-12972 | 1 Opentsdb | 1 Opentsdb | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in OpenTSDB 2.3.0. Many parameters to the /q URI can execute commands, including o, key, style, and yrange and y2range and their JSON input. | |||||
| CVE-2018-12692 | 1 Tp-link | 2 Tl-wa850re, Tl-wa850re Firmware | 2019-10-02 | 6.5 MEDIUM | 8.8 HIGH |
| TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the wps_setup_pin parameter to /data/wps.setup.json. | |||||
| CVE-2018-12313 | 1 Asustor | 2 As602t, Data Master | 2019-10-02 | 10.0 HIGH | 9.8 CRITICAL |
| OS command injection in snmp.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands without authentication via the "rocommunity" URL parameter. | |||||
| CVE-2018-1235 | 1 Emc | 2 Recoverpoint, Recoverpoint For Virtual Machines | 2019-10-02 | 10.0 HIGH | 9.8 CRITICAL |
| Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contain a command injection vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to execute arbitrary commands on the affected system with root privilege. | |||||
| CVE-2018-12268 | 1 Acccheck Project | 1 Acccheck.pl | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
| acccheck.pl in acccheck 0.2.1 allows Command Injection via shell metacharacters in a username or password file, as demonstrated by injection into an smbclient command line. | |||||
| CVE-2018-11510 | 1 Asustor | 1 Adm | 2019-10-02 | 5.0 MEDIUM | 9.8 CRITICAL |
| The ASUSTOR ADM 3.1.0.RFQ3 NAS portal suffers from an unauthenticated remote code execution vulnerability in the portal/apis/aggrecate_js.cgi file by embedding OS commands in the 'script' parameter. | |||||
| CVE-2018-1144 | 1 Belkin | 2 N750, N750 Firmware | 2019-10-02 | 10.0 HIGH | 9.8 CRITICAL |
| A remote unauthenticated user can execute commands as root in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to proxy.cgi. | |||||
| CVE-2018-1143 | 1 Belkin | 2 N750, N750 Firmware | 2019-10-02 | 10.0 HIGH | 9.8 CRITICAL |
| A remote unauthenticated user can execute commands as root in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to twonky_command.cgi. | |||||
| CVE-2018-11189 | 1 Quest | 1 Disk Backup | 2019-10-02 | 9.0 HIGH | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 1 of 6). | |||||
| CVE-2018-11188 | 1 Quest | 1 Disk Backup | 2019-10-02 | 6.5 MEDIUM | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 46 of 46). | |||||