Total
5729 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-1362 | 1 Cambiumnetworks | 1 Cnmaestro | 2025-04-16 | 5 Medium |
| The affected On-Premise cnMaestro is vulnerable inside a specific route where a user can upload a crafted package to the system. An attacker could abuse this user-controlled data to execute arbitrary commands on the server. | ||||
| CVE-2022-25171 | 1 P4 Project | 1 P4 | 2025-04-16 | 7.4 High |
| The package p4 before 0.0.7 are vulnerable to Command Injection via the run() function due to improper input sanitization | ||||
| CVE-2019-25024 | 1 Alleghenycreative | 1 Openrepeater | 2025-04-16 | 9.8 Critical |
| OpenRepeater (ORP) before 2.2 allows unauthenticated command injection via shell metacharacters in the functions/ajax_system.php post_service parameter. | ||||
| CVE-2022-24431 | 1 Abacus-ext-cmdline Project | 1 Abacus-ext-cmdline | 2025-04-15 | 7.4 High |
| All versions of package abacus-ext-cmdline are vulnerable to Command Injection via the execute function due to improper user-input sanitization. | ||||
| CVE-2022-3183 | 1 Dataprobe | 24 Iboot-pdu4-n20, Iboot-pdu4-n20 Firmware, Iboot-pdu4a-n15 and 21 more | 2025-04-15 | 9.8 Critical |
| Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where a specific function does not sanitize the input provided by the user, which may expose the affected to an OS command injection vulnerability. | ||||
| CVE-2021-40408 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2025-04-15 | 9.8 Critical |
| An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [1] or [2], based on DDNS type, the ddns->username variable, that has the value of the userName parameter provided through the SetDdns API, is not validated properly. This would lead to an OS command injection. | ||||
| CVE-2021-40409 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2025-04-15 | 9.8 Critical |
| An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [1] or [2], based on DDNS type, the ddns->password variable, that has the value of the password parameter provided through the SetDdns API, is not validated properly. This would lead to an OS command injection. | ||||
| CVE-2021-40410 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2025-04-15 | 7.2 High |
| An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [4] the dns_data->dns1 variable, that has the value of the dns1 parameter provided through the SetLocal API, is not validated properly. This would lead to an OS command injection. | ||||
| CVE-2021-40411 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2025-04-15 | 7.2 High |
| An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [6] the dns_data->dns2 variable, that has the value of the dns2 parameter provided through the SetLocalLink API, is not validated properly. This would lead to an OS command injection. | ||||
| CVE-2021-40412 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2025-04-15 | 7.2 High |
| An OScommand injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [8] the devname variable, that has the value of the name parameter provided through the SetDevName API, is not validated properly. This would lead to an OS command injection. | ||||
| CVE-2022-26007 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2025-04-15 | 7.2 High |
| An OS command injection vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability. | ||||
| CVE-2022-26042 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2025-04-15 | 8.8 High |
| An OS command injection vulnerability exists in the daretools binary functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. | ||||
| CVE-2022-26075 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2025-04-15 | 8.8 High |
| An OS command injection vulnerability exists in the console infactory_wlan functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. | ||||
| CVE-2022-26085 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2025-04-15 | 8.8 High |
| An OS command injection vulnerability exists in the httpd wlscan_ASP functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2022-26420 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2025-04-15 | 8.8 High |
| An OS command injection vulnerability exists in the console infactory_port functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. | ||||
| CVE-2022-26518 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2025-04-15 | 8.8 High |
| An OS command injection vulnerability exists in the console infactory_net functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. | ||||
| CVE-2022-33312 | 1 Robustel | 2 R1510, R1510 Firmware | 2025-04-15 | 9.8 Critical |
| Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/action/import_cert_file/` API is affected by command injection vulnerability. | ||||
| CVE-2022-33313 | 1 Robustel | 2 R1510, R1510 Firmware | 2025-04-15 | 9.8 Critical |
| Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/action/import_https_cert_file/` API is affected by command injection vulnerability. | ||||
| CVE-2022-33314 | 1 Robustel | 2 R1510, R1510 Firmware | 2025-04-15 | 9.8 Critical |
| Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/action/import_sdk_file/` API is affected by command injection vulnerability. | ||||
| CVE-2022-33325 | 1 Robustel | 2 R1510, R1510 Firmware | 2025-04-15 | 9.8 Critical |
| Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/ajax/clear_tools_log/` API is affected by command injection vulnerability. | ||||