Total
2556 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-32664 | 1 Mediatek | 7 En7516, En7528, En7529 and 4 more | 2025-04-10 | 8.8 High |
| In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. Patch ID: A20220004; Issue ID: OSBNB00140929. | ||||
| CVE-2024-51304 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | 8.8 High |
| In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the ldap_search_dn function. | ||||
| CVE-2024-51257 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | 8.8 High |
| DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doCertificate function. | ||||
| CVE-2024-51296 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | 8.8 High |
| In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the pingtrace function. | ||||
| CVE-2024-51299 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | 8.8 High |
| In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the dumpSyslog function. | ||||
| CVE-2024-51300 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | 8.8 High |
| In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_rrd function. | ||||
| CVE-2024-51301 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | 8.8 High |
| In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the packet_monitor function. | ||||
| CVE-2024-51258 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | 8.8 High |
| DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doSSLTunnel function. | ||||
| CVE-2024-51254 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | 8.8 High |
| DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the sign_cacertificate function. | ||||
| CVE-2024-51259 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | 9.8 Critical |
| DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the setup_cacertificate function. | ||||
| CVE-2024-51255 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | 9.8 Critical |
| DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the ruequest_certificate function. | ||||
| CVE-2024-51260 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | 9.8 Critical |
| DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the acme_process function. | ||||
| CVE-2022-39088 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-10 | 6.7 Medium |
| In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. | ||||
| CVE-2022-39087 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-10 | 6.7 Medium |
| In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. | ||||
| CVE-2022-39086 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-10 | 6.7 Medium |
| In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. | ||||
| CVE-2022-39085 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-10 | 6.7 Medium |
| In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. | ||||
| CVE-2024-48153 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | 9.8 Critical |
| DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_subconfig function. | ||||
| CVE-2024-30891 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-04-10 | 8.8 High |
| A command injection vulnerability exists in /goform/exeCommand in Tenda AC18 v15.03.05.05, which allows attackers to construct cmdinput parameters for arbitrary command execution. | ||||
| CVE-2022-39073 | 1 Zte | 2 Mf286r, Mf286r Firmware | 2025-04-10 | 9.8 Critical |
| There is a command injection vulnerability in ZTE MF286R, Due to insufficient validation of the input parameters, an attacker could use the vulnerability to execute arbitrary commands. | ||||
| CVE-2022-25923 | 1 Exec-local-bin Project | 1 Exec-local-bin | 2025-04-10 | 7.4 High |
| Versions of the package exec-local-bin before 1.2.0 are vulnerable to Command Injection via the theProcess() functionality due to improper user-input sanitization. | ||||