Search
Total
2443 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-20217 | 1 Dlink | 2 Dir-859, Dir-859 Firmware | 2020-01-31 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because SERVER_ID is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an attacker to concatenate arbitrary commands separated by shell metacharacters. | |||||
| CVE-2019-20216 | 1 Dlink | 2 Dir-859, Dir-859 Firmware | 2020-01-31 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because REMOTE_PORT is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an attacker to concatenate arbitrary commands separated by shell metacharacters. | |||||
| CVE-2013-2060 | 1 Redhat | 1 Openshift | 2020-01-30 | 10.0 HIGH | 9.8 CRITICAL |
| The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary commands via shell metacharacters in the URL of a request to download a cart. | |||||
| CVE-2019-19509 | 1 Rconfig | 1 Rconfig | 2020-01-30 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a GET request to ajaxArchiveFiles.php because the path parameter is passed to the exec function without filtering, which can lead to command execution. | |||||
| CVE-2019-10780 | 1 Bibtex-ruby Project | 1 Bibtex-ruby | 2020-01-30 | 10.0 HIGH | 9.8 CRITICAL |
| BibTeX-ruby before 5.1.0 allows shell command injection due to unsanitized user input being passed directly to the built-in Ruby Kernel.open method through BibTeX.open. | |||||
| CVE-2013-2612 | 1 Huawei | 2 E587, E587 Firmware | 2020-01-30 | 10.0 HIGH | 9.8 CRITICAL |
| Command-injection vulnerability in Huawei E587 3G Mobile Hotspot 11.203.27 allows remote attackers to execute arbitrary shell commands with root privileges due to an error in the Web UI. | |||||
| CVE-2012-4981 | 1 Toshiba | 1 Configfree | 2020-01-30 | 6.8 MEDIUM | 8.8 HIGH |
| Toshiba ConfigFree 8.0.38 has a CF7 File Remote Command Execution Vulnerability | |||||
| CVE-2020-7594 | 1 Multitech | 2 Conduit Mtcdt-lvw2-246a, Conduit Mtcdt-lvw2-246a Firmware | 2020-01-29 | 9.0 HIGH | 7.2 HIGH |
| MultiTech Conduit MTCDT-LVW2-24XX 1.4.17-ocea-13592 devices allow remote authenticated administrators to execute arbitrary OS commands by navigating to the Debug Options page and entering shell metacharacters in the interface JSON field of the ping function. | |||||
| CVE-2020-7980 | 1 Intelliantech | 1 Aptus Web | 2020-01-29 | 10.0 HIGH | 9.8 CRITICAL |
| Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. NOTE: a valid sid cookie for a login to the intellian default account might be needed. | |||||
| CVE-2014-8563 | 1 Synacor | 1 Zimbra Collaboration Server | 2020-01-29 | 7.5 HIGH | 9.8 CRITICAL |
| Synacor Zimbra Collaboration before 8.0.9 allows plaintext command injection during STARTTLS. | |||||
| CVE-2019-19841 | 1 Ruckuswireless | 17 C110, E510, H320 and 14 more | 2020-01-28 | 10.0 HIGH | 9.8 CRITICAL |
| emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=packet-capture to admin/_cmdstat.jsp via the mac attribute. | |||||
| CVE-2019-19842 | 1 Ruckuswireless | 17 C110, E510, H320 and 14 more | 2020-01-27 | 10.0 HIGH | 9.8 CRITICAL |
| emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=spectra-analysis to admin/_cmdstat.jsp via the mac attribute. | |||||
| CVE-2020-7244 | 1 Comtechtel | 2 Stampede Fx-1010, Stampede Fx-1010 Firmware | 2020-01-24 | 9.0 HIGH | 7.2 HIGH |
| Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Poll Routes page and entering shell metacharacters in the Router IP Address field. (In some cases, authentication can be achieved with the comtech password for the comtech account.) | |||||
| CVE-2020-7243 | 1 Comtechtel | 2 Stampede Fx-1010, Stampede Fx-1010 Firmware | 2020-01-24 | 9.0 HIGH | 7.2 HIGH |
| Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Fetch URL page and entering shell metacharacters in the URL field. (In some cases, authentication can be achieved with the comtech password for the comtech account.) | |||||
| CVE-2020-7242 | 1 Comtechtel | 2 Stampede Fx-1010, Stampede Fx-1010 Firmware | 2020-01-24 | 9.0 HIGH | 7.2 HIGH |
| Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Diagnostics Trace Route page and entering shell metacharacters in the Target IP address field. (In some cases, authentication can be achieved with the comtech password for the comtech account.) | |||||
| CVE-2019-10958 | 1 Geutebrueck | 22 G-cam Ebc-2110, G-cam Ebc-2110 Firmware, G-cam Ebc-2111 and 19 more | 2020-01-24 | 9.0 HIGH | 7.2 HIGH |
| Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to network configuration to supply system commands to the server, leading to remote code execution as root. | |||||
| CVE-2019-10956 | 1 Geutebrueck | 22 G-cam Ebc-2110, G-cam Ebc-2110 Firmware, G-cam Ebc-2111 and 19 more | 2020-01-24 | 9.0 HIGH | 7.2 HIGH |
| Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated user, using a specially crafted URL command, to execute commands as root. | |||||
| CVE-2019-20224 | 1 Artica | 1 Pandora Fms | 2020-01-24 | 9.0 HIGH | 8.8 HIGH |
| netflow_get_stats in functions_netflow.php in Pandora FMS 7.0NG allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ip_src parameter in an index.php?operation/netflow/nf_live_view request. This issue has been fixed in Pandora FMS 7.0 NG 742. | |||||
| CVE-2020-1605 | 1 Juniper | 1 Junos | 2020-01-24 | 8.3 HIGH | 8.8 HIGH |
| When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv4 packets who may then arbitrarily execute commands as root on the target device. This issue affects IPv4 JDHCPD services. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D592; 16.1 versions prior to 16.1R7-S6; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R2-S8, 17.2R3-S3; 17.3 versions prior to 17.3R3-S6; 17.4 versions prior to 17.4R2-S7, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3-S2; 18.2X75 versions prior to 18.2X75-D60; 18.3 versions prior to 18.3R1-S6, 18.3R2-S2, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S3, 19.2R2*. and All versions prior to 19.3R1 on Junos OS Evolved. This issue do not affect versions of Junos OS prior to 15.1, or JDHCPD operating as a local server in non-relay mode. | |||||
| CVE-2020-1602 | 1 Juniper | 1 Junos | 2020-01-24 | 8.3 HIGH | 8.8 HIGH |
| When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv4 packets who may remotely take over the code execution of the JDHDCP process. This issue affect IPv4 JDHCPD services. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D592; 16.1 versions prior to 16.1R7-S6; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R2-S8, 17.2R3-S3; 17.3 versions prior to 17.3R3-S6; 17.4 versions prior to 17.4R2-S7, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3-S2; 18.2X75 versions prior to 18.2X75-D60; 18.3 versions prior to 18.3R1-S6, 18.3R2-S2, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S3, 19.2R2*. and All versions prior to 19.3R1 on Junos OS Evolved. This issue do not affect versions of Junos OS prior to 15.1, or JDHCPD operating as a local server in non-relay mode. | |||||
| CVE-2019-19838 | 1 Ruckuswireless | 17 C110, E510, H320 and 14 more | 2020-01-23 | 10.0 HIGH | 9.8 CRITICAL |
| emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=get-platform-depends to admin/_cmdstat.jsp via the uploadFile attribute. | |||||
| CVE-2019-19839 | 1 Ruckuswireless | 17 C110, E510, H320 and 14 more | 2020-01-23 | 10.0 HIGH | 9.8 CRITICAL |
| emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=import-category to admin/_cmdstat.jsp via the uploadFile attribute. | |||||
| CVE-2020-1609 | 1 Juniper | 1 Junos | 2020-01-22 | 8.3 HIGH | 8.8 HIGH |
| When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv6 packets who may then arbitrarily execute commands as root on the target device. This issue affects IPv6 JDHCPD services. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D592; 16.1 versions prior to 16.1R7-S6; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R2-S8, 17.2R3-S3; 17.3 versions prior to 17.3R3-S6; 17.4 versions prior to 17.4R2-S7, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3-S2; 18.2X75 versions prior to 18.2X75-D60; 18.3 versions prior to 18.3R1-S6, 18.3R2-S2, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S3, 19.2R2*. and All versions prior to 19.3R1 on Junos OS Evolved. This issue do not affect versions of Junos OS prior to 15.1, or JDHCPD operating as a local server in non-relay mode. | |||||
| CVE-2019-17621 | 1 Dlink | 28 Dir-818lx, Dir-818lx Firmware, Dir-822 and 25 more | 2020-01-22 | 10.0 HIGH | 9.8 CRITICAL |
| The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network. | |||||
| CVE-2019-17650 | 1 Fortinet | 1 Forticlient | 2020-01-22 | 7.2 HIGH | 7.8 HIGH |
| An Improper Neutralization of Special Elements used in a Command vulnerability in one of FortiClient for Mac OS root processes, may allow a local user of the system on which FortiClient is running to execute unauthorized code as root by bypassing a security check. | |||||
| CVE-2019-18894 | 1 Avast | 1 Premium Security | 2020-01-21 | 9.3 HIGH | 7.8 HIGH |
| In Avast Premium Security 19.8.2393, attackers can send a specially crafted request to the local web server run by Avast Antivirus on port 27275 to support Bank Mode functionality. A flaw in the processing of a command allows execution of arbitrary OS commands with the privileges of the currently logged in user. This allows for example attackers who compromised a browser extension to escape from the browser sandbox. | |||||
| CVE-2019-9197 | 2 Microsoft, Unity3d | 2 Windows, Unity Editor | 2020-01-17 | 6.8 MEDIUM | 8.8 HIGH |
| The com.unity3d.kharma protocol handler in Unity Editor 2018.3 allows remote attackers to execute arbitrary code. | |||||
| CVE-2012-5693 | 1 Bulbsecurity | 1 Smartphone Pentest Framework | 2020-01-17 | 8.3 HIGH | 8.8 HIGH |
| Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddressTB parameter to (1) remoteAttack.pl or (2) guessPassword.pl in frameworkgui/; the filename parameter to (3) CSAttack.pl or (4) SEAttack.pl in frameworkgui/; the phNo2Attack parameter to (5) CSAttack.pl or (6) SEAttack.pl in frameworkgui/; the (7) platformDD2 parameter to frameworkgui/SEAttack.pl; the (8) agentURLPath or (9) agentControlKey parameter to frameworkgui/attach2agents.pl; or the (10) controlKey parameter to frameworkgui/attachMobileModem.pl. NOTE: The hostingPath parameter to CSAttack.pl and SEAttack.pl vectors and the appURLPath parameter to attachMobileModem.pl vector are covered by CVE-2012-5878. | |||||
| CVE-2014-2650 | 1 Atos | 30 Openscape Desk Phone Ip 35g, Openscape Desk Phone Ip 35g Eco, Openscape Desk Phone Ip 35g Eco Firmware and 27 more | 2020-01-17 | 10.0 HIGH | 9.8 CRITICAL |
| Unify OpenStage / OpenScape Desk Phone IP before V3 R3.11.0 SIP has an OS command injection vulnerability in the web based management interface | |||||
| CVE-2019-20348 | 1 Okerthai | 2 G232v1, G232v1 Firmware | 2020-01-15 | 7.2 HIGH | 6.8 MEDIUM |
| OKER G232V1 v1.03.02.20161129 devices provide a root terminal on a UART serial interface without proper access control. This allows attackers with physical access to interrupt the boot sequence in order to execute arbitrary commands with root privileges and conduct further attacks. | |||||
| CVE-2012-5878 | 1 Bulbsecurity | 1 Smartphone Pentest Framework | 2020-01-15 | 10.0 HIGH | 9.8 CRITICAL |
| Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostingPath parameter to (1) SEAttack.pl or (2) CSAttack.pl in frameworkgui/ or the (3) appURLPath parameter to frameworkgui/attachMobileModem.pl. | |||||
| CVE-2019-5987 | 1 Anglers-net | 1 Cgi An-anlyzer | 2020-01-14 | 9.0 HIGH | 8.8 HIGH |
| Access analysis CGI An-Analyzer released in 2019 June 24 and earlier allows remote authenticated attackers to execute arbitrary OS commands via the Management Page. | |||||
| CVE-2016-11017 | 1 Akips | 1 Network Monitor | 2020-01-14 | 10.0 HIGH | 9.8 CRITICAL |
| The application login page in AKIPS Network Monitor 15.37 through 16.5 allows a remote unauthenticated attacker to execute arbitrary OS commands via shell metacharacters in the username parameter (a failed login attempt returns the command-injection output to a limited login failure field). This is fixed in 16.6. | |||||
| CVE-2018-11805 | 2 Apache, Debian | 2 Spamassassin, Debian Linux | 2020-01-13 | 7.2 HIGH | 6.7 MEDIUM |
| In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA 3.4.3, we recommend that users should only use update channels or 3rd party .cf files from trusted places. | |||||
| CVE-2019-10777 | 1 Amazon | 1 Aws Lambda | 2020-01-13 | 7.5 HIGH | 9.8 CRITICAL |
| In aws-lambda versions prior to version 1.0.5, the "config.FunctioName" is used to construct the argument used within the "exec" function without any sanitization. It is possible for a user to inject arbitrary commands to the "zipCmd" used within "config.FunctionName". | |||||
| CVE-2020-5179 | 1 Comtechtel | 2 Stampede Fx-1010, Stampede Fx-1010 Firmware | 2020-01-13 | 9.0 HIGH | 7.2 HIGH |
| Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to execute arbitrary OS commands by navigating to the Diagnostics Ping page and entering shell metacharacters in the Target IP address field. (In some cases, authentication can be achieved with the comtech password for the comtech account.) | |||||
| CVE-2019-10778 | 1 Devcert-sanscache Project | 1 Devcert-sanscache | 2020-01-13 | 7.5 HIGH | 9.8 CRITICAL |
| devcert-sanscache before 0.4.7 allows remote attackers to execute arbitrary code or cause a Command Injection via the exec function. The variable `commonName` controlled by user input is used as part of the `exec` function without any sanitization. | |||||
| CVE-2019-10776 | 1 Git-diff-apply Project | 1 Git-diff-apply | 2020-01-12 | 7.5 HIGH | 9.8 CRITICAL |
| In "index.js" file line 240, the run command executes the git command with a user controlled variable called remoteUrl. This affects git-diff-apply all versions prior to 0.22.2. | |||||
| CVE-2019-15979 | 1 Cisco | 1 Data Center Network Manager | 2020-01-08 | 9.0 HIGH | 7.2 HIGH |
| Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with administrative privileges on the DCNM application to inject arbitrary commands on the underlying operating system (OS). For more information about these vulnerabilities, see the Details section of this advisory. Note: The severity of these vulnerabilities is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one. | |||||
| CVE-2019-6013 | 1 Dlink | 2 Dba-1510p, Dba-1510p Firmware | 2020-01-07 | 6.8 MEDIUM | 6.6 MEDIUM |
| DBA-1510P firmware 1.70b009 and earlier allows authenticated attackers to execute arbitrary OS commands via Command Line Interface (CLI). | |||||
| CVE-2019-6014 | 1 Dlink | 2 Dba-1510p, Dba-1510p Firmware | 2020-01-07 | 8.3 HIGH | 8.8 HIGH |
| DBA-1510P firmware 1.70b009 and earlier allows an attacker to execute arbitrary OS commands via Web User Interface. | |||||
| CVE-2019-20197 | 1 Nagios | 1 Nagios Xi | 2020-01-07 | 9.0 HIGH | 8.8 HIGH |
| In Nagios XI 5.6.9, an authenticated user is able to execute arbitrary OS commands via shell metacharacters in the id parameter to schedulereport.php, in the context of the web-server user account. | |||||
| CVE-2019-10774 | 1 Php-shellcommand Project | 1 Php-shellcommand | 2020-01-03 | 10.0 HIGH | 9.8 CRITICAL |
| php-shellcommand versions before 1.6.1 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2019-18830 | 1 Barco | 8 Clickshare Cs-100, Clickshare Cs-100 Firmware, Clickshare Cse-200 and 5 more | 2019-12-23 | 10.0 HIGH | 9.8 CRITICAL |
| Barco ClickShare Button R9861500D01 devices before 1.9.0 allow OS Command Injection. The embedded 'dongle_bridge' program used to expose the functionalities of the ClickShare Button to a USB host, is vulnerable to OS command injection vulnerabilities. These vulnerabilities could lead to code execution on the ClickShare Button with the privileges of the user 'nobody'. | |||||
| CVE-2019-11399 | 1 Trendnet | 6 Tew-651br, Tew-651br Firmware, Tew-652brp and 3 more | 2019-12-23 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices. OS command injection occurs through the get_set.ccp lanHostCfg_HostName_1.1.1.0.0 parameter. | |||||
| CVE-2019-8513 | 1 Apple | 1 Mac Os X | 2019-12-22 | 7.2 HIGH | 7.8 HIGH |
| This issue was addressed with improved checks. This issue is fixed in macOS Mojave 10.14.4. A local user may be able to execute arbitrary shell commands. | |||||
| CVE-2019-17270 | 1 Yachtcontrol | 1 Yachtcontrol | 2019-12-19 | 10.0 HIGH | 9.8 CRITICAL |
| Yachtcontrol through 2019-10-06: It's possible to perform direct Operating System commands as an unauthenticated user via the "/pages/systemcall.php?command={COMMAND}" page and parameter, where {COMMAND} will be executed and returning the results to the client. Affects Yachtcontrol webservers disclosed via Dutch GPRS/4G mobile IP-ranges. IP addresses vary due to DHCP client leasing of telco's. | |||||
| CVE-2019-16733 | 2 Petwant, Skymee | 4 Pf-103, Pf-103 Firmware, Petalk Ai and 1 more | 2019-12-18 | 10.0 HIGH | 9.8 CRITICAL |
| processCommandSetUid() in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user. | |||||
| CVE-2019-16737 | 2 Petwant, Skymee | 4 Pf-103, Pf-103 Firmware, Petalk Ai and 1 more | 2019-12-18 | 10.0 HIGH | 9.8 CRITICAL |
| The processCommandSetMac() function of libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user. | |||||
| CVE-2019-17364 | 2 Petwant, Skymee | 4 Pf-103, Pf-103 Firmware, Petalk Ai and 1 more | 2019-12-18 | 10.0 HIGH | 9.8 CRITICAL |
| The processCommandUploadLog() function of libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user. | |||||