Critical
CVE-2020-15123
In codecov (npm package) before version 3.7.1 the upload method has a command injection vulnerability. Clients of the codecov-node library are unlikely to be aware of this, so they might unwittingly…
Tag: Command Injection
All CVEs associated with "Command Injection". Page 41/48 • 5730 CVEs.
Subscribe CVEs: RSS for “Command Injection” · RSS (High+Critical only)
About “Command Injection”
A curated feed of “Command Injection”-related CVEs appears below. We currently track 5730 CVEs for this tag (all time). In the last 365 days, 1683 were published. Average CVSS is 8.2 (all time; 7.8 over 365d), and 79% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection'), CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection').
In our taxonomy this topic maps to a VERY HIGH impact class. Common exploitation patterns for this weakness can lead to very high. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2020-07-20
2020-07-17
Critical
CVE-2020-5759
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via SSH. An authenticated remote attacker can execute commands as the root user by issuing a spec…
High
CVE-2020-5758
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can execute commands as the root user by sending a cra…
Critical
CVE-2020-5757
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can bypass command injection mitigations and execute c…
High
CVE-2020-9688
Adobe Download Manager version 2.0.0.518 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.
High
CVE-2020-11978
An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any aut…
2020-07-15
Critical
CVE-2020-8178
Insufficient input validation in npm package `jison` <= 0.4.18 may lead to OS command injection attacks.
Critical
CVE-2020-14505
Advantech iView, versions 5.6 and prior, has an improper neutralization of special elements used in a command (“command injection”) vulnerability. Successful exploitation of this vulnerability may al…
2020-07-14
Medium
CVE-2020-11084
In iPear, the manual execution of the eval() function can lead to command injection. Only PCs where commands are manually executed via "For Developers" are affected. This function allows executing an…
2020-07-10
Critical
CVE-2020-8186
A command injection vulnerability in the `devcert` module may lead to remote code execution when users of the module pass untrusted input to the `certificateFor` function.
2020-07-08
High
CVE-2020-2034
An OS Command Injection vulnerability in the PAN-OS GlobalProtect portal allows an unauthenticated network based attacker to execute arbitrary OS commands with root privileges. An attacker requires s…
High
CVE-2020-2030
An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts PAN-OS 8.1…
2020-07-06
High
CVE-2020-5352
Dell EMC Data Protection Advisor 6.4, 6.5 and 18.1 contain an OS command injection vulnerability. A remote authenticated malicious user may exploit this vulnerability to execute arbitrary commands on…
2020-07-01
Critical
CVE-2019-15310
An issue was discovered on various devices via the Linkplay firmware. There is WAN remote code execution without user interaction. An attacker could retrieve the AWS key from the firmware and obtain…
2020-06-26
Critical
CVE-2020-9583
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrar…
Critical
CVE-2020-9582
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrar…
Critical
CVE-2020-9578
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrar…
Critical
CVE-2020-9576
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrar…
Medium
CVE-2020-9047
A vulnerability exists that could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.06.3.0 and prior and exacqVision Enterpr…
2020-06-25
Critical
CVE-2018-21268
The traceroute (aka node-traceroute) package through 1.0.0 for Node.js allows remote command injection via the host parameter. This occurs because the Child.exec() method, which is considered to be n…
2020-06-24
Critical
CVE-2020-14472
On Draytek Vigor3900, Vigor2960, and Vigor 300B devices before 1.5.1.1, there are some command-injection vulnerabilities in the mainfunction.cgi file.
2020-06-23
Critical
CVE-2020-12782
Openfind MailGates contains a Command Injection flaw, when receiving email with specific strings, malicious code in the mail attachment will be triggered and gain unauthorized access to system files.
2020-06-22
Critical
CVE-2020-13159
Artica Proxy before 4.30.000000 Community Edition allows OS command injection via the Netbios name, Server domain name, dhclient_mac, Hostname, or Alias field. NOTE: this may overlap CVE-2020-10818.
Low
CVE-2020-4066
In Limdu before 0.95, the trainBatch function has a command injection vulnerability. Clients of the Limdu library are unlikely to be aware of this, so they might unwittingly write code that contains…
2020-06-18
High
CVE-2020-4059
In mversion before 2.0.0, there is a command injection vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This vu…
High
CVE-2020-14442
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15…
High
CVE-2020-14441
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15…
High
CVE-2020-14440
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15…
High
CVE-2020-14439
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15…
High
CVE-2020-14438
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15…
High
CVE-2020-14437
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15…
High
CVE-2020-14436
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15…
High
CVE-2020-14435
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects SRK60 before 2.5.2.104, SRS60 before 2.5.2.104, SRR60 before 2.5.2.104, SRK60B03 before 2.5.2.10…
Medium
CVE-2020-14434
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, R…
Medium
CVE-2020-14433
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBK842 before 3.2.15.25, RBR850 before 3.2.15.25, RB…
2020-06-10
High
CVE-2020-2029
An OS Command Injection vulnerability in the PAN-OS web management interface allows authenticated administrators to execute arbitrary OS commands with root privileges by sending a malicious request t…
High
CVE-2020-2028
An OS Command Injection vulnerability in PAN-OS management server allows authenticated administrators to execute arbitrary OS commands with root privileges when uploading a new certificate in FIPS-CC…
High
CVE-2020-4432
Certain IBM Aspera applications are vulnerable to command injection after valid authentication, which could allow an attacker with intimate knowledge of the system to execute commands in a SOAP API.…
2020-06-03
Medium
CVE-2020-3207
A vulnerability in the processing of boot options of specific Cisco IOS XE Software switches could allow an authenticated, local attacker with root shell access to the underlying operating system (OS…
High
CVE-2020-13782
D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection.
High
CVE-2020-2200
Jenkins Play Framework Plugin 1.0.2 and earlier lets users specify the path to the `play` command on the Jenkins master for a form validation endpoint, resulting in an OS command injection vulnerabil…
2020-06-01
Critical
CVE-2014-8945
admin.php?page=projects in Lexiglot through 2014-11-20 allows command injection via username and password fields.
Critical
CVE-2014-7173
FarLinX X25 Gateway through 2014-09-25 allows command injection via shell metacharacters to sysSaveMonitorData.php, fsx25MonProxy.php, syseditdate.php, iframeupload.php, or sysRestoreX25Cplt.php.
High
CVE-2020-13448
QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8 allows an authenticated remote attacker to execute code on the server via command injection in the servicestart parameter.
2020-05-26
High
CVE-2020-12393
The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted…
Critical
CVE-2020-8171
We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the…
2020-05-19
High
CVE-2020-11766
sendfax.php in iFAX AvantFAX before 3.3.6 and HylaFAX Enterprise Web Interface before 0.2.5 allows authenticated Command Injection.
2020-05-13
High
CVE-2020-2014
An OS Command Injection vulnerability in PAN-OS management server allows authenticated users to inject and execute arbitrary shell commands with root privileges. This issue affects: All versions of P…
High
CVE-2020-2010
An OS command injection vulnerability in PAN-OS management interface allows an authenticated administrator to execute arbitrary OS commands with root privileges. This issue affects: All versions of P…
High
CVE-2020-2008
An OS command injection and external control of filename vulnerability in Palo Alto Networks PAN-OS allows authenticated administrators to execute code with root privileges or delete arbitrary system…
High
CVE-2020-2007
An OS command injection vulnerability in the management server component of PAN-OS allows an authenticated user to potentially execute arbitrary commands with root privileges. This issue affects: All…
2020-05-07
Critical
CVE-2020-7805
An issue was discovered on KT Slim egg IML500 (R7283, R8112, R8424) and IML520 (R8112, R8368, R8411) wifi device. This issue is a command injection allowing attackers to execute arbitrary OS commands.
High
CVE-2020-6651
Improper Input Validation in Eaton's Intelligent Power Manager (IPM) v 1.67 & prior on file name during configuration file import functionality allows attackers to perform command injection or code e…
2020-05-04
High
CVE-2020-5332
RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain a command injection vulnerability. AN authenticated malicious user with administrator privileges could potentially exploit this vulnerability t…
High
CVE-2020-12109
Certain TP-Link devices allow Command Injection. This affects NC200 2.1.9 build 200225, NC210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1…
High
CVE-2020-12111
Certain TP-Link devices allow Command Injection. This affects NC260 1.5.2 build 200304 and NC450 1.5.3 build 200304.
High
CVE-2020-1631
A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP) allows an un…
2020-05-01
High
CVE-2020-7351
An OS Command Injection vulnerability in the endpoint_devicemap.php component of Fonality Trixbox Community Edition allows an attacker to execute commands on the underlying operating system as the "a…
2020-04-30
High
CVE-2019-19220
BMC Control-M/Agent 7.0.00.000 allows OS Command Injection (issue 2 of 2).
High
CVE-2019-19217
BMC Control-M/Agent 7.0.00.000 allows OS Command Injection.
2020-04-29
Critical
CVE-2019-5623
Accellion File Transfer Appliance version FTA_8_0_540 suffers from an instance of CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection').
Medium
CVE-2017-18856
NETGEAR ReadyNAS devices before 6.6.1 are affected by command injection.
Medium
CVE-2017-18854
NETGEAR ReadyNAS 6.6.1 and earlier is affected by command injection.
High
CVE-2020-12246
Beeline Smart Box 2.0.38 routers allow "Advanced settings > Other > Diagnostics" OS command injection via the Ping ping_ipaddr parameter, the Nslookup nslookup_ipaddr parameter, or the Traceroute tra…
2020-04-28
Medium
CVE-2018-21225
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7000 before 1.0.1.60, D7800 before 1.0.1.34, D8500 before 1.0.3.39, R6700 before 1.0.1.30, R6700v2 be…
High
CVE-2018-21208
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7500v2 before 1.0.3.24, WNDR4300v2 before 1.0.0.5…
2020-04-27
Medium
CVE-2018-21157
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.28, R6700 before 1.0.1.44, R6900 before 1.0.1.44, R7000 before 1.0.9.28, R7500v2 be…
Medium
CVE-2018-21154
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 b…
Medium
CVE-2018-21152
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.34, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 be…
High
CVE-2018-21100
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.
High
CVE-2018-21099
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.
Medium
CVE-2018-21098
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.
High
CVE-2020-11941
An issue was discovered in Open-AudIT 3.2.2. There is OS Command injection in Discovery.
2020-04-24
Medium
CVE-2018-21228
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.34, EX6100v2 before 1.0.1.50, EX6150v2 before 1.0.1.50, EX6200v2 before 1.0.1.44, E…
Medium
CVE-2018-21227
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.34, R6400v2 before 1.0.2.34, R6700 before 1.0.1.30, R6900 before 1.0.1.30, R6900P b…
2020-04-23
High
CVE-2018-21164
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R6220 before 1.1.0.64 and WNDR3700v5 before 1.1.0.54.
Critical
CVE-2018-21162
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D6400 before 1.0.0.78, EX6200 before 1.0.3.86, EX7000 before 1.0.0.64, R6250 before 1.0.4.8, R63…
Medium
CVE-2018-21110
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.
Medium
CVE-2018-21109
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.
Medium
CVE-2018-21108
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.
Medium
CVE-2018-21107
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.
Medium
CVE-2018-21106
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.
Medium
CVE-2019-17101
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in firmware versions prior to x.xx of Netatmo Smart Indoor Camera allows an attacker to execute comma…
Medium
CVE-2018-21105
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.
Medium
CVE-2018-21104
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.
Medium
CVE-2018-21103
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.
High
CVE-2018-21101
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.
High
CVE-2017-18737
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0…
High
CVE-2017-18736
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects JR6150 before 1.0.1.10, R6050 before 1.0.1.10, R6220 before 1.1.0.50, R6700v2 before 1.2.0.4, R6…
High
CVE-2017-18735
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects JR6150 before 1.0.1.10, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6700v2 before 1.2.0.4, R…
High
CVE-2017-18734
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0…
2020-04-22
Medium
CVE-2020-7350
Rapid7 Metasploit Framework versions before 5.0.85 suffers from an instance of CWE-78: OS Command Injection, wherein the libnotify plugin accepts untrusted user-supplied data via a remote computer's…
High
CVE-2018-21130
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17.
High
CVE-2018-21127
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17.
Medium
CVE-2017-18754
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WNDR3700v4 before 1.0.2.88, WNDR4300v1 before 1.0.2.90, and WNR2000v5 before 1.0.0.58.
High
CVE-2018-21126
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17.
High
CVE-2018-21123
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WC7500 before 6.5.3.9, WC7520 before 6.5.3.9, WC7600v1 before 6.5.3.9, and WC7600v2 before 6.5.3…
Medium
CVE-2018-21119
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WAC505 before 5.0.5.4 and WAC510 before 5.0.5.4.
Medium
CVE-2017-18767
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.34, D8500 before 1.0.3.39, R6400 before 1.0.1.14, R6400v2 before 1.0.2.32, R6700 be…
High
CVE-2017-18764
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D6100 before 1.0.0.55, D7000 before 1.0.1.50, D7800 before 1.0.1.28, JNR1010v2 before 1.1.0.44,…
High
CVE-2017-18762
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D3600 before 1.0.0.68, D6000 before 1.0.0.68, D6100 before 1.0.0.57, R6100 before 1.0.1.16, R690…
Medium
CVE-2018-21114
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.44, EX6150v2 before 1.0.1.70, EX6100v2 before 1.0.1.70, EX6200v2 before 1.0.1.64, E…
High
CVE-2018-21113
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D6100 before 1.0.0.58, D7800 before 1.0.1.42, R6100 before 1.0.1.28, R7500 before 1.0.0.130, R75…
Medium
CVE-2018-21112
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.44, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.12, and R900…
High
CVE-2017-18787
Certain NETGEAR devices are affected by command injection. This affects D6200 before 1.1.00.24, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.12, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20,…
High
CVE-2017-18786
Certain NETGEAR devices are affected by command injection. This affects D6200 before 1.1.00.24, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.12, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20,…
Medium
CVE-2017-18773
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6100 before V1.0.0.55, D7800 before V1.0.1.24, EX6150v2 before 1.0.0.48, R6100 before 1.0.1.14, R7500…
Medium
CVE-2017-18788
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D6200 before 1.1.00.24, D6220 bef…
2020-04-21
Medium
CVE-2018-21146
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.34, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR4300v2…
Medium
CVE-2017-18801
Certain NETGEAR devices are affected by command injection. This affects R6220 before 1.1.0.50, R6700v2 before 1.1.0.38, R6800 before 1.1.0.38, WNDR3700v5 before 1.1.0.48, and D7000 before 1.0.1.50.
Medium
CVE-2017-18796
Certain NETGEAR devices are affected by command injection. This affects R6400 before 1.0.1.24, R6700 before 1.0.1.26, R6900 before 1.0.1.28, R7000 before 1.0.9.10, R7000P before 1.0.1.16, R6900P befo…
Medium
CVE-2017-18795
Certain NETGEAR devices are affected by command injection. This affects D6220 before 1.0.0.28 and D6100 before 1.0.0.50_0.0.50.
High
CVE-2017-18794
Certain NETGEAR devices are affected by command injection. This affects R6300v2 before 1.0.4.8_10.0.77, R6400 before 1.0.1.24, R6700 before 1.0.1.26, R7000 before 1.0.9.10, R7100LG before 1.0.0.32, R…
Medium
CVE-2017-18793
NETGEAR R7800 devices before 1.0.2.36 are affected by command injection.
High
CVE-2017-18792
NETGEAR D6100 devices before 1.0.0.50_0.0.50 are affected by command injection.
Medium
CVE-2017-18805
Certain NETGEAR devices are affected by command injection. This affects WAC510 before 1.3.0.10, WAC120 before 2.1.4, WNDAP620 before 2.1.3, WND930 before 2.1.2, WN604 before 3.3.7, WNDAP660 before 3.…
Medium
CVE-2017-18804
Certain NETGEAR devices are affected by command injection. This affects R7800 before 1.0.2.16 and R9000 before 1.0.2.4.
Medium
CVE-2017-18802
Certain NETGEAR devices are affected by command injection. This affects R6100 before 1.0.1.14, R7500 before 1.0.0.110, R7500v2 before 1.0.3.16, R7800 before 1.0.2.32, EX6200v2 before 1.0.1.50, and D7…
Medium
CVE-2017-18806
Certain NETGEAR devices are affected by command injection. This affects WAC510 before 1.3.0.10, WAC120 before 2.1.4, WNDAP620 before 2.1.3, WND930 before 2.1.2, WN604 before 3.3.7, WNDAP660 before 3.…
2020-04-20
High
CVE-2017-18849
Certain NETGEAR devices are affected by command injection. This affects D6220 before 1.0.0.26, D6400 before 1.0.0.60, D8500 before 1.0.3.29, R6250 before 1.0.4.12, R6400 before 1.01.24, R6400v2 befor…