CVE-2023-38034

HIGH Year: 2023
CVSS v3 Score
8.3
High
Weakness Type
CWE-77
View all →

Vulnerability Description

A command injection vulnerability in the DHCP Client function of all UniFi Access Points and Switches, excluding the Switch Flex Mini, could allow a Remote Code Execution (RCE). Affected Products: All UniFi Access Points (Version 6.5.53 and earlier) All UniFi Switches (Version 6.5.32 and earlier) -USW Flex Mini excluded. Mitigation: Update UniFi Access Points to Version 6.5.62 or later. Update UniFi Switches to Version 6.5.59 or later.

Related Vulnerabilities

CVE-2020-11789

HIGH
CVSS:8.3(High)

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects R6400v2 before 1.0.4.84, R6700 before 1.0.2.8, R6700v3 before 1.0.4.84, R6900 before 1.0.2.8, and...

CWE-772020

CVE-2024-34347

HIGH
CVSS:8.3(High)

@hoppscotch/cli is a CLI to run Hoppscotch Test Scripts in CI environments. Prior to 0.8.0, the @hoppscotch/js-sandbox package provides a Javascript sandbox that uses the Node.js vm module. However, t...

CWE-772024

CVE-2024-37569

HIGH
CVSS:8.3(High)

An issue was discovered on Mitel 6869i through 4.5.0.41 and 5.x through 5.0.0.1018 devices. A command injection vulnerability exists in the hostname parameter taken in by the provis.html endpoint. The...

CWE-772024

CVE-2024-41637

HIGH
CVSS:8.3(High)

RaspAP before 3.1.5 allows an attacker to escalate privileges: the www-data user has write access to the restapi.service file and also possesses Sudo privileges to execute several critical commands wi...

CWE-772024

CVE-2025-43012

HIGH
CVSS:8.3(High)

In JetBrains Toolbox App before 2.6 command injection in SSH plugin was possible

CWE-772025

CVE-2020-14433

HIGH
CVSS:8.4(High)

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBK842 before 3.2.15.25, RBR850 before 3.2.15.25, RBS...

CWE-772020