CVE-2024-34338

HIGH Year: 2024
CVSS v3 Score
7.2
High
Weakness Type
CWE-77
View all →

Vulnerability Description

Tenda O3V2 with firmware versions V1.0.0.10 and V1.0.0.12 was discovered to contain a Blind Command Injection via dest parameter in /goform/getTraceroute. This vulnerability allows attackers to execute arbitrary commands with root privileges. Authentication is required to exploit this vulnerability.

Related Vulnerabilities

CVE-2015-4046

HIGH
CVSS:7.2(High)

The asset discovery scanner in AlienVault OSSIM before 5.0.1 allows remote authenticated users to execute arbitrary commands via the assets array parameter to netscan/do_scan.php.

CWE-772015

CVE-2016-6656

HIGH
CVSS:7.2(High)

An issue was discovered in Pivotal Greenplum before 4.3.10.0. Creation of external tables using GPHDFS protocol has a vulnerability whereby arbitrary commands can be injected into the system. In order...

CWE-772016

CVE-2016-8801

HIGH
CVSS:7.2(High)

Huawei OceanStor 5600 V3 with V300R003C00C10 and earlier versions allows attackers with administrator privilege to inject a command into a specific command's parameters, and run this injected command ...

CWE-772016

CVE-2016-9553

HIGH
CVSS:7.2(High)

The Sophos Web Appliance (version 4.2.1.3) is vulnerable to two Remote Command Injection vulnerabilities affecting its web administrative interface. These vulnerabilities occur in the MgrReport.php (/...

CWE-772016

CVE-2016-9554

HIGH
CVSS:7.2(High)

The Sophos Web Appliance Remote / Secure Web Gateway server (version 4.2.1.3) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. These vulnerabilities occur...

CWE-772016

CVE-2017-12075

HIGH
CVSS:7.2(High)

Command injection vulnerability in EZ-Internet in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to execute arbitrary command via the username parameter.

CWE-772017