CVE-2024-44072

MEDIUM Year: 2024
CVSS v3 Score
5.7
Medium
Weakness Type
CWE-78
View all →

Vulnerability Description

OS command injection vulnerability exists in BUFFALO wireless LAN routers and wireless LAN repeaters. If a user logs in to the management page and sends a specially crafted request to the affected product from the product's specific management page, an arbitrary OS command may be executed.

Related Vulnerabilities

CVE-2023-50358

MEDIUM
CVSS:5.8(Medium)

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have a...

CWE-782023

CVE-2020-7789

MEDIUM
CVSS:5.6(Medium)

This affects the package node-notifier before 9.0.0. It allows an attacker to run arbitrary commands on Linux machines due to the options params not being sanitised when being passed an array.

CWE-782020

CVE-2021-24033

MEDIUM
CVSS:5.6(Medium)

react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts...

CWE-782021

CVE-2016-6459

MEDIUM
CVSS:5.5(Medium)

Cisco TelePresence endpoints running either CE or TC software contain a vulnerability that could allow an authenticated, local attacker to execute a local shell command injection. More Information: CS...

CWE-782016

CVE-2016-7844

MEDIUM
CVSS:5.5(Medium)

GigaCC OFFICE ver.2.3 and earlier allows remote attackers to execute arbitrary OS commands via specially crafted mail template.

CWE-782016

CVE-2019-14337

MEDIUM
CVSS:5.5(Medium)

An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is an ability to escape to a shell in the restricted command line interface, as demonstrated by the `/bin...

CWE-782019