CVE-2024-48459

HIGH Year: 2024
CVSS v3 Score
7.3
High
Weakness Type
CWE-78
View all →

Vulnerability Description

A command execution vulnerability exists in the AX2 Pro home router produced by Shenzhen Tenda Technology Co., Ltd. (Jixiang Tenda) v.DI_7003G-19.12.24A1V16.03.29.50;V16.03.29.50;V16.03.29.50. An attacker can exploit this vulnerability by constructing a malicious payload to execute commands and further obtain shell access to the router's file system with the highest privileges.

Related Vulnerabilities

CVE-2019-18934

HIGH
CVSS:7.3(High)

Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was ...

CWE-782019

CVE-2020-28426

HIGH
CVSS:7.3(High)

All versions of package kill-process-on-port are vulnerable to Command Injection via a.getProcessPortId.

CWE-782020

CVE-2020-7778

HIGH
CVSS:7.3(High)

This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands.

CWE-782020

CVE-2021-23380

HIGH
CVSS:7.3(High)

This affects all versions of package roar-pidusage. If attacker-controlled user input is given to the stat function of this package on certain operating systems, it is possible for an attacker to exec...

CWE-782021

CVE-2021-33633

HIGH
CVSS:7.3(High)

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in openEuler aops-ceres on Linux allows Command Injection. This vulnerability is associated wit...

CWE-782021

CVE-2021-43266

HIGH
CVSS:7.3(High)

In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exporting collections via PDF export could lead to code execution via shell metacharacters in a collection name. Additional, in Mahara before 2...

CWE-782021