CVE-2024-53919

HIGH Year: 2024
CVSS v3 Score
7.6
High
Weakness Type
CWE-77
View all →

Vulnerability Description

An injection vulnerability in Barco ClickShare CX-30/20, C-5/10, and ClickShare Bar Pro and Core models, running firmware before 2.21.1, allows physically proximate attackers or local admins to the webUI to trigger OS-level command execution as root.

Related Vulnerabilities

CVE-2015-20107

HIGH
CVSS:7.6(High)

In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into appl...

CWE-772015

CVE-2019-12591

HIGH
CVSS:7.6(High)

NETGEAR Insight Cloud with firmware before Insight 5.6 allows remote authenticated users to achieve command injection.

CWE-772019

CVE-2019-12650

HIGH
CVSS:7.6(High)

Multiple vulnerabilities in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands with elevated privileges on the affected de...

CWE-772019

CVE-2019-12651

HIGH
CVSS:7.6(High)

Multiple vulnerabilities in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands with elevated privileges on the affected de...

CWE-772019

CVE-2019-20761

HIGH
CVSS:7.6(High)

NETGEAR R7800 devices before 1.0.2.62 are affected by command injection by an authenticated user.

CWE-772019

CVE-2022-3086

HIGH
CVSS:7.6(High)

Cradlepoint IBR600 NCOS versions 6.5.0.160bc2e and prior are vulnerable to shell escape, which enables local attackers with non-superuser credentials to gain full, unrestrictive shell access which may...

CWE-772022