CVE-2024-7203

HIGH Year: 2024
CVSS v3 Score
7.2
High
Weakness Type
CWE-78
View all →

Vulnerability Description

A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.60 through V5.38 and USG FLEX series firmware versions from V4.60 through V5.38 could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device by executing a crafted CLI command.

Related Vulnerabilities

CVE-2013-3322

HIGH
CVSS:7.2(High)

NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to inject arbitrary commands in the Halt/Reboot interface.

CWE-782013

CVE-2015-2201

HIGH
CVSS:7.2(High)

Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows VisualRF remote OS command execution and file disclosure by administrative users.

CWE-782015

CVE-2016-11021

HIGH
CVSS:7.2(High)

setSystemCommand on D-Link DCS-930L devices before 2.12 allows a remote attacker to execute code via an OS command in the SystemCommand parameter.

CWE-782016

CVE-2016-11022

HIGH
CVSS:7.2(High)

NETGEAR Prosafe WC9500 5.1.0.17, WC7600 5.1.0.17, and WC7520 2.5.0.35 devices allow a remote attacker to execute code with root privileges via shell metacharacters in the reqMethod parameter to login_...

CWE-782016

CVE-2016-11054

HIGH
CVSS:7.2(High)

NETGEAR DGN2200v4 devices before 2017-01-06 are affected by command execution and an FTP insecure root directory.

CWE-782016

CVE-2016-6373

HIGH
CVSS:7.2(High)

The web-based GUI in Cisco Cloud Services Platform (CSP) 2100 2.0 allows remote authenticated administrators to execute arbitrary OS commands as root via crafted platform commands, aka Bug ID CSCva005...

CWE-782016