CVE-2018-3963

CRITICAL Year: 2018
CVSS v3 Score
9.0
Critical
CVSS v2 Score
7.7
High
Weakness Type
CWE-77
View all →

Vulnerability Description

An exploitable command injection vulnerability exists in the DHCP daemon configuration of the CUJO Smart Firewall. When adding a new static DHCP address, its corresponding hostname is inserted into the dhcpd.conf file without prior sanitization, allowing for arbitrary execution of system commands. To trigger this vulnerability, an attacker can send a DHCP request message and set up the corresponding static DHCP entry.

Related Vulnerabilities

CVE-2021-29071

CRITICAL
CVSS:9.0(Critical)

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS...

CWE-772021

CVE-2023-6940

CRITICAL
CVSS:9.0(Critical)

with only one user interaction(download a malicious config), attackers can gain full command execution on the victim system.

CWE-772023

CVE-2024-2366

CRITICAL
CVSS:9.0(Critical)

A remote code execution vulnerability exists in the parisneo/lollms-webui application, specifically within the reinstall_binding functionality in lollms_core/lollms/server/endpoints/lollms_binding_inf...

CWE-772024

CVE-2024-29385

CRITICAL
CVSS:9.0(Critical)

DIR-845L router <= v1.01KRb03 has an Unauthenticated remote code execution vulnerability in the cgibin binary via soapcgi_main function.

CWE-772024

CVE-2024-47460

CRITICAL
CVSS:9.0(Critical)

Command injection vulnerability in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point manage...

CWE-772024

CVE-2016-8628

CRITICAL
CVSS:9.1(Critical)

Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitr...

CWE-772016