CVE-2023-27407

CRITICAL Year: 2023
CVSS v3 Score
9.9
Critical
Weakness Type
CWE-77
View all →

Vulnerability Description

A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). The web based management of affected device does not properly validate user input, making it susceptible to command injection. This could allow an authenticated remote attacker to access the underlying operating system as the root user.

Related Vulnerabilities

CVE-2016-2396

CRITICAL
CVSS:9.9(Critical)

The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote authenticated users to execute arbitrary commands via vec...

CWE-772016

CVE-2022-26042

CRITICAL
CVSS:9.9(Critical)

An OS command injection vulnerability exists in the daretools binary functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. A...

CWE-772022

CVE-2022-26085

CRITICAL
CVSS:9.9(Critical)

An OS command injection vulnerability exists in the httpd wlscan_ASP functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary command execution. An a...

CWE-772022

CVE-2022-36786

CRITICAL
CVSS:9.9(Critical)

DLINK - DSL-224 Post-auth RCE. DLINK router version 3.0.8 has an interface where you can configure NTP servers (Network Time Protocol) via jsonrpc API. It is possible to inject a command through this ...

CWE-772022

CVE-2022-46641

CRITICAL
CVSS:9.9(Critical)

D-Link DIR-846 A1_FW100A43 was discovered to contain a command injection vulnerability via the lan(0)_dhcps_staticlist parameter in the SetIpMacBindSettings function.

CWE-772022

CVE-2022-46642

CRITICAL
CVSS:9.9(Critical)

D-Link DIR-846 A1_FW100A43 was discovered to contain a command injection vulnerability via the auto_upgrade_hour parameter in the SetAutoUpgradeInfo function.

CWE-772022