CVE-2024-47460

CRITICAL Year: 2024
CVSS v3 Score
9.0
Critical
Weakness Type
CWE-77
View all →

Vulnerability Description

Command injection vulnerability in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Related Vulnerabilities

CVE-2018-3963

CRITICAL
CVSS:9.0(Critical)

An exploitable command injection vulnerability exists in the DHCP daemon configuration of the CUJO Smart Firewall. When adding a new static DHCP address, its corresponding hostname is inserted into th...

CWE-772018

CVE-2021-29071

CRITICAL
CVSS:9.0(Critical)

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS...

CWE-772021

CVE-2023-6940

CRITICAL
CVSS:9.0(Critical)

with only one user interaction(download a malicious config), attackers can gain full command execution on the victim system.

CWE-772023

CVE-2024-2366

CRITICAL
CVSS:9.0(Critical)

A remote code execution vulnerability exists in the parisneo/lollms-webui application, specifically within the reinstall_binding functionality in lollms_core/lollms/server/endpoints/lollms_binding_inf...

CWE-772024

CVE-2024-29385

CRITICAL
CVSS:9.0(Critical)

DIR-845L router <= v1.01KRb03 has an Unauthenticated remote code execution vulnerability in the cgibin binary via soapcgi_main function.

CWE-772024

CVE-2016-8628

CRITICAL
CVSS:9.1(Critical)

Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitr...

CWE-772016