CVSS: 9.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-40089
https://notcve.org/view.php?id=CVE-2024-40089
A Command Injection vulnerability in Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, authenticated attackers to execute arbitrary code by injecting shell commands into the name of the Vilo device. • http://vilo.com https://github.com/byu-cybersecurity-research/vilo/blob/main/vulns/CVE-2024-40089.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-41714
https://notcve.org/view.php?id=CVE-2024-41714
A successful exploit could allow an attacker to execute arbitrary commands with elevated privileges within the context of the system. • https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0021 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48659
https://notcve.org/view.php?id=CVE-2024-48659
An issue in DCME-320-L <=9.3.2.114 allows a remote attacker to execute arbitrary code via the log_u_umount.php component. • https://gist.github.com/CLan-nad/a879f7696a58656b384c46bf4ba74e80 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.6EPSS: 0%CPEs: -EXPL: 1CVE-2024-35315
https://notcve.org/view.php?id=CVE-2024-35315
A successful exploit could allow an attacker to run arbitrary code with elevated privileges. • https://github.com/ewilded/CVE-2024-35315-POC https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0016 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-41712
https://notcve.org/view.php?id=CVE-2024-41712
A successful exploit could allow an attacker to execute arbitrary commands on the system within the context of the user. • https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0022 • CWE-94: Improper Control of Generation of Code ('Code Injection') •