CVE-2024-22900
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the setNetworkCardIn
CVSS
8.8
Alto
EPSS
1.9%
p77
KEV
—
Exploit Today
23
0-100
Publicado: 2 feb 2024 · Última mod.: 9 jul 2026 · CWE-77
1.9%EPSS · 30 días1.9%
2026-06-302026-07-16
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the setNetworkCardInfo function.
- blog.leakix.nethttps://blog.leakix.net/2024/01/vinchin-backup-rce-chain/
- seclists.orghttps://seclists.org/fulldisclosure/2024/Jan/29
- packetstormsecurity.comhttp://packetstormsecurity.com/files/176788/Vinchin-Backup-And-Recovery-7.2-setNetworkCardInfo-Command-Injection.html
- seclists.orghttp://seclists.org/fulldisclosure/2024/Jan/26
- blog.leakix.nethttps://blog.leakix.net/2024/01/vinchin-backup-rce-chain/
- seclists.orghttps://seclists.org/fulldisclosure/2024/Jan/29
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2026-422718.8 ALT99.6%
KEV—80BerriAI LiteLLM Command Injection Vulnerability2dCVE-2023-349609.8 CRÍ99.9%
——30A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.8dCVE-2023-376799.8 CRÍ99.9%
——30A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server.8dCVE-2026-80379.6 CRÍ98.6%
——30OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints3dCVE-2022-457018.8 ALT98.5%
——30Arris TG2482A firmware through 9.1.103GEM9 allow Remote Code Execution (RCE) via the ping utility feature.8dCVE-2023-337828.8 ALT98.3%
——30D-Link DIR-842V2 v1.0.3 was discovered to contain a command injection vulnerability via the iperf3 diagnostics function.8d