Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2021-02-17 CVE-2020-7848 Command Injection vulnerability in Iptime C200 Firmware 1.0.12
The EFM ipTIME C200 IP Camera is affected by a Command Injection vulnerability in /login.cgi?logout=1 script.
low complexity
iptime CWE-77
7.7
2021-02-15 CVE-2020-24899 Command Injection vulnerability in Nagios XI 5.7.2
Nagios XI 5.7.2 is affected by a remote code execution (RCE) vulnerability.
network
low complexity
nagios CWE-77
6.5
2021-02-12 CVE-2020-27867 Command Injection vulnerability in Netgear products
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 firmware version 1.2.0.62_1.0.1 routers.
low complexity
netgear CWE-77
7.7
2021-02-12 CVE-2020-27864 Command Injection vulnerability in Dlink Dap-1860 Firmware 1.01B06/1.02B01/1.04B01
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 firmware version 1.04B03 WiFi extenders.
low complexity
dlink CWE-77
8.3
2021-02-12 CVE-2020-27862 Command Injection vulnerability in Dlink Dsl-2888A Firmware and Dva-2800 Firmware
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DVA-2800 and DSL-2888A firmware version 2.3 routers.
low complexity
dlink CWE-77
5.8
2021-02-11 CVE-2021-21976 Command Injection vulnerability in VMWare Vsphere Replication
vSphere Replication 8.3.x prior to 8.3.1.2, 8.2.x prior to 8.2.1.1, 8.1.x prior to 8.1.2.3 and 6.5.x prior to 6.5.1.5 contain a post-authentication command injection vulnerability which may allow an authenticated admin user to perform a remote code execution.
network
low complexity
vmware CWE-77
6.5
2021-02-09 CVE-2020-13117 Command Injection vulnerability in Wavlink Wn575A4 Firmware and Wn579X3 Firmware
Wavlink WN575A4 and WN579X3 devices through 2020-05-15 allow unauthenticated remote users to inject commands via the key parameter in a login request.
network
low complexity
wavlink CWE-77
critical
10.0
2021-02-08 CVE-2021-26576 Command Injection vulnerability in HPE Baseboard Management Controller
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a command injection vulnerability in libifc.so uploadsshkey function.
local
low complexity
hpe CWE-77
7.2
2021-02-08 CVE-2021-25172 Command Injection vulnerability in HPE Baseboard Management Controller
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a command injection vulnerability in libifc.so websetdefaultlangcfg function.
local
low complexity
hpe CWE-77
7.2
2021-02-08 CVE-2021-26541 Command Injection vulnerability in Gitlog Project Gitlog
The gitlog function in src/index.ts in gitlog before 4.0.4 has a command injection vulnerability.
network
low complexity
gitlog-project CWE-77
7.5