Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-15 | CVE-2019-20680 | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 8.0 |
| 2020-04-15 | CVE-2019-20659 | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 7.2 |
| 2020-04-15 | CVE-2019-20655 | Command Injection vulnerability in Netgear Xr500 Firmware and Xr700 Firmware Certain NETGEAR devices are affected by command injection by an authenticated user. | 7.8 |
| 2020-04-15 | CVE-2019-20651 | Command Injection vulnerability in Netgear Wac505 Firmware and Wac510 Firmware Certain NETGEAR devices are affected by command injection by an authenticated user. | 6.7 |
| 2020-04-15 | CVE-2020-11789 | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 9.8 |
| 2020-04-15 | CVE-2020-11770 | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 8.8 |
| 2020-04-15 | CVE-2020-10514 | Command Injection vulnerability in Icatchinc DVR Firmware iCatch DVR firmware before 20200103 do not validate function parameter properly, resulting attackers executing arbitrary command. | 8.8 |
| 2020-04-01 | CVE-2018-11106 | Command Injection vulnerability in Netgear products NETGEAR has released fixes for a pre-authentication command injection in request_handler.php security vulnerability on the following product models: WC7500, running firmware versions prior to 6.5.3.5; WC7520, running firmware versions prior to 2.5.0.46; WC7600v1, running firmware versions prior to 6.5.3.5; WC7600v2, running firmware versions prior to 6.5.3.5; and WC9500, running firmware versions prior to 6.5.3.5. | 9.8 |
| 2020-03-30 | CVE-2019-9507 | Command Injection vulnerability in Vertiv Avocent Umg-4000 Firmware 4.2.1.19 The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to command injection because the application incorrectly neutralizes code syntax before executing. | 7.2 |
| 2020-03-26 | CVE-2020-10826 | Command Injection vulnerability in Draytek products /cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve command injection via a remote HTTP request in DEBUG mode. | 9.8 |