Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2023-10-31 CVE-2023-46976 Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024
TOTOLINK A3300R 17.0.0cu.557_B20221024 contains a command injection via the file_name parameter in the UploadFirmwareFile function.
network
low complexity
totolink CWE-77
critical
 9.8
9.8
2023-10-31 CVE-2023-46979 Command Injection vulnerability in Totolink X6000R Firmware 9.4.0Cu.852B20230719
TOTOLINK X6000R V9.4.0cu.852_B20230719 was discovered to contain a command injection vulnerability via the enable parameter in the setLedCfg function.
network
low complexity
totolink CWE-77
critical
 9.8
9.8
2023-10-28 CVE-2023-43322 Command Injection vulnerability in Zpesystems Nodegrid OS
ZPE Systems, Inc Nodegrid OS v5.0.0 to v5.0.17, v5.2.0 to v5.2.19, v5.4.0 to v5.4.16, v5.6.0 to v5.6.13, v5.8.0 to v5.8.10, and v5.10.0 to v5.10.3 was discovered to contain a command injection vulnerability via the endpoint /v1/system/toolkit/files/.
network
low complexity
zpesystems CWE-77
8.8
8.8
2023-10-27 CVE-2023-45498 Command Injection vulnerability in Vinchin Backup and Recovery 6.5.0.17561
VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain a command injection vulnerability.
network
low complexity
vinchin CWE-77
critical
 9.8
9.8
2023-10-25 CVE-2023-46408 Command Injection vulnerability in Totolink X6000R Firmware 9.4.0Cu.652B20230116
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ The 41DD80 function.
network
low complexity
totolink CWE-77
critical
 9.8
9.8
2023-10-25 CVE-2023-46409 Command Injection vulnerability in Totolink X6000R Firmware 9.4.0Cu.652B20230116
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ 41CC04 function.
network
low complexity
totolink CWE-77
critical
 9.8
9.8
2023-10-25 CVE-2023-46410 Command Injection vulnerability in Totolink X6000R Firmware 9.4.0Cu.652B20230116
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ The 416F60 function.
network
low complexity
totolink CWE-77
critical
 9.8
9.8
2023-10-25 CVE-2023-46411 Command Injection vulnerability in Totolink X6000R Firmware 9.4.0Cu.652B20230116
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_415258 function.
network
low complexity
totolink CWE-77
critical
 9.8
9.8
2023-10-25 CVE-2023-46412 Command Injection vulnerability in Totolink X6000R Firmware 9.4.0Cu.652B20230116
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_41D998 function.
network
low complexity
totolink CWE-77
critical
 9.8
9.8
2023-10-25 CVE-2023-46413 Command Injection vulnerability in Totolink X6000R Firmware 9.4.0Cu.652B20230116
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_4155DC function.
network
low complexity
totolink CWE-77
critical
 9.8
9.8