Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2017-05-22 CVE-2017-6650 Command Injection vulnerability in Cisco Nx-Os
A vulnerability in the Telnet CLI command of Cisco NX-OS System Software 7.1 through 7.3 running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack.
local
low complexity
cisco CWE-77
7.8
2017-05-22 CVE-2017-6649 Command Injection vulnerability in Cisco Nx-Os
A vulnerability in the CLI of Cisco NX-OS System Software 7.1 through 7.3 running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack.
local
low complexity
cisco CWE-77
7.8
2017-05-19 CVE-2017-6048 Command Injection vulnerability in Satel-Iberia products
A Command Injection issue was discovered in Satel Iberia SenNet Data Logger and Electricity Meters: SenNet Optimal DataLogger V5.37c-1.43c and prior, SenNet Solar Datalogger V5.03-1.56a and prior, and SenNet Multitask Meter V5.21a-1.18b and prior.
network
low complexity
satel-iberia CWE-77
8.8
2017-05-12 CVE-2016-10329 Command Injection vulnerability in Synology Photo Station
Command injection vulnerability in login.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to execute arbitrary code via shell metacharacters in the crafted 'X-Forwarded-For' header.
network
low complexity
synology CWE-77
critical
9.8
2017-05-02 CVE-2015-8257 Command Injection vulnerability in Axis Network Camera Firmware
The devtools.sh script in AXIS network cameras allows remote authenticated users to execute arbitrary commands via shell metacharacters in the app parameter to (1) app_license.shtml, (2) app_license_custom.shtml, (3) app_index.shtml, or (4) app_params.shtml.
network
low complexity
axis CWE-77
8.8
2017-04-24 CVE-2017-2324 Command Injection vulnerability in Juniper Northstar Controller 2.1.0
A command injection vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to cause a denial of service condition.
network
low complexity
juniper CWE-77
5.3
2017-04-21 CVE-2016-1555 Command Injection vulnerability in Netgear products
(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands.
network
low complexity
netgear CWE-77
critical
9.8
2017-04-12 CVE-2017-7722 Command Injection vulnerability in Solarwinds LOG & Event Manager 6.3.1
In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with "cmc" and "password" (the default username and password).
network
low complexity
solarwinds CWE-77
critical
10.0
2017-04-11 CVE-2017-7689 Command Injection vulnerability in Schneider-Electric Homelynk Controller Lss100100 Firmware 1.3.0
A Command Injection vulnerability in Schneider Electric homeLYnk Controller exists in all versions before 1.5.0.
network
low complexity
schneider-electric CWE-77
critical
9.8
2017-04-11 CVE-2016-4989 Command Injection vulnerability in multiple products
setroubleshoot allows local users to bypass an intended container protection mechanism and execute arbitrary commands by (1) triggering an SELinux denial with a crafted file name, which is handled by the _set_tpath function in audit_data.py or via a crafted (2) local_id or (3) analysis_id field in a crafted XML document to the run_fix function in SetroubleshootFixit.py, related to the subprocess.check_output and commands.getstatusoutput functions, a different vulnerability than CVE-2016-4445.
local
high complexity
setroubleshoot-project redhat CWE-77
7.0