Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-07 | CVE-2023-49437 | Command Injection vulnerability in Tenda Ax12 Firmware 22.03.01.46 Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'list' parameter at /goform/SetNetControlList. | 9.8 |
| 2023-12-04 | CVE-2023-24046 | Command Injection vulnerability in Connectize Ac21000 G6 Firmware 641.139.1.1256 An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to run arbitrary commands via use of a crafted string in the ping utility. | 6.8 |
| 2023-12-01 | CVE-2023-48801 | Command Injection vulnerability in Totolink X6000R Firmware 9.4.0Cu.852B20230719 In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file sub_415534 function obtains fields from the front-end, connects them through the snprintf function, and passes them to the CsteSystem function, resulting in a command execution vulnerability. | 9.8 |
| 2023-12-01 | CVE-2023-48842 | Command Injection vulnerability in Dlink Go-Rt-Ac750 Firmware 101B03 D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at hedwig.cgi. | 9.8 |
| 2023-12-01 | CVE-2023-43453 | Command Injection vulnerability in Totolink X6000R Firmware 9.4.0Cu.652B20230116/9.4.0Cu.852B20230719 An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the IP parameter of the setDiagnosisCfg component. | 9.8 |
| 2023-12-01 | CVE-2023-43454 | Command Injection vulnerability in Totolink X6000R Firmware 9.4.0Cu.652B20230116/9.4.0Cu.852B20230719 An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the hostName parameter of the switchOpMode component. | 9.8 |
| 2023-12-01 | CVE-2023-43455 | Command Injection vulnerability in Totolink X6000R Firmware 9.4.0Cu.652B20230116/9.4.0Cu.852B20230719 An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the command parameter of the setting/setTracerouteCfg component. | 9.8 |
| 2023-11-30 | CVE-2023-6071 | Command Injection vulnerability in Trellix Enterprise Security Manager 11.6.3/11.6.7/11.6.8 An Improper Neutralization of Special Elements used in a command vulnerability in ESM prior to version 11.6.9 allows a remote administrator to execute arbitrary code as root on the ESM. | 7.2 |
| 2023-11-27 | CVE-2023-49040 | Command Injection vulnerability in Tenda Ax1803 Firmware 1.0.0.1 An issue in Tneda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the adslPwd parameter in the form_fast_setting_internet_set function. | 9.8 |
| 2023-11-23 | CVE-2023-49213 | Command Injection vulnerability in Ironmansoftware Powershell Universal The API endpoints in Ironman PowerShell Universal 3.0.0 through 4.2.0 allow remote attackers to execute arbitrary commands via crafted HTTP requests if a param block is used, due to invalid sanitization of input strings. | 8.8 |