Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-16 | CVE-2023-21413 | Command Injection vulnerability in Axis OS GoSecure on behalf of Genetec Inc. | 7.2 |
| 2023-10-16 | CVE-2023-36953 | Command Injection vulnerability in Totolink Cp300+ Firmware 5.2Cu.7594B20200910 TOTOLINK CP300+ V5.2cu.7594_B20200910 and before is vulnerable to command injection. | 9.8 |
| 2023-10-16 | CVE-2023-36954 | Command Injection vulnerability in Totolink Cp300+ Firmware 5.2Cu.7594B20200910 TOTOLINK CP300+ V5.2cu.7594_B20200910 and before is vulnerable to command injection. | 9.8 |
| 2023-10-14 | CVE-2023-26155 | Command Injection vulnerability in Nrhirani Node-Qpdf All versions of the package node-qpdf are vulnerable to Command Injection such that the package-exported method encrypt() fails to sanitize its parameter input, which later flows into a sensitive command execution API. | 9.8 |
| 2023-10-14 | CVE-2023-45852 | Command Injection vulnerability in Viessmann Vitogate 300 Firmware 2.1.3.0 In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method. | 9.8 |
| 2023-10-13 | CVE-2023-45465 | Command Injection vulnerability in Netis-Systems N3M Firmware 1.0.1.865 Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the ddnsDomainName parameter in the Dynamic DNS settings. | 9.8 |
| 2023-10-13 | CVE-2023-45466 | Command Injection vulnerability in Netis-Systems N3Mv2 Firmware 1.0.1.865 Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the pin_host parameter in the WPS Settings. | 9.8 |
| 2023-10-11 | CVE-2023-32632 | Command Injection vulnerability in Yifanwireless Yf325 Firmware 1.020221108 A command execution vulnerability exists in the validate.so diag_ping_start functionality of Yifan YF325 v1.0_20221108. | 9.8 |
| 2023-10-11 | CVE-2023-26319 | Command Injection vulnerability in MI Xiaomi Router Ax3200 Firmware Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Xiaomi Xiaomi Router allows Command Injection. | 7.2 |
| 2023-10-11 | CVE-2023-26320 | Command Injection vulnerability in MI Xiaomi Router Ax3200 Firmware Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Xiaomi Xiaomi Router allows Command Injection. | 8.1 |