Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2023-10-31 CVE-2023-46485 Command Injection vulnerability in Totolink X6000R Firmware 9.4.0Cu.852B20230719
An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setTracerouteCfg function of the stecgi.cgi component.
network
low complexity
totolink CWE-77
critical
 9.8
9.8
2023-10-31 CVE-2023-46993 Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024
In TOTOLINK A3300R V17.0.0cu.557_B20221024 when dealing with setLedCfg request, there is no verification for the enable parameter, which can lead to command injection.
network
low complexity
totolink CWE-77
critical
 9.8
9.8
2023-10-31 CVE-2023-46976 Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024
TOTOLINK A3300R 17.0.0cu.557_B20221024 contains a command injection via the file_name parameter in the UploadFirmwareFile function.
network
low complexity
totolink CWE-77
critical
 9.8
9.8
2023-10-31 CVE-2023-46979 Command Injection vulnerability in Totolink X6000R Firmware 9.4.0Cu.852B20230719
TOTOLINK X6000R V9.4.0cu.852_B20230719 was discovered to contain a command injection vulnerability via the enable parameter in the setLedCfg function.
network
low complexity
totolink CWE-77
critical
 9.8
9.8
2023-10-28 CVE-2023-43322 Command Injection vulnerability in Zpesystems Nodegrid OS
ZPE Systems, Inc Nodegrid OS v5.0.0 to v5.0.17, v5.2.0 to v5.2.19, v5.4.0 to v5.4.16, v5.6.0 to v5.6.13, v5.8.0 to v5.8.10, and v5.10.0 to v5.10.3 was discovered to contain a command injection vulnerability via the endpoint /v1/system/toolkit/files/.
network
low complexity
zpesystems CWE-77
8.8
8.8
2023-10-27 CVE-2023-45498 Command Injection vulnerability in Vinchin Backup and Recovery
VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain a command injection vulnerability.
network
low complexity
vinchin CWE-77
critical
 9.8
9.8
2023-10-25 CVE-2023-46408 Command Injection vulnerability in Totolink X6000R Firmware 9.4.0Cu.652B20230116
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ The 41DD80 function.
network
low complexity
totolink CWE-77
critical
 9.8
9.8
2023-10-25 CVE-2023-46409 Command Injection vulnerability in Totolink X6000R Firmware 9.4.0Cu.652B20230116
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ 41CC04 function.
network
low complexity
totolink CWE-77
critical
 9.8
9.8
2023-10-25 CVE-2023-46410 Command Injection vulnerability in Totolink X6000R Firmware 9.4.0Cu.652B20230116
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ The 416F60 function.
network
low complexity
totolink CWE-77
critical
 9.8
9.8
2023-10-25 CVE-2023-46411 Command Injection vulnerability in Totolink X6000R Firmware 9.4.0Cu.652B20230116
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_415258 function.
network
low complexity
totolink CWE-77
critical
 9.8
9.8