Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-21 | CVE-2023-42810 | Command Injection vulnerability in Systeminformation systeminformation is a System Information Library for Node.JS. | 9.8 |
| 2023-09-20 | CVE-2023-43137 | Command Injection vulnerability in Tp-Link Tl-Er5120G Firmware 2.0.0 TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds ACL rules after authentication, and the rule name parameter has injection points. | 8.8 |
| 2023-09-20 | CVE-2023-43138 | Command Injection vulnerability in Tp-Link Tl-Er5120G Firmware 2.0.0 TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds NAPT rules after authentication, and the rule name has an injection point. | 8.8 |
| 2023-09-20 | CVE-2023-43202 | Command Injection vulnerability in Dlink Dwl-6610Ap Firmware 4.3.0.8B003C D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function pcap_download_handler. | 9.8 |
| 2023-09-20 | CVE-2023-43204 | Command Injection vulnerability in Dlink Dwl-6610Ap Firmware 4.3.0.8B003C D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function sub_2EF50. | 9.8 |
| 2023-09-20 | CVE-2023-43206 | Command Injection vulnerability in Dlink Dwl-6610Ap Firmware 4.3.0.8B003C D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function web_cert_download_handler. | 9.8 |
| 2023-09-20 | CVE-2023-43207 | Command Injection vulnerability in Dlink Dwl-6610Ap Firmware 4.3.0.8B003C D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function config_upload_handler. | 9.8 |
| 2023-09-20 | CVE-2023-43477 | Command Injection vulnerability in Telstra Arcadyan Lh1000 Firmware The ping_from parameter of ping_tracerte.cgi in the web UI of Telstra Smart Modem Gen 2 (Arcadyan LH1000), firmware versions < 0.18.15r, was not properly sanitized before being used in a system call, which could allow an authenticated attacker to achieve command injection as root on the device. | 8.8 |
| 2023-09-18 | CVE-2023-33831 | Command Injection vulnerability in Frangoteam Fuxa 1.1.13 A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request. | 9.8 |
| 2023-09-18 | CVE-2023-34999 | Command Injection vulnerability in Bosch RTS Vlink Virtual Matrix 5.0.0/6.0.0 A command injection vulnerability exists in RTS VLink Virtual Matrix Software Versions v5 (< 5.7.6) and v6 (< 6.5.0) that allows an attacker to perform arbitrary code execution via the admin web interface. | 7.2 |