Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-20 | CVE-2023-43206 | Command Injection vulnerability in Dlink Dwl-6610Ap Firmware 4.3.0.8B003C D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function web_cert_download_handler. | 9.8 |
| 2023-09-20 | CVE-2023-43207 | Command Injection vulnerability in Dlink Dwl-6610Ap Firmware 4.3.0.8B003C D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function config_upload_handler. | 9.8 |
| 2023-09-20 | CVE-2023-43477 | Command Injection vulnerability in Telstra Arcadyan Lh1000 Firmware The ping_from parameter of ping_tracerte.cgi in the web UI of Telstra Smart Modem Gen 2 (Arcadyan LH1000), firmware versions < 0.18.15r, was not properly sanitized before being used in a system call, which could allow an authenticated attacker to achieve command injection as root on the device. | 8.8 |
| 2023-09-18 | CVE-2023-33831 | Command Injection vulnerability in Frangoteam Fuxa 1.1.13 A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request. | 9.8 |
| 2023-09-18 | CVE-2023-34999 | Command Injection vulnerability in Bosch RTS Vlink Virtual Matrix 5.0.0/6.0.0 A command injection vulnerability exists in RTS VLink Virtual Matrix Software Versions v5 (< 5.7.6) and v6 (< 6.5.0) that allows an attacker to perform arbitrary code execution via the admin web interface. | 7.2 |
| 2023-09-14 | CVE-2023-39638 | Command Injection vulnerability in Dlink Dir-859 A1 Firmware 1.05/1.06 D-LINK DIR-859 A1 1.05 and A1 1.06B01 Beta01 was discovered to contain a command injection vulnerability via the lxmldbc_system function at /htdocs/cgibin. | 9.8 |
| 2023-09-14 | CVE-2023-41011 | Command Injection vulnerability in Chinamobile Intelligent Home Gateway Firmware Hg6543C4 Command Execution vulnerability in China Mobile Communications China Mobile Intelligent Home Gateway v.HG6543C4 allows a remote attacker to execute arbitrary code via the shortcut_telnet.cg component. | 9.8 |
| 2023-09-12 | CVE-2023-3710 | Command Injection vulnerability in Honeywell Pm43 Firmware Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injection.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. | 9.8 |
| 2023-09-12 | CVE-2023-39637 | Command Injection vulnerability in Dlink Dir-816 Firmware 1.10B05 D-Link DIR-816 A2 1.10 B05 was discovered to contain a command injection vulnerability via the component /goform/Diagnosis. | 9.8 |
| 2023-09-11 | CVE-2023-38829 | Command Injection vulnerability in Netis-Systems Wf2409E Firmware 3.6.42541 An issue in NETIS SYSTEMS WF2409E v.3.6.42541 allows a remote attacker to execute arbitrary code via the ping and traceroute functions of the diagnostic tools component in the admin management interface. | 8.8 |