Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-15 | CVE-2023-38866 | Command Injection vulnerability in Comfast Cf-Xr11 Firmware 2.7.2 COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub_415588. | 9.8 |
| 2023-08-15 | CVE-2023-38861 | Command Injection vulnerability in Wavlink Wl-Wn575A3 Firmware R75A3V1410220513 An issue in Wavlink WL_WNJ575A3 v.R75A3_V1410_220513 allows a remote attacker to execute arbitrary code via username parameter of the set_sys_adm function in adm.cgi. | 9.8 |
| 2023-08-15 | CVE-2023-38862 | Command Injection vulnerability in Comfast Cf-Xr11 Firmware 2.7.2 An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the destination parameter of sub_431F64 function in bin/webmgnt. | 9.8 |
| 2023-08-15 | CVE-2023-38863 | Command Injection vulnerability in Comfast Cf-Xr11 Firmware 2.7.2 An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the ifname and mac parameters in the sub_410074 function at bin/webmgnt. | 9.8 |
| 2023-08-15 | CVE-2023-38865 | Command Injection vulnerability in Comfast Cf-Xr11 Firmware 2.7.2 COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub_4143F0. | 9.8 |
| 2023-08-14 | CVE-2023-39293 | Command Injection vulnerability in Mitel products A Command Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1.2.5.23 which could allow a malicious actor to execute arbitrary commands within the context of the system. | 9.8 |
| 2023-08-14 | CVE-2023-40293 | Command Injection vulnerability in Samsung Harman Infotainment 20190525031613 Harman Infotainment 20190525031613 and later allows command injection via unauthenticated RPC with a D-Bus connection object. | 6.8 |
| 2023-08-10 | CVE-2023-38034 | Command Injection vulnerability in UI Unifi Switch Firmware and Unifi UAP Firmware A command injection vulnerability in the DHCP Client function of all UniFi Access Points and Switches, excluding the Switch Flex Mini, could allow a Remote Code Execution (RCE). Affected Products: All UniFi Access Points (Version 6.5.53 and earlier) All UniFi Switches (Version 6.5.32 and earlier) -USW Flex Mini excluded. Mitigation: Update UniFi Access Points to Version 6.5.62 or later. Update UniFi Switches to Version 6.5.59 or later. | 9.8 |
| 2023-08-09 | CVE-2023-39001 | Command Injection vulnerability in Opnsense A command injection vulnerability in the component diag_backup.php of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary commands via a crafted backup configuration file. | 9.8 |
| 2023-08-09 | CVE-2023-39008 | Command Injection vulnerability in Opnsense A command injection vulnerability in the component /api/cron/settings/setJob/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system commands. | 9.8 |