Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-17 | CVE-2023-34213 | Command Injection vulnerability in Moxa Tn-5900 Firmware 3.1/3.2/3.3 TN-5900 Series firmware versions v3.3 and prior are vulnerable to command-injection vulnerability. | 9.8 |
| 2023-08-17 | CVE-2023-34214 | Command Injection vulnerability in Moxa Tn-4900 Firmware and Tn-5900 Firmware TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. | 9.8 |
| 2023-08-16 | CVE-2023-20013 | Command Injection vulnerability in Cisco Intersight Private Virtual Appliance 1.0.9 Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges. | 9.1 |
| 2023-08-16 | CVE-2023-20017 | Command Injection vulnerability in Cisco Intersight Private Virtual Appliance 1.0.9 Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges. | 9.1 |
| 2023-08-16 | CVE-2023-20237 | Command Injection vulnerability in Cisco Intersight Virtual Appliance A vulnerability in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access internal HTTP services that are otherwise inaccessible. This vulnerability is due to insufficient restrictions on internally accessible http proxies. | 4.3 |
| 2023-08-16 | CVE-2023-20209 | Command Injection vulnerability in Cisco Telepresence Video Communication Server 14.0/14.0.5/14.0.7 A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read-write privileges on the application to perform a command injection attack that could result in remote code execution on an affected device. This vulnerability is due to insufficient validation of user-supplied input. | 7.2 |
| 2023-08-15 | CVE-2023-38864 | Command Injection vulnerability in Comfast Cf-Xr11 Firmware 2.7.2 An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the protal_delete_picname parameter in the sub_41171C function at bin/webmgnt. | 9.8 |
| 2023-08-15 | CVE-2023-38866 | Command Injection vulnerability in Comfast Cf-Xr11 Firmware 2.7.2 COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub_415588. | 9.8 |
| 2023-08-15 | CVE-2023-38861 | Command Injection vulnerability in Wavlink Wl-Wn575A3 Firmware R75A3V1410220513 An issue in Wavlink WL_WNJ575A3 v.R75A3_V1410_220513 allows a remote attacker to execute arbitrary code via username parameter of the set_sys_adm function in adm.cgi. | 9.8 |
| 2023-08-15 | CVE-2023-38862 | Command Injection vulnerability in Comfast Cf-Xr11 Firmware 2.7.2 An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the destination parameter of sub_431F64 function in bin/webmgnt. | 9.8 |