Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-12 | CVE-2023-39637 | Command Injection vulnerability in Dlink Dir-816 Firmware 1.10B05 D-Link DIR-816 A2 1.10 B05 was discovered to contain a command injection vulnerability via the component /goform/Diagnosis. | 9.8 |
| 2023-09-11 | CVE-2023-38829 | Command Injection vulnerability in Netis-Systems Wf2409E Firmware 3.6.42541 An issue in NETIS SYSTEMS WF2409E v.3.6.42541 allows a remote attacker to execute arbitrary code via the ping and traceroute functions of the diagnostic tools component in the admin management interface. | 8.8 |
| 2023-09-11 | CVE-2023-39780 | Command Injection vulnerability in Asus Rt-Ax55 Firmware 3.0.0.4.386.51598 ASUS RT-AX55 v3.0.0.4.386.51598 was discovered to contain an authenticated command injection vulnerability. | 8.8 |
| 2023-09-05 | CVE-2023-4310 | Command Injection vulnerability in Beyondtrust Privileged Remote Access and Remote Support BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 contain a command injection vulnerability which can be exploited through a malicious HTTP request. | 9.8 |
| 2023-08-25 | CVE-2023-40796 | Command Injection vulnerability in Phicomm K2 Firmware 22.6.529.216 Phicomm k2 v22.6.529.216 was discovered to contain a command injection vulnerability via the function luci.sys.call. | 7.8 |
| 2023-08-25 | CVE-2023-25649 | Command Injection vulnerability in ZTE Mf286R Firmware Crlvwrgbmf286Rv1.0.0B04 There is a command injection vulnerability in a mobile internet product of ZTE. | 8.8 |
| 2023-08-24 | CVE-2023-39834 | Command Injection vulnerability in Pbootcms PbootCMS below v3.2.0 was discovered to contain a command injection vulnerability via create_function. | 9.8 |
| 2023-08-22 | CVE-2020-22570 | Command Injection vulnerability in Memcached 1.6.0/1.6.1/1.6.2 Memcached 1.6.0 before 1.6.3 allows remote attackers to cause a denial of service (daemon crash) via a crafted meta command. | 7.5 |
| 2023-08-22 | CVE-2023-23564 | Command Injection vulnerability in Geomatika Isigeo web 6.0 An issue was discovered in Geomatika IsiGeo Web 6.0. | 8.8 |
| 2023-08-22 | CVE-2023-4212 | Command Injection vulnerability in Trane products ?A command injection vulnerability exists in Trane XL824, XL850, XL1050, and Pivot thermostats allowing an attacker to execute arbitrary commands as root using a specially crafted filename. | 6.8 |