Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-15 | CVE-2023-38863 | Command Injection vulnerability in Comfast Cf-Xr11 Firmware 2.7.2 An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the ifname and mac parameters in the sub_410074 function at bin/webmgnt. | 9.8 |
| 2023-08-15 | CVE-2023-38865 | Command Injection vulnerability in Comfast Cf-Xr11 Firmware 2.7.2 COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub_4143F0. | 9.8 |
| 2023-08-14 | CVE-2023-39293 | Command Injection vulnerability in Mitel products A Command Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1.2.5.23 which could allow a malicious actor to execute arbitrary commands within the context of the system. | 9.8 |
| 2023-08-14 | CVE-2023-40293 | Command Injection vulnerability in Samsung Harman Infotainment 20190525031613 Harman Infotainment 20190525031613 and later allows command injection via unauthenticated RPC with a D-Bus connection object. | 6.8 |
| 2023-08-10 | CVE-2023-38034 | Command Injection vulnerability in UI Unifi Switch Firmware and Unifi UAP Firmware A command injection vulnerability in the DHCP Client function of all UniFi Access Points and Switches, excluding the Switch Flex Mini, could allow a Remote Code Execution (RCE). Affected Products: All UniFi Access Points (Version 6.5.53 and earlier) All UniFi Switches (Version 6.5.32 and earlier) -USW Flex Mini excluded. Mitigation: Update UniFi Access Points to Version 6.5.62 or later. Update UniFi Switches to Version 6.5.59 or later. | 9.8 |
| 2023-08-09 | CVE-2023-39001 | Command Injection vulnerability in Opnsense A command injection vulnerability in the component diag_backup.php of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary commands via a crafted backup configuration file. | 9.8 |
| 2023-08-09 | CVE-2023-39008 | Command Injection vulnerability in Opnsense A command injection vulnerability in the component /api/cron/settings/setJob/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system commands. | 9.8 |
| 2023-08-09 | CVE-2023-32781 | Command Injection vulnerability in Paessler Prtg Network Monitor A command injection vulnerability was identified in PRTG 23.2.84.1566 and earlier versions in the HL7 sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. | 7.2 |
| 2023-08-09 | CVE-2023-32782 | Command Injection vulnerability in Paessler Prtg Network Monitor A command injection was identified in PRTG 23.2.84.1566 and earlier versions in the Dicom C-ECHO sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. | 7.2 |
| 2023-08-09 | CVE-2023-26310 | Command Injection vulnerability in Oppo Coloros 12.3 There is a command injection problem in the old version of the mobile phone backup app. | 9.8 |