Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-07 | CVE-2023-37146 | Command Injection vulnerability in Totolink Lr350 Firmware 9.3.5U.6369B20220309 TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function. | 9.8 |
| 2023-07-07 | CVE-2023-37148 | Command Injection vulnerability in Totolink Lr350 Firmware 9.3.5U.6369B20220309 TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the ussd parameter in the setUssd function. | 9.8 |
| 2023-07-07 | CVE-2023-37149 | Command Injection vulnerability in Totolink Lr350 Firmware 9.3.5U.6369B20220309 TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadSetting function. | 9.8 |
| 2023-07-05 | CVE-2023-35972 | Command Injection vulnerability in Arubanetworks Arubaos An authenticated remote command injection vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | 7.2 |
| 2023-07-05 | CVE-2023-35973 | Command Injection vulnerability in Arubanetworks Arubaos Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. | 7.2 |
| 2023-07-05 | CVE-2023-35974 | Command Injection vulnerability in Arubanetworks Arubaos Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. | 7.2 |
| 2023-07-01 | CVE-2023-28365 | Command Injection vulnerability in UI Unifi Network Application A backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored. | 9.1 |
| 2023-06-30 | CVE-2023-22815 | Command Injection vulnerability in Westerndigital MY Cloud OS Post-authentication remote command injection vulnerability in Western Digital My Cloud OS 5 devices that could allow an attacker to execute code in the context of the root user on vulnerable CGI files. | 6.7 |
| 2023-06-30 | CVE-2023-22816 | Command Injection vulnerability in Westerndigital MY Cloud OS A post-authentication remote command injection vulnerability in a CGI file in Western Digital My Cloud OS 5 devices that could allow an attacker to build files with redirects and execute larger payloads. This issue affects My Cloud OS 5 devices: before 5.26.300. | 8.8 |
| 2023-06-29 | CVE-2023-34849 | Command Injection vulnerability in Ikuai8 Ikuaios An unauthorized command injection vulnerability exists in the ActionLogin function of the webman.lua file in Ikuai router OS through 3.7.1. | 9.8 |