Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-11 | CVE-2023-2649 | Command Injection vulnerability in Tenda Ac23 Firmware 16.03.07.45Cn A vulnerability was found in Tenda AC23 16.03.07.45_cn. | 8.8 |
| 2023-05-10 | CVE-2022-29842 | Command Injection vulnerability in Westerndigital MY Cloud OS Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability that could allow an attacker to execute code in the context of the root user on a vulnerable CGI file was discovered in Western Digital My Cloud OS 5 devicesThis issue affects My Cloud OS 5: before 5.26.119. | 9.8 |
| 2023-05-10 | CVE-2023-30353 | Command Injection vulnerability in Tenda CP3 Firmware 11.10.00.2211041355 Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 allows unauthenticated remote code execution via an XML document. | 9.8 |
| 2023-05-09 | CVE-2023-31476 | Command Injection vulnerability in Gl-Inet Gl-Mv1000 Firmware and Gl-Mv1000W Firmware An issue was discovered on GL.iNet devices running firmware before 3.216. | 7.5 |
| 2023-05-09 | CVE-2023-28832 | Command Injection vulnerability in Siemens 6Gk1411-1Ac00 Firmware and 6Gk1411-5Ac00 Firmware A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). | 7.2 |
| 2023-05-08 | CVE-2023-22788 | Command Injection vulnerability in multiple products Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. | 8.8 |
| 2023-05-08 | CVE-2023-22789 | Command Injection vulnerability in multiple products Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. | 8.8 |
| 2023-05-08 | CVE-2023-22790 | Command Injection vulnerability in multiple products Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. | 8.8 |
| 2023-05-08 | CVE-2023-2573 | Command Injection vulnerability in Advantech products Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the NTP server input field, which can be triggered by authenticated users via a crafted POST request. | 8.8 |
| 2023-05-08 | CVE-2023-2574 | Command Injection vulnerability in Advantech products Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the device name input field, which can be triggered by authenticated users via a crafted POST request. | 8.8 |