Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-16 | CVE-2023-24236 | Command Injection vulnerability in Totolink A7100Ru Firmware 7.4Cu.2313B20191024 TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the province parameter at setting/delStaticDhcpRules. | 9.8 |
| 2023-02-16 | CVE-2023-24238 | Command Injection vulnerability in Totolink A7100Ru Firmware 7.4Cu.2313B20191024 TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the city parameter at setting/delStaticDhcpRules. | 9.8 |
| 2023-02-15 | CVE-2023-0849 | Command Injection vulnerability in Netgear Wndr3700 Firmware 1.0.1.14 A vulnerability has been found in Netgear WNDR3700v2 1.0.1.14 and classified as critical. | 9.8 |
| 2023-02-14 | CVE-2023-22935 | Command Injection vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘display.page.search.patterns.sensitivity’ search parameter lets a search bypass SPL safeguards for risky commands. | 8.8 |
| 2023-02-14 | CVE-2023-24159 | Command Injection vulnerability in Totolink Ca300-Poe Firmware 6.2C.884 TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admpass parameter in the setPasswordCfg function. | 9.8 |
| 2023-02-14 | CVE-2023-24160 | Command Injection vulnerability in Totolink Ca300-Poe Firmware 6.2C.884 TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function. | 9.8 |
| 2023-02-14 | CVE-2023-24161 | Command Injection vulnerability in Totolink Ca300-Poe Firmware 6.2C.884 TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the webWlanIdx parameter in the setWebWlanIdx function. | 9.8 |
| 2023-02-13 | CVE-2022-40022 | Command Injection vulnerability in Microchip Syncserver S650 Firmware Microchip Technology (Microsemi) SyncServer S650 was discovered to contain a command injection vulnerability. | 9.8 |
| 2023-02-12 | CVE-2023-0789 | Command Injection vulnerability in PHPmyfaq Command Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11. | 9.8 |
| 2023-02-11 | CVE-2023-0127 | Command Injection vulnerability in Dlink Dwl-2600Ap Firmware 4.2.0.17 A command injection vulnerability in the firmware_update command, in the device's restricted telnet interface, allows an authenticated attacker to execute arbitrary commands as root. | 7.8 |