Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-11 | CVE-2023-31473 | Command Injection vulnerability in Gl-Inet products An issue was discovered on GL.iNet devices before 3.216. | 4.9 |
| 2023-05-10 | CVE-2022-29842 | Command Injection vulnerability in Westerndigital MY Cloud OS Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability that could allow an attacker to execute code in the context of the root user on a vulnerable CGI file was discovered in Western Digital My Cloud OS 5 devicesThis issue affects My Cloud OS 5: before 5.26.119. | 9.8 |
| 2023-05-10 | CVE-2023-30353 | Command Injection vulnerability in Tenda CP3 Firmware 11.10.00.2211041355 Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 allows unauthenticated remote code execution via an XML document. | 9.8 |
| 2023-05-09 | CVE-2023-31476 | Command Injection vulnerability in Gl-Inet Gl-Mv1000 Firmware and Gl-Mv1000W Firmware An issue was discovered on GL.iNet devices running firmware before 3.216. | 7.5 |
| 2023-05-08 | CVE-2023-22788 | Command Injection vulnerability in multiple products Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. | 8.8 |
| 2023-05-08 | CVE-2023-22789 | Command Injection vulnerability in multiple products Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. | 8.8 |
| 2023-05-08 | CVE-2023-22790 | Command Injection vulnerability in multiple products Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. | 8.8 |
| 2023-05-08 | CVE-2023-2573 | Command Injection vulnerability in Advantech products Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the NTP server input field, which can be triggered by authenticated users via a crafted POST request. | 8.8 |
| 2023-05-08 | CVE-2023-2574 | Command Injection vulnerability in Advantech products Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the device name input field, which can be triggered by authenticated users via a crafted POST request. | 8.8 |
| 2023-05-05 | CVE-2023-30135 | Command Injection vulnerability in Tenda Ac18 Firmware 15.03.05.19(6318)Cn Tenda AC18 v15.03.05.19(6318_)_cn was discovered to contain a command injection vulnerability via the deviceName parameter in the setUsbUnload function. | 9.8 |