Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-14 | CVE-2023-29799 | Command Injection vulnerability in Totolink X18 Firmware 9.1.0Cu.2024B20220329 TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function. | 9.8 |
| 2023-04-14 | CVE-2023-29800 | Command Injection vulnerability in Totolink X18 Firmware 9.1.0Cu.2024B20220329 TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function. | 9.8 |
| 2023-04-14 | CVE-2023-29801 | Command Injection vulnerability in Totolink X18 Firmware 9.1.0Cu.2024B20220329 TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain multiple command injection vulnerabilities via the rtLogEnabled and rtLogServer parameters in the setSyslogCfg function. | 9.8 |
| 2023-04-14 | CVE-2023-29802 | Command Injection vulnerability in Totolink X18 Firmware 9.1.0Cu.2021B20220326/9.1.0Cu.2024B20220329 TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function. | 9.8 |
| 2023-04-14 | CVE-2023-29803 | Command Injection vulnerability in Totolink X18 Firmware 9.1.0Cu.2024B20220329 TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the pid parameter in the disconnectVPN function. | 9.8 |
| 2023-04-14 | CVE-2023-30638 | Command Injection vulnerability in Atos products Atos Unify OpenScape SBC 10 before 10R3.1.3, OpenScape Branch 10 before 10R3.1.2, and OpenScape BCF 10 before 10R10.7.0 allow remote authenticated admins to inject commands. | 7.2 |
| 2023-04-13 | CVE-2023-29084 | Command Injection vulnerability in Zohocorp Manageengine Admanager Plus Zoho ManageEngine ADManager Plus before 7181 allows for authenticated users to exploit command injection via Proxy settings. | 7.2 |
| 2023-04-13 | CVE-2023-20118 | Command Injection vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Small Business Routers RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to improper validation of user input within incoming HTTP packets. | 7.2 |
| 2023-04-11 | CVE-2023-28489 | Command Injection vulnerability in Siemens Cp-8031 Firmware and Cp-8050 Firmware A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). | 9.8 |
| 2023-04-07 | CVE-2023-26978 | Command Injection vulnerability in Totolink A7100Ru Firmware 7.4Cu.2313B20191024 TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pppoeAcName parameter at /setting/setWanIeCfg. | 9.8 |