Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-26 | CVE-2023-26800 | Command Injection vulnerability in Ruijienetworks products Ruijie Networks RG-EW1200 Wireless Routers EW_3.0(1)B11P204 was discovered to contain a command injetion vulnerability via the params.path parameter in the upgradeConfirm function. | 9.8 |
| 2023-03-26 | CVE-2023-26801 | Command Injection vulnerability in Lb-Link products LB-LINK BL-AC1900_2.0 v1.0.1, LB-LINK BL-WR9000 v2.4.9, LB-LINK BL-X26 v1.2.5, and LB-LINK BL-LTE300 v1.0.8 were discovered to contain a command injection vulnerability via the mac, time1, and time2 parameters at /goform/set_LimitClient_cfg. | 9.8 |
| 2023-03-26 | CVE-2023-27796 | Command Injection vulnerability in Ruijienetworks products RG-EW1200G PRO Wireless Routers EW_3.0(1)B11P204, RG-EW1800GX PRO Wireless Routers EW_3.0(1)B11P204, and RG-EW3200GX PRO Wireless Routers EW_3.0(1)B11P204 were discovered to contain multiple command injection vulnerabilities via the data.ip, data.protocal, data.iface and data.package parameters in the runPackDiagnose function of diagnose.lua. | 8.8 |
| 2023-03-25 | CVE-2023-1458 | Command Injection vulnerability in UI Edgerouter X Firmware 2.0.9 A vulnerability has been found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6 and classified as critical. | 9.8 |
| 2023-03-25 | CVE-2023-1456 | Command Injection vulnerability in UI Edgerouter X Firmware 2.0.9 A vulnerability, which was classified as critical, has been found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6. | 9.8 |
| 2023-03-25 | CVE-2023-1457 | Command Injection vulnerability in UI Edgerouter X Firmware 2.0.9 A vulnerability, which was classified as critical, was found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6. | 9.8 |
| 2023-03-24 | CVE-2023-23149 | Command Injection vulnerability in Dek-1705 Project Dek-1705 Firmware 34.23.1 DEK-1705 <=Firmware:34.23.1 device was discovered to have a command execution vulnerability. | 9.8 |
| 2023-03-23 | CVE-2022-28496 | Command Injection vulnerability in Totolink Cp900 Firmware 6.3C.566B20171026 TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 discovered to contain a command injection vulnerability in the setPasswordCfg function via the adminuser and adminpassparameter. | 9.8 |
| 2023-03-23 | CVE-2023-20097 | Command Injection vulnerability in Cisco products A vulnerability in Cisco access points (AP) software could allow an authenticated, local attacker to inject arbitrary commands and execute them with root privileges. | 6.7 |
| 2023-03-23 | CVE-2022-28497 | Command Injection vulnerability in Totolink Cp900 Firmware 6.3C.566B20171026 TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the mtd_write_bootloader function via the filename parameter. | 9.8 |