Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-23 | CVE-2023-27135 | Command Injection vulnerability in Totolink A7100Ru Firmware 7.4Cu.2313B20191024 TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the enabled parameter at /setting/setWanIeCfg. | 9.8 |
| 2023-03-23 | CVE-2023-27079 | Command Injection vulnerability in Tenda G103 Firmware 1.0.05 Command Injection vulnerability found in Tenda G103 v.1.0.05 allows an attacker to obtain sensitive information via a crafted package | 7.5 |
| 2023-03-22 | CVE-2023-27224 | Command Injection vulnerability in Jc21 Nginx Proxy Manager 2.9.19 An issue found in NginxProxyManager v.2.9.19 allows an attacker to execute arbitrary code via a lua script to the configuration file. | 9.8 |
| 2023-03-16 | CVE-2022-4009 | Command Injection vulnerability in Octopus Server In affected versions of Octopus Deploy it is possible for a user to introduce code via offline package creation | 8.8 |
| 2023-03-15 | CVE-2023-1389 | Command Injection vulnerability in Tp-Link Archer Ax21 Firmware TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. | 8.8 |
| 2023-03-15 | CVE-2023-28460 | Command Injection vulnerability in Arraynetworks Array OS A command injection vulnerability was discovered in Array Networks APV products. | 7.2 |
| 2023-03-15 | CVE-2023-24229 | Command Injection vulnerability in Draytek Vigor2960 Firmware 1.5.1.4 DrayTek Vigor2960 v1.5.1.4 allows an authenticated attacker with network access to the web management interface to inject operating system commands via the mainfunction.cgi 'parameter' parameter. | 7.8 |
| 2023-03-15 | CVE-2023-27240 | Command Injection vulnerability in Tenda AX3 Firmware 16.03.12.11 Tenda AX3 V16.03.12.11 was discovered to contain a command injection vulnerability via the lanip parameter at /goform/AdvSetLanip. | 9.8 |
| 2023-03-13 | CVE-2023-0351 | Command Injection vulnerability in Akuvox E11 Firmware The Akuvox E11 web server backend library allows command injection in the device phone-book contacts functionality. | 8.8 |
| 2023-03-13 | CVE-2023-0978 | Command Injection vulnerability in multiple products A command injection vulnerability in Trellix Intelligent Sandbox CLI for version 5.2 and earlier, allows a local user to inject and execute arbitrary operating system commands using specially crafted strings. | 6.7 |