Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-13 | CVE-2022-42161 | Command Injection vulnerability in Dlink products D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the /SetTriggerWPS/PIN parameter at function SetTriggerWPS. | 8.8 |
| 2022-10-13 | CVE-2022-42906 | Command Injection vulnerability in multiple products powerline-gitstatus (aka Powerline Gitstatus) before 1.3.2 allows arbitrary code execution. | 7.8 |
| 2022-10-13 | CVE-2022-42897 | Command Injection vulnerability in Arraynetworks Arrayos AG 9.4.0.469 Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection that leads to privilege escalation and control of the system. | 9.8 |
| 2022-09-30 | CVE-2022-41870 | Command Injection vulnerability in Innovaphone Firmware 12R1/13R2 AP Manager in Innovaphone before 13r2 Service Release 17 allows command injection via a modified service ID during app upload. | 7.2 |
| 2022-09-08 | CVE-2022-28220 | Command Injection vulnerability in Apache James Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. | 7.5 |
| 2022-09-05 | CVE-2022-3008 | Command Injection vulnerability in multiple products The tinygltf library uses the C library function wordexp() to perform file path expansion on untrusted paths that are provided from the input file. | 8.8 |
| 2022-08-31 | CVE-2022-21941 | Command Injection vulnerability in Johnsoncontrols Istar Ultra Firmware All versions of iSTAR Ultra prior to version 6.8.9.CU01 are vulnerable to a command injection that could allow an unauthenticated user root access to the system. | 9.8 |
| 2022-07-12 | CVE-2022-29560 | Command Injection vulnerability in Siemens products A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < 2.15.1), RUGGEDCOM ROX MX5000RE (All versions < 2.15.1), RUGGEDCOM ROX RX1400 (All versions < 2.15.1), RUGGEDCOM ROX RX1500 (All versions < 2.15.1), RUGGEDCOM ROX RX1501 (All versions < 2.15.1), RUGGEDCOM ROX RX1510 (All versions < 2.15.1), RUGGEDCOM ROX RX1511 (All versions < 2.15.1), RUGGEDCOM ROX RX1512 (All versions < 2.15.1), RUGGEDCOM ROX RX1524 (All versions < 2.15.1), RUGGEDCOM ROX RX1536 (All versions < 2.15.1), RUGGEDCOM ROX RX5000 (All versions < 2.15.1). | 10.0 |
| 2022-07-07 | CVE-2022-32449 | Command Injection vulnerability in Totolink Ex300 V2 Firmware 4.0.3C.7484 TOTOLINK EX300_V2 V4.0.3c.7484 was discovered to contain a command injection vulnerability via the langType parameter in the setLanguageCfg function. | 9.8 |
| 2022-07-07 | CVE-2022-34592 | Command Injection vulnerability in Wavlink Wl-Wn575A3 Firmware Rpt75A3.V4300.201217 Wavlink WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a command injection vulnerability via the function obtw. | 9.8 |