Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-03 | CVE-2023-24152 | Command Injection vulnerability in Totolink T8 Firmware V4.1.5Cu A command injection vulnerability in the serverIp parameter in the function meshSlaveUpdate of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | 9.8 |
| 2023-02-03 | CVE-2023-24153 | Command Injection vulnerability in Totolink T8 Firmware V4.1.5Cu A command injection vulnerability in the version parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | 9.8 |
| 2023-02-03 | CVE-2023-24154 | Command Injection vulnerability in Totolink T8 Firmware V4.1.5Cu TOTOLINK T8 V4.1.5cu was discovered to contain a command injection vulnerability via the slaveIpList parameter in the function setUpgradeFW. | 9.8 |
| 2023-02-03 | CVE-2023-24156 | Command Injection vulnerability in Totolink T8 Firmware V4.1.5Cu A command injection vulnerability in the ip parameter in the function recvSlaveUpgstatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | 9.8 |
| 2023-02-03 | CVE-2023-24157 | Command Injection vulnerability in Totolink T8 Firmware V4.1.5Cu A command injection vulnerability in the serverIp parameter in the function updateWifiInfo of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | 9.8 |
| 2023-02-01 | CVE-2023-22657 | Command Injection vulnerability in F5 F5Os-A and F5Os-C On F5OS-A beginning in version 1.2.0 to before 1.3.0 and F5OS-C beginning in version 1.3.0 to before 1.5.0, processing F5OS tenant file names may allow for command injection. | 7.8 |
| 2023-02-01 | CVE-2022-45095 | Command Injection vulnerability in Dell EMC Powerscale Onefs Dell PowerScale OneFS, 8.2.x-9.4.x, contain a command injection vulnerability. | 6.7 |
| 2023-01-30 | CVE-2023-24612 | Command Injection vulnerability in Pdfbook Project Pdfbook 2.0.5 The PdfBook extension through 2.0.5 before b07b6a64 for MediaWiki allows command injection via an option. | 9.8 |
| 2023-01-27 | CVE-2021-41144 | Command Injection vulnerability in Openmage Magento OpenMage LTS is an e-commerce platform. | 8.8 |
| 2023-01-20 | CVE-2020-22662 | Command Injection vulnerability in Ruckuswireless products In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to change and set unauthorized "illegal region code" by remote code Execution command injection which leads to run illegal frequency with maxi output power. | 7.5 |