Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2022-03-30 CVE-2021-43664 Command Injection vulnerability in Totolink Ex300 V2 Firmware 4.0.3C.140B20210429
totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection vulnerability via the component process forceugpo.
network
totolink CWE-77
critical
 9.3
9.3
2022-03-30 CVE-2022-25619 Command Injection vulnerability in Profelis Sambabox
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in ping tool of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause run arbitrary code.
local
low complexity
profelis CWE-77
4.6
4.6
2022-03-29 CVE-2021-43118 Command Injection vulnerability in Draytek products
A Remote Command Injection vulnerability exists in DrayTek Vigor 2960 1.5.1.3, DrayTek Vigor 3900 1.5.1.3, and DrayTek Vigor 300B 1.5.1.3 via a crafted HTTP message containing malformed QUERY STRING in mainfunction.cgi, which could let a remote malicious user execute arbitrary code.
network
low complexity
draytek CWE-77
7.5
7.5
2022-03-25 CVE-2022-22688 Command Injection vulnerability in Synology Diskstation Manager
Improper neutralization of special elements used in a command ('Command Injection') vulnerability in File service functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-2 allows remote authenticated users to execute arbitrary commands via unspecified vectors.
network
low complexity
synology CWE-77
6.5
6.5
2022-03-24 CVE-2022-26536 Command Injection vulnerability in Tenda M3 Firmware 1.0.0.12(4856)
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setFixTools.
network
low complexity
tenda CWE-77
critical
 9.8
9.8
2022-03-24 CVE-2022-27076 Command Injection vulnerability in Tenda M3 Firmware 1.0.0.12(4856)
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/delAd.
network
low complexity
tenda CWE-77
critical
 9.8
9.8
2022-03-24 CVE-2022-27077 Command Injection vulnerability in Tenda M3 Firmware 1.0.0.12(4856)
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /cgi-bin/uploadWeiXinPic.
network
low complexity
tenda CWE-77
critical
 9.8
9.8
2022-03-24 CVE-2022-27078 Command Injection vulnerability in Tenda M3 Firmware 1.0.0.12(4856)
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setAdInfoDetail.
network
low complexity
tenda CWE-77
critical
 9.8
9.8
2022-03-24 CVE-2022-27079 Command Injection vulnerability in Tenda M3 Firmware 1.0.0.12(4856)
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setPicListItem.
network
low complexity
tenda CWE-77
critical
 9.8
9.8
2022-03-24 CVE-2022-27080 Command Injection vulnerability in Tenda M3 Firmware 1.0.0.12(4856)
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setWorkmode.
network
low complexity
tenda CWE-77
critical
 9.8
9.8