Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2023-02-03 CVE-2023-24151 Command Injection vulnerability in Totolink T8 Firmware V4.1.5Cu
A command injection vulnerability in the ip parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
network
low complexity
totolink CWE-77
critical
 9.8
9.8
2023-02-03 CVE-2023-24152 Command Injection vulnerability in Totolink T8 Firmware V4.1.5Cu
A command injection vulnerability in the serverIp parameter in the function meshSlaveUpdate of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
network
low complexity
totolink CWE-77
critical
 9.8
9.8
2023-02-03 CVE-2023-24153 Command Injection vulnerability in Totolink T8 Firmware V4.1.5Cu
A command injection vulnerability in the version parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
network
low complexity
totolink CWE-77
critical
 9.8
9.8
2023-02-03 CVE-2023-24154 Command Injection vulnerability in Totolink T8 Firmware V4.1.5Cu
TOTOLINK T8 V4.1.5cu was discovered to contain a command injection vulnerability via the slaveIpList parameter in the function setUpgradeFW.
network
low complexity
totolink CWE-77
critical
 9.8
9.8
2023-02-03 CVE-2023-24156 Command Injection vulnerability in Totolink T8 Firmware V4.1.5Cu
A command injection vulnerability in the ip parameter in the function recvSlaveUpgstatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
network
low complexity
totolink CWE-77
critical
 9.8
9.8
2023-02-03 CVE-2023-24157 Command Injection vulnerability in Totolink T8 Firmware V4.1.5Cu
A command injection vulnerability in the serverIp parameter in the function updateWifiInfo of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
network
low complexity
totolink CWE-77
critical
 9.8
9.8
2023-02-02 CVE-2023-0646 Command Injection vulnerability in Dst-Admin Project Dst-Admin 1.5.0
A vulnerability classified as critical was found in dst-admin 1.5.0.
network
low complexity
dst-admin-project CWE-77
7.5
7.5
2023-02-02 CVE-2023-0647 Command Injection vulnerability in Dst-Admin Project Dst-Admin 1.5.0
A vulnerability, which was classified as critical, has been found in dst-admin 1.5.0.
network
low complexity
dst-admin-project CWE-77
7.5
7.5
2023-02-02 CVE-2023-0648 Command Injection vulnerability in Dst-Admin Project Dst-Admin 1.5.0
A vulnerability, which was classified as critical, was found in dst-admin 1.5.0.
network
low complexity
dst-admin-project CWE-77
7.5
7.5
2023-02-02 CVE-2023-0649 Command Injection vulnerability in Dst-Admin Project Dst-Admin 1.5.0
A vulnerability has been found in dst-admin 1.5.0 and classified as critical.
network
low complexity
dst-admin-project CWE-77
7.5
7.5