Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-15 | CVE-2022-26997 | Command Injection vulnerability in Commscope Arris Tr3300 Firmware 1.0.13 Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the upnp function via the upnp_ttl parameter. | 9.8 |
| 2022-03-15 | CVE-2022-26998 | Command Injection vulnerability in Commscope Arris Tr3300 Firmware 1.0.13 Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the wps setting function via the wps_enrolee_pin parameter. | 9.8 |
| 2022-03-15 | CVE-2022-26999 | Command Injection vulnerability in Commscope Arris Tr3300 Firmware 1.0.13 Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the static ip settings function via the wan_ip_stat, wan_mask_stat, wan_gw_stat, and wan_dns1_stat parameters. | 9.8 |
| 2022-03-15 | CVE-2022-27000 | Command Injection vulnerability in Commscope Arris Tr3300 Firmware 1.0.13 Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the time and time zone function via the h_primary_ntp_server, h_backup_ntp_server, and h_time_zone parameters. | 9.8 |
| 2022-03-15 | CVE-2022-27001 | Command Injection vulnerability in Commscope Arris Tr3300 Firmware 1.0.13 Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the dhcp function via the hostname parameter. | 9.8 |
| 2022-03-15 | CVE-2022-27002 | Command Injection vulnerability in Commscope Arris Tr3300 Firmware 1.0.13 Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the ddns function via the ddns_name, ddns_pwd, h_ddns?ddns_host parameters. | 9.8 |
| 2022-03-11 | CVE-2021-44620 | Command Injection vulnerability in Totolink A3100R Firmware 4.1.2Cu.5050B20200504 A Command Injection vulnerability exits in TOTOLINK A3100R <=V4.1.2cu.5050_B20200504 in adm/ntm.asp via the hosTime parameters. | 7.5 |
| 2022-03-10 | CVE-2021-4045 | Command Injection vulnerability in Tp-Link Tapo C200 Firmware TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, present in the uhttpd binary running by default as root. | 9.8 |
| 2022-03-02 | CVE-2021-41000 | Command Injection vulnerability in HPE Arubaos-Cx Multiple authenticated remote code execution vulnerabilities were discovered in the AOS-CX command line interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below. | 9.0 |
| 2022-03-02 | CVE-2021-41001 | Command Injection vulnerability in HPE Arubaos-Cx An authenticated remote code execution vulnerability was discovered in the AOS-CX Network Analytics Engine (NAE) in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below. | 9.0 |