Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-04 | CVE-2022-24170 | Command Injection vulnerability in Tendacn G1 Firmware and G3 Firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetIpSecTunnel. | 7.5 |
| 2022-02-04 | CVE-2022-24171 | Command Injection vulnerability in Tendacn G1 Firmware and G3 Firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetPppoeServer. | 7.5 |
| 2022-02-01 | CVE-2021-42638 | Command Injection vulnerability in Printerlogic web Stack 19.1.1.13 PrinterLogic Web Stack versions 19.1.1.13 SP9 and below do not sanitize user input resulting in pre-auth remote code execution. | 9.3 |
| 2022-01-26 | CVE-2021-32849 | Command Injection vulnerability in Gerapy Gerapy is a distributed crawler management framework. | 9.0 |
| 2022-01-26 | CVE-2021-46560 | Command Injection vulnerability in Moxa Tn-5900 Firmware 3.1 The firmware on Moxa TN-5900 devices through 3.1 allows command injection that could lead to device damage. | 7.5 |
| 2022-01-20 | CVE-2021-44735 | Command Injection vulnerability in Lexmark products Embedded web server command injection vulnerability in Lexmark devices through 2021-12-07. | 10.0 |
| 2022-01-18 | CVE-2021-33965 | Command Injection vulnerability in Chinamobile AN Lianbao Wf-1 Firmware 1.0.1 China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /api/ZRMesh/set_ZRMesh which receives parameters by POST request, and the parameter mesh_enable and mesh_device have a command injection vulnerability. | 6.5 |
| 2022-01-18 | CVE-2021-33964 | Command Injection vulnerability in Chinamobile AN Lianbao Wf-1 Firmware 1.0.1 China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /api/ZRRuleFilter/set_firewall_level which receives parameters by POST request, and the parameter firewall_level has a command injection vulnerability. | 6.5 |
| 2022-01-15 | CVE-2021-33963 | Command Injection vulnerability in Chinamobile AN Lianbao Wf-1 Firmware 1.0.1 China Mobile An Lianbao WF-1 v1.0.1 router web interface through /api/ZRMacClone/mac_addr_clone receives parameters by POST request, and the parameter macType has a command injection vulnerability. | 9.8 |
| 2022-01-13 | CVE-2022-22991 | Command Injection vulnerability in Westerndigital MY Cloud OS A malicious user on the same LAN could use DNS spoofing followed by a command injection attack to trick a NAS device into loading through an unsecured HTTP call. | 8.3 |