Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2025-01-14 CVE-2024-39764 Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505.
network
low complexity
CWE-77
critical
 9.1
9.1
2025-01-14 CVE-2024-39765 Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505.
network
low complexity
CWE-77
critical
 9.1
9.1
2025-01-14 CVE-2024-39781 Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wavlink AC3000 M33A8.V5030.210505.
network
low complexity
CWE-77
critical
 9.1
9.1
2025-01-14 CVE-2024-39782 Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wavlink AC3000 M33A8.V5030.210505.
network
low complexity
CWE-77
critical
 9.1
9.1
2025-01-14 CVE-2024-39783 Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wavlink AC3000 M33A8.V5030.210505.
network
low complexity
CWE-77
critical
 9.1
9.1
2024-12-27 CVE-2024-12986 Command Injection vulnerability in Draytek Vigor2960 Firmware and Vigor300B Firmware
A vulnerability, which was classified as critical, has been found in DrayTek Vigor2960 and Vigor300B 1.5.1.3/1.5.1.4.
network
low complexity
draytek CWE-77
critical
 9.8
9.8
2024-12-27 CVE-2024-12987 Command Injection vulnerability in Draytek Vigor2960 Firmware and Vigor300B Firmware
A vulnerability, which was classified as critical, was found in DrayTek Vigor2960 and Vigor300B 1.5.1.4.
network
low complexity
draytek CWE-77
critical
 9.8
9.8
2024-12-20 CVE-2022-32203 Command Injection vulnerability in Huawei Cv81-Wdm Firmware 01.70.49.29.46
There is a command injection vulnerability in Huawei terminal printer product.
network
low complexity
huawei CWE-77
critical
 9.8
9.8
2024-12-17 CVE-2024-12356 Command Injection vulnerability in Beyondtrust Remote Support
A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user.
network
low complexity
beyondtrust CWE-77
critical
 9.8
9.8
2024-12-13 CVE-2024-55956 Command Injection vulnerability in Cleo Lexicom and Vltrader
In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory.
network
low complexity
cleo CWE-77
critical
 9.8
9.8