Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-07 | CVE-2022-32449 | Command Injection vulnerability in Totolink Ex300 V2 Firmware 4.0.3C.7484 TOTOLINK EX300_V2 V4.0.3c.7484 was discovered to contain a command injection vulnerability via the langType parameter in the setLanguageCfg function. | 9.8 |
| 2022-07-07 | CVE-2022-34592 | Command Injection vulnerability in Wavlink Wl-Wn575A3 Firmware Rpt75A3.V4300.201217 Wavlink WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a command injection vulnerability via the function obtw. | 9.8 |
| 2022-07-06 | CVE-2022-28935 | Command Injection vulnerability in Totolink products Totolink A830R V5.9c.4729_B20191112, Totolink A3100R V4.1.2cu.5050_B20200504, Totolink A950RG V4.1.2cu.5161_B20200903, Totolink A800R V4.1.2cu.5137_B20200730, Totolink A3000RU V5.9c.5185_B20201128, Totolink A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability. | 7.2 |
| 2022-06-27 | CVE-2022-28171 | Command Injection vulnerability in Hikvision products The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. | 9.8 |
| 2022-06-17 | CVE-2022-31874 | Command Injection vulnerability in Asus Rt-N53 Firmware 3.0.0.4.376.3754 ASUS RT-N53 3.0.0.4.376.3754 has a command injection vulnerability in the SystemCmd parameter of the apply.cgi interface. | 9.8 |
| 2022-06-15 | CVE-2022-32154 | Command Injection vulnerability in Splunk Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request. | 8.1 |
| 2022-06-14 | CVE-2022-32262 | Command Injection vulnerability in Siemens Sinema Remote Connect Server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). | 9.8 |
| 2022-06-07 | CVE-2019-9972 | Command Injection vulnerability in multiple products PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an authenticated attacker to run arbitrary commands with the phonesystem user privileges because of "<space><space> followed by <shift><enter>" mishandling. | 8.8 |
| 2022-06-07 | CVE-2020-36529 | Command Injection vulnerability in IBM Sevone Network Performance Management A vulnerability classified as critical has been found in SevOne Network Management System up to 5.7.2.22. | 8.8 |
| 2022-06-02 | CVE-2022-29712 | Command Injection vulnerability in Librenms 22.3.0 LibreNMS v22.3.0 was discovered to contain multiple command injection vulnerabilities via the service_ip, hostname, and service_param parameters. | 9.8 |