Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-06 | CVE-2022-20665 | Command Injection vulnerability in Cisco Staros A vulnerability in the CLI of Cisco StarOS could allow an authenticated, local attacker to elevate privileges on an affected device. | 6.7 |
| 2022-04-01 | CVE-2021-23247 | Command Injection vulnerability in Oppo Quick APP 4.5.0 A command injection vulerability found in quick game engine allows arbitrary remote code in quick app. | 9.8 |
| 2022-03-31 | CVE-2021-43663 | Command Injection vulnerability in Totolink Ex300 V2 Firmware 4.0.3C.140B20210429 totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection vulnerability via the component cloudupdate_check. | 7.5 |
| 2022-03-30 | CVE-2021-43664 | Command Injection vulnerability in Totolink Ex300 V2 Firmware 4.0.3C.140B20210429 totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection vulnerability via the component process forceugpo. | 8.1 |
| 2022-03-30 | CVE-2022-25619 | Command Injection vulnerability in Profelis Sambabox Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in ping tool of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause run arbitrary code. | 6.7 |
| 2022-03-29 | CVE-2021-43118 | Command Injection vulnerability in Draytek products A Remote Command Injection vulnerability exists in DrayTek Vigor 2960 1.5.1.3, DrayTek Vigor 3900 1.5.1.3, and DrayTek Vigor 300B 1.5.1.3 via a crafted HTTP message containing malformed QUERY STRING in mainfunction.cgi, which could let a remote malicious user execute arbitrary code. | 9.8 |
| 2022-03-24 | CVE-2022-26536 | Command Injection vulnerability in Tenda M3 Firmware 1.0.0.12(4856) Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setFixTools. | 9.8 |
| 2022-03-24 | CVE-2022-27076 | Command Injection vulnerability in Tenda M3 Firmware 1.0.0.12(4856) Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/delAd. | 9.8 |
| 2022-03-24 | CVE-2022-27077 | Command Injection vulnerability in Tenda M3 Firmware 1.0.0.12(4856) Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /cgi-bin/uploadWeiXinPic. | 9.8 |
| 2022-03-24 | CVE-2022-27078 | Command Injection vulnerability in Tenda M3 Firmware 1.0.0.12(4856) Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setAdInfoDetail. | 9.8 |