Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-02 | CVE-2021-41000 | Command Injection vulnerability in HPE Arubaos-Cx Multiple authenticated remote code execution vulnerabilities were discovered in the AOS-CX command line interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below. | 8.8 |
| 2022-03-02 | CVE-2021-41001 | Command Injection vulnerability in HPE Arubaos-Cx An authenticated remote code execution vulnerability was discovered in the AOS-CX Network Analytics Engine (NAE) in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below. | 8.8 |
| 2022-02-25 | CVE-2021-44132 | Command Injection vulnerability in C-Data Onu4Ferw Project C-Data Onu4Ferw Firmware A command injection vulnerability in the function formImportOMCIShell of C-DATA ONU4FERW V2.1.13_X139 allows attackers to execute arbitrary commands via a crafted file. | 7.8 |
| 2022-02-25 | CVE-2021-40043 | Command Injection vulnerability in Huawei Ais-Bw80H-00 Firmware The laser command injection vulnerability exists on AIS-BW80H-00 versions earlier than AIS-BW80H-00 9.0.3.4(H100SP13C00). | 7.8 |
| 2022-02-24 | CVE-2021-39363 | Command Injection vulnerability in Honeywell Hbw2Per1 Firmware and Hdzp252Di Firmware Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allow a video replay attack after ARP cache poisoning has been achieved. | 9.8 |
| 2022-02-19 | CVE-2021-45082 | Command Injection vulnerability in multiple products An issue was discovered in Cobbler before 3.3.1. | 7.8 |
| 2022-02-19 | CVE-2022-25130 | Command Injection vulnerability in Totolink T10 Firmware and T6 Firmware A command injection vulnerability in the function updateWifiInfo of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows attackers to execute arbitrary commands via a crafted MQTT packet. | 9.8 |
| 2022-02-19 | CVE-2022-25131 | Command Injection vulnerability in Totolink T10 Firmware and T6 Firmware A command injection vulnerability in the function recvSlaveCloudCheckStatus of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows attackers to execute arbitrary commands via a crafted MQTT packet. | 9.8 |
| 2022-02-19 | CVE-2022-25132 | Command Injection vulnerability in Totolink T10 Firmware and T6 Firmware A command injection vulnerability in the function meshSlaveDlfw of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet. | 9.8 |
| 2022-02-19 | CVE-2022-25133 | Command Injection vulnerability in Totolink T6 Firmware V4.1.5Cu.748B20211015 A command injection vulnerability in the function isAssocPriDevice of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet. | 9.8 |