Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-19 | CVE-2022-25134 | Command Injection vulnerability in Totolink T6 Firmware V4.1.5Cu.748B20211015 A command injection vulnerability in the function setUpgradeFW of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet. | 9.8 |
| 2022-02-19 | CVE-2022-25135 | Command Injection vulnerability in Totolink T6 Firmware V4.1.5Cu.748B20211015 A command injection vulnerability in the function recv_mesh_info_sync of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet. | 9.8 |
| 2022-02-19 | CVE-2022-25136 | Command Injection vulnerability in Totolink T10 Firmware and T6 Firmware A command injection vulnerability in the function meshSlaveUpdate of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows attackers to execute arbitrary commands via a crafted MQTT packet. | 9.8 |
| 2022-02-19 | CVE-2022-25137 | Command Injection vulnerability in Totolink T10 Firmware and T6 Firmware A command injection vulnerability in the function recvSlaveUpgstatus of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows attackers to execute arbitrary commands via a crafted MQTT packet. | 9.8 |
| 2022-02-18 | CVE-2021-45401 | Command Injection vulnerability in Tendacn Ac10U Firmware 15.03.06.49Multi A Command injection vulnerability exists in Tenda AC10U AC1200 Smart Dual-band Wireless Router AC10U V1.0 Firmware V15.03.06.49_multi via the setUsbUnload functionality. | 9.8 |
| 2022-02-15 | CVE-2021-41552 | Command Injection vulnerability in Commscope products CommScope SURFboard SBG6950AC2 9.1.103AA23 devices allow Command Injection. | 8.8 |
| 2022-02-14 | CVE-2019-16864 | Command Injection vulnerability in Enterprisedt Completeftp Server CompleteFTPService.exe in the server in EnterpriseDT CompleteFTP before 12.1.4 allows Remote Code Execution by leveraging a Windows user account that has SSH access. | 8.8 |
| 2022-02-04 | CVE-2021-44247 | Command Injection vulnerability in Totolink A3100R Firmware, A720R Firmware and A830R Firmware Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B20191112, and A720R v4.1.5cu.470_B20200911 were discovered to contain command injection vulnerability in the function setNoticeCfg. | 9.8 |
| 2022-02-04 | CVE-2021-44880 | Command Injection vulnerability in Dlink Dir-878 Firmware and Dir-882 Firmware D-Link devices DIR_878 DIR_878_FW1.30B08_Hotfix_02 and DIR_882 DIR_882_FW1.30B06_Hotfix_02 were discovered to contain a command injection vulnerability in the system function. | 9.8 |
| 2022-02-04 | CVE-2021-44881 | Command Injection vulnerability in Dlink Dir-882 Firmware D-Link device DIR_882 DIR_882_FW1.30B06_Hotfix_02 was discovered to contain a command injection vulnerability in the twsystem function. | 9.8 |