Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-26 | CVE-2021-46560 | Command Injection vulnerability in Moxa Tn-5900 Firmware 3.1 The firmware on Moxa TN-5900 devices through 3.1 allows command injection that could lead to device damage. | 9.8 |
| 2022-01-20 | CVE-2021-44735 | Command Injection vulnerability in Lexmark products Embedded web server command injection vulnerability in Lexmark devices through 2021-12-07. | 9.8 |
| 2022-01-18 | CVE-2021-33965 | Command Injection vulnerability in Chinamobile AN Lianbao Wf-1 Firmware 1.0.1 China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /api/ZRMesh/set_ZRMesh which receives parameters by POST request, and the parameter mesh_enable and mesh_device have a command injection vulnerability. | 8.8 |
| 2022-01-18 | CVE-2021-33964 | Command Injection vulnerability in Chinamobile AN Lianbao Wf-1 Firmware 1.0.1 China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /api/ZRRuleFilter/set_firewall_level which receives parameters by POST request, and the parameter firewall_level has a command injection vulnerability. | 8.8 |
| 2022-01-15 | CVE-2021-33963 | Command Injection vulnerability in Chinamobile AN Lianbao Wf-1 Firmware 1.0.1 China Mobile An Lianbao WF-1 v1.0.1 router web interface through /api/ZRMacClone/mac_addr_clone receives parameters by POST request, and the parameter macType has a command injection vulnerability. | 9.8 |
| 2022-01-13 | CVE-2022-22991 | Command Injection vulnerability in Westerndigital MY Cloud OS A malicious user on the same LAN could use DNS spoofing followed by a command injection attack to trick a NAS device into loading through an unsecured HTTP call. | 8.8 |
| 2022-01-12 | CVE-2021-42559 | Command Injection vulnerability in Mitre Caldera An issue was discovered in CALDERA 2.8.1. | 8.8 |
| 2022-01-06 | CVE-2021-45456 | Command Injection vulnerability in Apache Kylin 4.0.0 Apache kylin checks the legitimacy of the project before executing some commands with the project name passed in by the user. | 9.8 |
| 2022-01-04 | CVE-2021-43711 | Command Injection vulnerability in Totolink Ex200 Firmware 4.0.3C.7646B20201211 The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646_B20201211 has a command injection vulnerability when receiving GET parameters. | 9.8 |
| 2021-12-30 | CVE-2021-20167 | Command Injection vulnerability in Netgear Rax43 Firmware 1.0.3.96 Netgear RAX43 version 1.0.3.96 contains a command injection vulnerability. | 8.0 |