Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-27 | CVE-2021-34349 | Command Injection vulnerability in Qnap QVR A command injection vulnerability has been reported to affect QNAP device running QVR. | 7.2 |
| 2021-09-27 | CVE-2021-34351 | Command Injection vulnerability in Qnap QVR A command injection vulnerability has been reported to affect QNAP device running QVR. | 9.8 |
| 2021-09-22 | CVE-2019-6288 | Command Injection vulnerability in Edge-Core Ecs2020 Firmware 1.0.0.0 Edgecore ECS2020 Firmware 1.0.0.0 devices allow Unauthenticated Command Injection via the command1 HTTP header to the /EXCU_SHELL URI. | 9.8 |
| 2021-09-21 | CVE-2021-28960 | Command Injection vulnerability in Manageengine Desktop Central 10.0.282/5.65 Zoho ManageEngine Desktop Central before build 10.0.683 allows unauthenticated command injection due to improper handling of an input command in on-demand operations. | 9.8 |
| 2021-09-17 | CVE-2021-41383 | Command Injection vulnerability in Netgear R6020 Firmware 1.0.0.48 setup.cgi on NETGEAR R6020 1.0.0.48 devices allows an admin to execute arbitrary shell commands via shell metacharacters in the ntp_server field. | 7.2 |
| 2021-09-16 | CVE-2020-14119 | Command Injection vulnerability in MI Ax3600 There is command injection in the addMeshNode interface of xqnetwork.lua, which leads to command execution under administrator authority on Xiaomi router AX3600 with rom versionrom< 1.1.12 | 9.8 |
| 2021-09-16 | CVE-2020-14109 | Command Injection vulnerability in MI Ax3600 Firmware 1.0.50/1.0.67/1.1.12 There is command injection in the meshd program in the routing system, resulting in command execution under administrator authority on Xiaomi router AX3600 with ROM version =< 1.1.12 | 7.2 |
| 2021-09-15 | CVE-2020-19151 | Command Injection vulnerability in Jflyfox Jfinal CMS Command Injection in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code by uploading a malicious HTML template file via the component 'jfinal_cms/admin/filemanager/list'. | 8.8 |
| 2021-09-07 | CVE-2021-37145 | Command Injection vulnerability in Poly Cx5100 Firmware and Cx5500 Firmware A command-injection vulnerability in an authenticated Telnet connection in Poly (formerly Polycom) CX5500 and CX5100 1.3.5 leads an attacker to Privilege Escalation and Remote Code Execution capability. | 7.2 |
| 2021-09-07 | CVE-2021-37717 | Command Injection vulnerability in multiple products A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16. | 7.2 |