Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-29 | CVE-2021-25812 | Command Injection vulnerability in Chinamobile AN Lianbao Wf-1 Firmware 1.0.1 Command injection vulnerability in China Mobile An Lianbao WF-1 1.01 via the 'ip' parameter with a POST request to /api/ZRQos/set_online_client. | 9.8 |
| 2021-04-25 | CVE-2021-31726 | Command Injection vulnerability in Akuvox C315 Firmware 115.116.2613 Akuvox C315 115.116.2613 allows remote command Injection via the cfgd_server service. | 9.8 |
| 2021-04-23 | CVE-2020-7034 | Command Injection vulnerability in Avaya Session Border Controller for Enterprise A command injection vulnerability in Avaya Session Border Controller for Enterprise could allow an authenticated, remote attacker to send specially crafted messages and execute arbitrary commands with the affected system privileges. | 8.8 |
| 2021-04-19 | CVE-2021-20527 | Command Injection vulnerability in IBM Resilient IBM Resilient SOAR V38.0 could allow a privileged user to create create malicious scripts that could be executed as another user. | 7.2 |
| 2021-04-19 | CVE-2021-20991 | Command Injection vulnerability in Fibaro Home Center 2 Firmware and Home Center Lite Firmware In Fibaro Home Center 2 and Lite devices with firmware version 4.540 and older an authenticated user can run commands as root user using a command injection vulnerability. | 8.8 |
| 2021-04-17 | CVE-2020-2509 | Command Injection vulnerability in Qnap QTS A command injection vulnerability has been reported to affect QTS and QuTS hero. | 9.8 |
| 2021-04-08 | CVE-2021-29154 | Command Injection vulnerability in multiple products BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. | 7.8 |
| 2021-03-29 | CVE-2020-25217 | Command Injection vulnerability in Grandstream products Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allows Command Injection as root in its administrative web interface. | 7.2 |
| 2021-03-25 | CVE-2020-10580 | Command Injection vulnerability in Invigo Automatic Device Management 5.0 A command injection on the /admin/broadcast.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote authenticated attackers to execute arbitrary PHP code on the server as the user running the application. | 8.8 |
| 2021-03-23 | CVE-2021-29079 | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 9.6 |