Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-15 | CVE-2022-27003 | OS Command Injection vulnerability in Totolink A7000R Firmware and X5000R Firmware Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the Tunnel 6rd function via the relay6rd parameter. | 9.8 |
| 2022-03-15 | CVE-2022-27004 | OS Command Injection vulnerability in Totolink A7000R Firmware and X5000R Firmware Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the Tunnel 6in4 function via the remote6in4 parameter. | 9.8 |
| 2022-03-15 | CVE-2022-27005 | OS Command Injection vulnerability in Totolink A7000R Firmware and X5000R Firmware Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the setWanCfg function via the hostName parameter. | 9.8 |
| 2022-03-11 | CVE-2022-25621 | OS Command Injection vulnerability in NEC products UUNIVERGE WA 1020 Ver8.2.11 and prior, UNIVERGE WA 1510 Ver8.2.11 and prior, UNIVERGE WA 1511 Ver8.2.11 and prior, UNIVERGE WA 1512 Ver8.2.11 and prior, UNIVERGE WA 2020 Ver8.2.11 and prior, UNIVERGE WA 2021 Ver8.2.11 and prior, UNIVERGE WA 2610-AP Ver8.2.11 and prior, UNIVERGE WA 2611-AP Ver8.2.11 and prior, UNIVERGE WA 2611E-AP Ver8.2.11 and prior, UNIVERGE WA WA2612-AP Ver8.2.11 and prior allows a remote attacker to execute arbitrary OS commands. | 9.8 |
| 2022-03-10 | CVE-2022-24193 | OS Command Injection vulnerability in Icewhale Casaos CasaOS before v0.2.7 was discovered to contain a command injection vulnerability. | 9.8 |
| 2022-03-06 | CVE-2021-46704 | OS Command Injection vulnerability in Genieacs In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument (lib/ui/api.ts and lib/ping.ts). | 9.8 |
| 2022-03-04 | CVE-2021-44827 | OS Command Injection vulnerability in Tp-Link Archer C20I Firmware There is remote authenticated OS command injection on TP-Link Archer C20i 0.9.1 3.2 v003a.0 Build 170221 Rel.55462n devices vie the X_TP_ExternalIPv6Address HTTP parameter, allowing a remote attacker to run arbitrary commands on the router with root privileges. | 8.8 |
| 2022-03-04 | CVE-2022-0848 | OS Command Injection vulnerability in Part-Db Project Part-Db OS Command Injection in GitHub repository part-db/part-db prior to 0.5.11. | 9.8 |
| 2022-03-03 | CVE-2022-24725 | OS Command Injection vulnerability in Shescape Project Shescape 1.4.0/1.5.0 Shescape is a shell escape package for JavaScript. | 5.5 |
| 2022-03-03 | CVE-2022-0841 | OS Command Injection vulnerability in Npm-Lockfile Project Npm-Lockfile 2.0.3/2.0.4 OS Command Injection in GitHub repository ljharb/npm-lockfile in v2.0.3 and v2.0.4. | 9.8 |