Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2022-05-12 CVE-2022-30525 OS Command Injection vulnerability in Zyxel products
A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware versions 4.60 through 5.21 Patch 1, which could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device.
network
low complexity
zyxel CWE-78
critical
9.8
2022-05-11 CVE-2021-30361 OS Command Injection vulnerability in Checkpoint Gaia OS and Gaia Portal
The Check Point Gaia Portal's GUI Clients allowed authenticated administrators with permission for the GUI Clients settings to inject a command that would run on the Gaia OS.
local
low complexity
checkpoint CWE-78
6.7
2022-05-10 CVE-2022-22454 OS Command Injection vulnerability in IBM Infosphere Information Server on Cloud 11.7
IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
local
low complexity
ibm CWE-78
7.8
2022-05-10 CVE-2022-28895 OS Command Injection vulnerability in Dlink Dir-882 Firmware 1.30B06
A command injection vulnerability in the component /setnetworksettings/IPAddress of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload.
network
low complexity
dlink CWE-78
critical
9.8
2022-05-10 CVE-2022-28896 OS Command Injection vulnerability in Dlink Dir-882 Firmware 1.30B06
A command injection vulnerability in the component /setnetworksettings/SubnetMask of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload.
network
low complexity
dlink CWE-78
critical
9.8
2022-05-10 CVE-2022-28901 OS Command Injection vulnerability in Dlink Dir-882 Firmware 1.30B06
A command injection vulnerability in the component /SetTriggerLEDBlink/Blink of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload.
network
low complexity
dlink CWE-78
critical
9.8
2022-05-10 CVE-2022-28905 OS Command Injection vulnerability in Totolink N600R Firmware 5.3C.7159B20190425
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the devicemac parameter in /setting/setDeviceName.
network
low complexity
totolink CWE-78
critical
9.8
2022-05-10 CVE-2022-28906 OS Command Injection vulnerability in Totolink N600R Firmware 5.3C.7159B20190425
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the langtype parameter in /setting/setLanguageCfg.
network
low complexity
totolink CWE-78
critical
9.8
2022-05-10 CVE-2022-28907 OS Command Injection vulnerability in Totolink N600R Firmware 5.3C.7159B20190425
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the hosttime function in /setting/NTPSyncWithHost.
network
low complexity
totolink CWE-78
critical
9.8
2022-05-10 CVE-2022-28908 OS Command Injection vulnerability in Totolink N600R Firmware 5.3C.7159B20190425
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the ipdoamin parameter in /setting/setDiagnosisCfg.
network
low complexity
totolink CWE-78
critical
9.8