Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-12 | CVE-2022-30525 | OS Command Injection vulnerability in Zyxel products A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware versions 4.60 through 5.21 Patch 1, which could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device. | 9.8 |
| 2022-05-11 | CVE-2021-30361 | OS Command Injection vulnerability in Checkpoint Gaia OS and Gaia Portal The Check Point Gaia Portal's GUI Clients allowed authenticated administrators with permission for the GUI Clients settings to inject a command that would run on the Gaia OS. | 6.7 |
| 2022-05-10 | CVE-2022-22454 | OS Command Injection vulnerability in IBM Infosphere Information Server on Cloud 11.7 IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | 7.8 |
| 2022-05-10 | CVE-2022-28895 | OS Command Injection vulnerability in Dlink Dir-882 Firmware 1.30B06 A command injection vulnerability in the component /setnetworksettings/IPAddress of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload. | 9.8 |
| 2022-05-10 | CVE-2022-28896 | OS Command Injection vulnerability in Dlink Dir-882 Firmware 1.30B06 A command injection vulnerability in the component /setnetworksettings/SubnetMask of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload. | 9.8 |
| 2022-05-10 | CVE-2022-28901 | OS Command Injection vulnerability in Dlink Dir-882 Firmware 1.30B06 A command injection vulnerability in the component /SetTriggerLEDBlink/Blink of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload. | 9.8 |
| 2022-05-10 | CVE-2022-28905 | OS Command Injection vulnerability in Totolink N600R Firmware 5.3C.7159B20190425 TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the devicemac parameter in /setting/setDeviceName. | 9.8 |
| 2022-05-10 | CVE-2022-28906 | OS Command Injection vulnerability in Totolink N600R Firmware 5.3C.7159B20190425 TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the langtype parameter in /setting/setLanguageCfg. | 9.8 |
| 2022-05-10 | CVE-2022-28907 | OS Command Injection vulnerability in Totolink N600R Firmware 5.3C.7159B20190425 TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the hosttime function in /setting/NTPSyncWithHost. | 9.8 |
| 2022-05-10 | CVE-2022-28908 | OS Command Injection vulnerability in Totolink N600R Firmware 5.3C.7159B20190425 TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the ipdoamin parameter in /setting/setDiagnosisCfg. | 9.8 |