Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2022-05-04 CVE-2022-28557 OS Command Injection vulnerability in Tenda Ac15 Firmware 15.03.05.20Multitde01
There is a command injection vulnerability at the /goform/setsambacfg interface of Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin device web, which can also cooperate with CVE-2021-44971 to cause unconditional arbitrary command execution
network
low complexity
tenda CWE-78
critical
9.8
2022-05-04 CVE-2022-27903 OS Command Injection vulnerability in Eve-Ng 2.0.3112/4.0.165
An OS Command Injection vulnerability in the configuration parser of Eve-NG Professional through 4.0.1-65 and Eve-NG Community through 2.0.3-112 allows a remote authenticated attacker to execute commands as root by editing virtualization command parameters of imported UNL files.
network
low complexity
eve-ng CWE-78
8.8
2022-05-04 CVE-2022-28055 OS Command Injection vulnerability in Fusionpbx
Fusionpbx v4.4 and below contains a command injection vulnerability via the download email logs function.
network
low complexity
fusionpbx CWE-78
critical
9.8
2022-05-04 CVE-2021-43164 OS Command Injection vulnerability in Ruijienetworks Reyeeos
A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the updateVersion function in /cgi-bin/luci/api/wireless.
network
low complexity
ruijienetworks CWE-78
8.8
2022-05-03 CVE-2022-1292 OS Command Injection vulnerability in multiple products
The c_rehash script does not properly sanitise shell metacharacters to prevent command injection.
network
low complexity
openssl debian netapp oracle fedoraproject CWE-78
critical
9.8
2022-05-03 CVE-2021-42165 OS Command Injection vulnerability in Mitrastar Gpt-2541Gnac-N1 Firmware Brg3.5100Vnz0B33
MitraStar GPT-2541GNAC-N1 (HGU) 100VNZ0b33 devices allow remote authenticated users to obtain root access by executing command "deviceinfo show file &&/bin/bash" because of incorrect sanitization of parameter "path".
network
low complexity
mitrastar CWE-78
8.8
2022-05-02 CVE-2022-28573 OS Command Injection vulnerability in Dlink Dir-823 PRO Firmware 1.0.2
D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetNTPserverSeting.
network
low complexity
dlink CWE-78
critical
9.8
2022-05-02 CVE-2022-28571 OS Command Injection vulnerability in Dlink Dir-882 Firmware 1.30B06
D-link 882 DIR882A1_FW130B06 was discovered to contain a command injection vulnerability in`/usr/bin/cli.
network
low complexity
dlink CWE-78
critical
9.8
2022-05-02 CVE-2022-28572 OS Command Injection vulnerability in Tenda Ax1803 Firmware and Ax1806 Firmware
Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability in `SetIPv6Status` function
network
low complexity
tenda CWE-78
8.8
2022-04-29 CVE-2022-29937 OS Command Injection vulnerability in USU Oracle Optimization 20210817
USU Oracle Optimization before 5.17.5 allows authenticated DataCollection users to achieve agent root access because some common OS commands are blocked but (for example) an OS command for base64 decoding is not blocked.
network
low complexity
usu CWE-78
8.8