Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-10 | CVE-2022-28906 | OS Command Injection vulnerability in Totolink N600R Firmware 5.3C.7159B20190425 TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the langtype parameter in /setting/setLanguageCfg. | 9.8 |
| 2022-05-10 | CVE-2022-28907 | OS Command Injection vulnerability in Totolink N600R Firmware 5.3C.7159B20190425 TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the hosttime function in /setting/NTPSyncWithHost. | 9.8 |
| 2022-05-10 | CVE-2022-28908 | OS Command Injection vulnerability in Totolink N600R Firmware 5.3C.7159B20190425 TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the ipdoamin parameter in /setting/setDiagnosisCfg. | 9.8 |
| 2022-05-10 | CVE-2022-28909 | OS Command Injection vulnerability in Totolink N600R Firmware 5.3C.7159B20190425 TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the webwlanidx parameter in /setting/setWebWlanIdx. | 9.8 |
| 2022-05-10 | CVE-2022-28910 | OS Command Injection vulnerability in Totolink N600R Firmware 5.3C.7159B20190425 TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the devicename parameter in /setting/setDeviceName. | 9.8 |
| 2022-05-10 | CVE-2022-28911 | OS Command Injection vulnerability in Totolink N600R Firmware 5.3C.7159B20190425 TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/CloudACMunualUpdate. | 9.8 |
| 2022-05-10 | CVE-2022-28912 | OS Command Injection vulnerability in Totolink N600R Firmware 5.3C.7159B20190425 TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUpgradeFW. | 9.8 |
| 2022-05-10 | CVE-2022-28913 | OS Command Injection vulnerability in Totolink N600R Firmware 5.3C.7159B20190425 TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUploadSetting. | 9.8 |
| 2022-05-10 | CVE-2022-28915 | OS Command Injection vulnerability in Dlink Dir-816 Firmware 1.10Cnb04 D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a command injection vulnerability via the admuser and admpass parameters in /goform/setSysAdm. | 9.8 |
| 2022-05-09 | CVE-2022-27224 | OS Command Injection vulnerability in Galsys Nts-6002-Gps Firmware 4.14.103Galleonnts6002.V124 An issue was discovered in Galleon NTS-6002-GPS 4.14.103-Galleon-NTS-6002.V12 4. | 7.2 |