Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-30 | CVE-2021-20159 | OS Command Injection vulnerability in Trendnet Tew-827Dru Firmware 2.08B01 Trendnet AC2600 TEW-827DRU version 2.08B01 is vulnerable to command injection. | 8.8 |
| 2021-12-30 | CVE-2021-20160 | OS Command Injection vulnerability in Trendnet Tew-827Dru Firmware 2.08B01 Trendnet AC2600 TEW-827DRU version 2.08B01 contains a command injection vulnerability in the smb functionality of the device. | 8.8 |
| 2021-12-30 | CVE-2021-20173 | OS Command Injection vulnerability in Netgear R6700 Firmware 1.0.4.120 Netgear Nighthawk R6700 version 1.0.4.120 contains a command injection vulnerability in update functionality of the device. | 8.8 |
| 2021-12-28 | CVE-2021-35031 | OS Command Injection vulnerability in Zyxel products A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands via the GUI of the vulnerable device. | 8.0 |
| 2021-12-28 | CVE-2021-35032 | OS Command Injection vulnerability in Zyxel products A vulnerability in the 'libsal.so' of the Zyxel GS1900 series firmware version 2.60 could allow an authenticated local user to execute arbitrary OS commands via a crafted function call. | 7.8 |
| 2021-12-26 | CVE-2021-45602 | OS Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 7.8 |
| 2021-12-23 | CVE-2021-3621 | OS Command Injection vulnerability in multiple products A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. | 8.8 |
| 2021-12-23 | CVE-2021-4144 | OS Command Injection vulnerability in Tp-Link Tl-Wr802N Firmware TP-Link wifi router TL-WR802N V4(JP), with firmware version prior to 211202, is vulnerable to OS command injection. | 8.8 |
| 2021-12-22 | CVE-2021-21872 | OS Command Injection vulnerability in Lantronix Premierwave 2050 Firmware 8.9.0.0 An OS command injection vulnerability exists in the Web Manager Diagnostics: Traceroute functionality of Lantronix PremierWave 2050 8.9.0.0R4. | 9.9 |
| 2021-12-22 | CVE-2021-21873 | OS Command Injection vulnerability in Lantronix Premierwave 2050 Firmware 8.9.0.0 A specially-crafted HTTP request can lead to arbitrary command execution in RSA keypasswd parameter. | 9.1 |