Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-01 | CVE-2021-32933 | OS Command Injection vulnerability in Auvesy-Mdt Autosave and Autosave for System Platform An attacker could leverage an API to pass along a malicious file that could then manipulate the process creation command line in MDT AutoSave versions prior to v6.02.06 and run a command line argument. | 9.8 |
| 2022-04-01 | CVE-2021-32974 | OS Command Injection vulnerability in Moxa products Improper input validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to execute commands. | 9.8 |
| 2022-04-01 | CVE-2022-25017 | OS Command Injection vulnerability in Hitrontech Chita Firmware 7.2.2.0.3B6Cd Hitron CHITA 7.2.2.0.3b6-CD devices contain a command injection vulnerability via the Device/DDNS ddnsUsername field. | 8.8 |
| 2022-03-31 | CVE-2022-22986 | OS Command Injection vulnerability in Ntt-East products Netcommunity OG410X and OG810X series (Netcommunity OG410Xa, OG410Xi, OG810Xa, and OG810Xi firmware Ver.2.28 and earlier) allow an attacker on the adjacent network to execute an arbitrary OS command via a specially crafted config file. | 8.8 |
| 2022-03-30 | CVE-2021-46007 | OS Command Injection vulnerability in Totolink Ar3100R Firmware 5.9C.4577 totolink a3100r V5.9c.4577 is vulnerable to os command injection. | 9.8 |
| 2022-03-28 | CVE-2022-26258 | OS Command Injection vulnerability in Dlink Dir-820L Firmware 1.05 D-Link DIR-820L 1.05B03 was discovered to contain remote command execution (RCE) vulnerability via HTTP POST to get set ccp. | 9.8 |
| 2022-03-26 | CVE-2022-27945 | OS Command Injection vulnerability in Netgear R8500 Firmware 1.0.2.158 NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to password.cgi. | 8.8 |
| 2022-03-26 | CVE-2022-27946 | OS Command Injection vulnerability in Netgear R8500 Firmware 1.0.2.158 NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to admin_account.cgi. | 8.8 |
| 2022-03-26 | CVE-2022-27947 | OS Command Injection vulnerability in Netgear R8500 Firmware 1.0.2.158 NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the ipv6_fix.cgi ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, or ipv6_lan_length parameter. | 8.8 |
| 2022-03-24 | CVE-2022-27811 | OS Command Injection vulnerability in Gnome Ocrfeeder GNOME OCRFeeder before 0.8.4 allows OS command injection via shell metacharacters in a PDF or image filename. | 9.8 |