Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-12 | CVE-2024-42744 | OS Command Injection vulnerability in Totolink X5000R Firmware 9.1.0U.6369B20230113 In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setModifyVpnUser. | 8.8 |
| 2024-08-12 | CVE-2024-42745 | OS Command Injection vulnerability in Totolink X5000R Firmware 9.1.0U.6369B20230113 In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUPnPCfg. | 8.8 |
| 2024-08-12 | CVE-2024-42747 | OS Command Injection vulnerability in Totolink X5000R Firmware 9.1.0U.6369B20230113 In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWanIeCfg. | 8.8 |
| 2024-08-12 | CVE-2024-42748 | OS Command Injection vulnerability in Totolink X5000R Firmware 9.1.0U.6369B20230113 In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWiFiWpsCfg. | 8.8 |
| 2024-08-12 | CVE-2024-39091 | OS Command Injection vulnerability in Annke Crater 2 Firmware 5.4.1.221222153318 An OS command injection vulnerability in the ccm_debug component of MIPC Camera firmware prior to v5.4.1.240424171021 allows attackers within the same network to execute arbitrary code via a crafted HTML request. | 8.8 |
| 2024-08-12 | CVE-2024-6917 | OS Command Injection vulnerability in Veribase Order Management Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Veribilim Software Veribase Order Management allows OS Command Injection.This issue affects Veribase Order Management: before v4.010.2. | 9.8 |
| 2024-08-12 | CVE-2024-21878 | OS Command Injection vulnerability in Enphase IQ Gateway Firmware Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Enphase IQ Gateway (formerly known as Envoy) allows OS Command Injection. | 9.8 |
| 2024-08-12 | CVE-2024-21879 | OS Command Injection vulnerability in Enphase IQ Gateway Firmware Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability through an url parameter of an authenticated enpoint in Enphase IQ Gateway (formerly known as Envoy) allows OS Command Injection.This issue affects Envoy: from 4.x to 8.x and < 8.2.4225. | 8.8 |
| 2024-08-12 | CVE-2024-21880 | OS Command Injection vulnerability in Enphase IQ Gateway Firmware Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability via the url parameter of an authenticated enpoint in Enphase IQ Gateway (formerly known as Enphase) allows OS Command Injection.This issue affects Envoy: 4.x <= 7.x | 7.2 |
| 2024-08-12 | CVE-2024-42166 | OS Command Injection vulnerability in Fiware Keyrock The function "generate_app_certificates" in lib/app_certificates.js of FIWARE Keyrock <= 8.4 does not neutralize special elements used in an OS Command properly. | 7.2 |