Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2021-12-09 CVE-2021-20138 OS Command Injection vulnerability in Gryphonconnect Gryphon Tower Firmware
An unauthenticated command injection vulnerability exists in multiple parameters in the Gryphon Tower router’s web interface at /cgi-bin/luci/rc.
low complexity
gryphonconnect CWE-78
8.8
2021-12-09 CVE-2021-20139 OS Command Injection vulnerability in Gryphonconnect Gryphon Tower Firmware
An unauthenticated command injection vulnerability exists in the parameters of operation 3 in the controller_server service on Gryphon Tower routers.
low complexity
gryphonconnect CWE-78
8.8
2021-12-09 CVE-2021-20140 OS Command Injection vulnerability in Gryphonconnect Gryphon Tower Firmware
An unauthenticated command injection vulnerability exists in the parameters of operation 10 in the controller_server service on Gryphon Tower routers.
low complexity
gryphonconnect CWE-78
8.8
2021-12-09 CVE-2021-20141 OS Command Injection vulnerability in Gryphonconnect Gryphon Tower Firmware
An unauthenticated command injection vulnerability exists in the parameters of operation 32 in the controller_server service on Gryphon Tower routers.
low complexity
gryphonconnect CWE-78
8.8
2021-12-09 CVE-2021-20142 OS Command Injection vulnerability in Gryphonconnect Gryphon Tower Firmware
An unauthenticated command injection vulnerability exists in the parameters of operation 41 in the controller_server service on Gryphon Tower routers.
low complexity
gryphonconnect CWE-78
8.8
2021-12-09 CVE-2021-20143 OS Command Injection vulnerability in Gryphonconnect Gryphon Tower Firmware
An unauthenticated command injection vulnerability exists in the parameters of operation 48 in the controller_server service on Gryphon Tower routers.
low complexity
gryphonconnect CWE-78
8.8
2021-12-09 CVE-2021-20144 OS Command Injection vulnerability in Gryphonconnect Gryphon Tower Firmware
An unauthenticated command injection vulnerability exists in the parameters of operation 49 in the controller_server service on Gryphon Tower routers.
low complexity
gryphonconnect CWE-78
8.8
2021-12-09 CVE-2021-21954 OS Command Injection vulnerability in Anker Eufy Homebase 2 Firmware 2.1.6.9H
A command execution vulnerability exists in the wifi_country_code_update functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h.
network
low complexity
anker CWE-78
critical
9.9
2021-12-09 CVE-2021-42759 OS Command Injection vulnerability in Fortinet Meru Firmware
A violation of secure design principles in Fortinet Meru AP version 8.6.1 and below, version 8.5.5 and below allows attacker to execute unauthorized code or commands via crafted cli commands.
local
low complexity
fortinet CWE-78
6.7
2021-12-08 CVE-2021-23862 OS Command Injection vulnerability in Bosch products
A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context.
network
low complexity
bosch CWE-78
7.2