Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-12-09 | CVE-2021-20138 | OS Command Injection vulnerability in Gryphonconnect Gryphon Tower Firmware An unauthenticated command injection vulnerability exists in multiple parameters in the Gryphon Tower router’s web interface at /cgi-bin/luci/rc. | 8.8 |
2021-12-09 | CVE-2021-20139 | OS Command Injection vulnerability in Gryphonconnect Gryphon Tower Firmware An unauthenticated command injection vulnerability exists in the parameters of operation 3 in the controller_server service on Gryphon Tower routers. | 8.8 |
2021-12-09 | CVE-2021-20140 | OS Command Injection vulnerability in Gryphonconnect Gryphon Tower Firmware An unauthenticated command injection vulnerability exists in the parameters of operation 10 in the controller_server service on Gryphon Tower routers. | 8.8 |
2021-12-09 | CVE-2021-20141 | OS Command Injection vulnerability in Gryphonconnect Gryphon Tower Firmware An unauthenticated command injection vulnerability exists in the parameters of operation 32 in the controller_server service on Gryphon Tower routers. | 8.8 |
2021-12-09 | CVE-2021-20142 | OS Command Injection vulnerability in Gryphonconnect Gryphon Tower Firmware An unauthenticated command injection vulnerability exists in the parameters of operation 41 in the controller_server service on Gryphon Tower routers. | 8.8 |
2021-12-09 | CVE-2021-20143 | OS Command Injection vulnerability in Gryphonconnect Gryphon Tower Firmware An unauthenticated command injection vulnerability exists in the parameters of operation 48 in the controller_server service on Gryphon Tower routers. | 8.8 |
2021-12-09 | CVE-2021-20144 | OS Command Injection vulnerability in Gryphonconnect Gryphon Tower Firmware An unauthenticated command injection vulnerability exists in the parameters of operation 49 in the controller_server service on Gryphon Tower routers. | 8.8 |
2021-12-09 | CVE-2021-21954 | OS Command Injection vulnerability in Anker Eufy Homebase 2 Firmware 2.1.6.9H A command execution vulnerability exists in the wifi_country_code_update functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. | 9.9 |
2021-12-09 | CVE-2021-42759 | OS Command Injection vulnerability in Fortinet Meru Firmware A violation of secure design principles in Fortinet Meru AP version 8.6.1 and below, version 8.5.5 and below allows attacker to execute unauthorized code or commands via crafted cli commands. | 6.7 |
2021-12-08 | CVE-2021-23862 | OS Command Injection vulnerability in Bosch products A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context. | 7.2 |