Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-18 | CVE-2021-23374 | OS Command Injection vulnerability in Ps-Visitor Project Ps-Visitor This affects all versions of package ps-visitor. | 9.8 |
| 2021-04-16 | CVE-2021-27692 | OS Command Injection vulnerability in Tendacn G1 Firmware and G3 Firmware Command Injection in Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted "action/umountUSBPartition" request. | 9.8 |
| 2021-04-16 | CVE-2021-27691 | OS Command Injection vulnerability in Tendacn G0 Firmware, G1 Firmware and G3 Firmware Command Injection in Tenda G0 routers with firmware versions v15.11.0.6(9039)_CN and v15.11.0.5(5876)_CN , and Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted action/setDebugCfg request. | 9.8 |
| 2021-04-14 | CVE-2021-29449 | OS Command Injection vulnerability in Pi-Hole Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. | 7.8 |
| 2021-04-14 | CVE-2021-27710 | OS Command Injection vulnerability in Totolink A720R Firmware and X5000R Firmware Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. | 9.8 |
| 2021-04-14 | CVE-2021-27708 | OS Command Injection vulnerability in Totolink A720R Firmware and X5000R Firmware Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. | 9.8 |
| 2021-04-14 | CVE-2021-27113 | OS Command Injection vulnerability in Dlink Dir-816 Firmware 1.10B05 An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. | 9.8 |
| 2021-04-13 | CVE-2020-27227 | OS Command Injection vulnerability in Openclinic GA Project Openclinic GA 5.173.3 An exploitable unatuhenticated command injection exists in the OpenClinic GA 5.173.3. | 9.8 |
| 2021-04-13 | CVE-2021-29003 | OS Command Injection vulnerability in Genexis Platinum 4410 Firmware P4410V21.28 Genexis PLATINUM 4410 2.1 P4410-V2-1.28 devices allow remote attackers to execute arbitrary code via shell metacharacters to sys_config_valid.xgi, as demonstrated by the sys_config_valid.xgi?exeshell=%60telnetd%20%26%60 URI. | 9.8 |
| 2021-04-12 | CVE-2021-29379 | OS Command Injection vulnerability in Dlink Dir-802 Firmware 1.00B05 An issue was discovered on D-Link DIR-802 A1 devices through 1.00b05. | 8.8 |