Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-04 | CVE-2021-1316 | OS Command Injection vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. | 7.2 |
| 2021-02-04 | CVE-2021-1315 | OS Command Injection vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. | 7.2 |
| 2021-02-04 | CVE-2021-1314 | OS Command Injection vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. | 7.2 |
| 2021-02-03 | CVE-2020-2507 | OS Command Injection vulnerability in Qnap Helpdesk The vulnerability have been reported to affect earlier versions of QTS. | 9.8 |
| 2021-02-02 | CVE-2021-21289 | OS Command Injection vulnerability in multiple products Mechanize is an open-source ruby library that makes automated web interaction easy. | 8.3 |
| 2021-02-02 | CVE-2021-25310 | OS Command Injection vulnerability in Belkin Linksys Wrt160Nl Firmware 1.0.04.002Us20130619 The administration web interface on Belkin Linksys WRT160NL 1.0.04.002_US_20130619 devices allows remote authenticated attackers to execute system commands with root privileges via shell metacharacters in the ui_language POST parameter to the apply.cgi form endpoint. | 8.8 |
| 2021-02-02 | CVE-2020-18568 | OS Command Injection vulnerability in Dlink Dsr-1000N Firmware and Dsr-250 Firmware The D-Link DSR-250 (3.14) DSR-1000N (2.11B201) UPnP service contains a command injection vulnerability, which can cause remote command execution. | 9.8 |
| 2021-02-02 | CVE-2020-25506 | OS Command Injection vulnerability in Dlink Dns-320 Firmware 2.06B01 D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the system_mgr.cgi component, which can lead to remote arbitrary code execution. | 9.8 |
| 2021-02-02 | CVE-2020-25036 | OS Command Injection vulnerability in Ucopia Wireless Appliance 6.0.5 UCOPIA Wi-Fi appliances 6.0.5 allow authenticated remote attackers to escape the restricted administration shell CLI, and access a shell with admin user rights, via an unprotected less command. | 8.8 |
| 2021-01-28 | CVE-2020-5626 | OS Command Injection vulnerability in Infoscience ELC Analytics and Logstorage Logstorage version 8.0.0 and earlier, and ELC Analytics version 3.0.0 and earlier allow remote attackers to execute arbitrary OS commands via a specially crafted log file. | 8.8 |