Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-29 | CVE-2021-30230 | OS Command Injection vulnerability in Chinamobile AN Lianbao Wf-1 Firmware 1.0.1 The api/ZRFirmware/set_time_zone interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the zonename parameter. | 9.8 |
| 2021-04-29 | CVE-2021-30229 | OS Command Injection vulnerability in Chinamobile AN Lianbao Wf-1 Firmware 1.0.1 The api/zrDm/set_zrDm interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the dm_enable, AppKey, or Pwd parameter. | 8.8 |
| 2021-04-29 | CVE-2020-21992 | OS Command Injection vulnerability in Inim products Inim Electronics SmartLiving SmartLAN/G/SI <=6.x suffers from an authenticated remote command injection vulnerability. | 8.8 |
| 2021-04-29 | CVE-2021-29147 | OS Command Injection vulnerability in Arubanetworks Clearpass A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. | 8.8 |
| 2021-04-29 | CVE-2021-25167 | OS Command Injection vulnerability in Arubanetworks Airwave A remote unauthorized access vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. | 8.8 |
| 2021-04-29 | CVE-2021-25166 | OS Command Injection vulnerability in Arubanetworks Airwave A remote unauthorized access vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. | 8.8 |
| 2021-04-27 | CVE-2020-22000 | OS Command Injection vulnerability in Homeautomation Project Homeautomation 3.3.2 HomeAutomation 3.3.2 suffers from an authenticated OS command execution vulnerability using custom command v0.1 plugin. | 8.0 |
| 2021-04-27 | CVE-2021-30642 | OS Command Injection vulnerability in Symantec Security Analytics An input validation flaw in the Symantec Security Analytics web UI 7.2 prior 7.2.7, 8.1, prior to 8.1.3-NSR3, 8.2, prior to 8.2.1-NSR2 or 8.2.2 allows a remote, unauthenticated attacker to execute arbitrary OS commands on the target with elevated privileges. | 9.8 |
| 2021-04-26 | CVE-2021-20711 | OS Command Injection vulnerability in NEC Aterm Wg2600Hs Firmware 1.3.2/1.5.1 Aterm WG2600HS firmware Ver1.5.1 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. | 9.8 |
| 2021-04-26 | CVE-2021-20708 | OS Command Injection vulnerability in NEC products NEC Aterm devices (Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and earlier) allow authenticated attackers to execute arbitrary OS commands by sending a specially crafted request to a specific URL. | 7.2 |