Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-05 | CVE-2019-17642 | OS Command Injection vulnerability in Centreon An issue was discovered in Centreon before 18.10.8, 19.10.1, and 19.04.2. | 8.8 |
| 2020-03-05 | CVE-2020-10173 | OS Command Injection vulnerability in Comtrend Vr-3033 Firmware De11416Ssgc01R02.A2Pvi042J1.D26M Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m devices have Multiple Authenticated Command Injection vulnerabilities via the ping and traceroute diagnostic pages, as demonstrated by shell metacharacters in the pingIpAddress parameter to ping.cgi. | 8.8 |
| 2020-03-05 | CVE-2019-20501 | OS Command Injection vulnerability in Dlink Dwl-2600Ap Firmware 4.2.0.15 D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Upgrade Firmware functionality in the Web interface, using shell metacharacters in the admin.cgi?action=upgrade firmwareRestore or firmwareServerip parameter. | 7.8 |
| 2020-03-05 | CVE-2019-20500 | OS Command Injection vulnerability in Dlink Dwl-2600Ap Firmware 4.2.0.15 D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_save configBackup or downloadServerip parameter. | 7.8 |
| 2020-03-05 | CVE-2019-20499 | OS Command Injection vulnerability in Dlink Dwl-2600Ap Firmware 4.2.0.15 D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Restore Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_restore configRestore or configServerip parameter. | 7.8 |
| 2020-03-04 | CVE-2020-9054 | OS Command Injection vulnerability in Zyxel products Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. | 9.8 |
| 2020-03-04 | CVE-2020-3176 | OS Command Injection vulnerability in Cisco products A vulnerability in Cisco Remote PHY Device Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. | 6.7 |
| 2020-03-04 | CVE-2020-5535 | OS Command Injection vulnerability in Plathome Openblocks IOT VX2 Firmware OpenBlocks IoT VX2 prior to Ver.4.0.0 (Ver.3 Series) allows an attacker on the same network segment to execute arbitrary OS commands with root privileges via unspecified vectors. | 8.8 |
| 2020-03-02 | CVE-2019-20488 | OS Command Injection vulnerability in Netgear Wnr1000 Firmware 1.1.0.54 An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. | 9.8 |
| 2020-02-28 | CVE-2019-10804 | OS Command Injection vulnerability in Serial-Number Project Serial-Number serial-number through 1.3.0 allows execution of arbritary commands. | 9.8 |