Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2024-01-19 CVE-2024-0714 OS Command Injection vulnerability in Sourcefabric Phoniebox
A vulnerability was found in MiczFlor RPi-Jukebox-RFID up to 2.5.0.
network
low complexity
sourcefabric CWE-78
critical
9.8
2024-01-18 CVE-2023-51217 OS Command Injection vulnerability in Tenhot Tws-200 Firmware 4.0201809201424
An issue discovered in TenghuTOS TWS-200 firmware version:V4.0-201809201424 allows a remote attacker to execute arbitrary code via crafted command on the ping page component.
network
low complexity
tenhot CWE-78
8.8
2024-01-12 CVE-2023-49254 OS Command Injection vulnerability in Hongdian H8951-4G-Esp Firmware
Authenticated user can execute arbitrary commands in the context of the root user by providing payload in the "destination" field of the network test tools.
network
low complexity
hongdian CWE-78
8.8
2024-01-11 CVE-2023-51984 OS Command Injection vulnerability in Dlink Dir-822 Firmware 1.0.2
D-Link DIR-822+ V1.0.2 was found to contain a command injection in SetStaticRouteSettings function.
network
low complexity
dlink CWE-78
critical
9.8
2024-01-11 CVE-2024-22942 OS Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the hostName parameter in the setWanCfg function.
network
low complexity
totolink CWE-78
critical
9.8
2024-01-11 CVE-2024-23057 OS Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the tz parameter in the setNtpCfg function.
network
low complexity
totolink CWE-78
critical
9.8
2024-01-11 CVE-2024-23058 OS Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pass parameter in the setTr069Cfg function.
network
low complexity
totolink CWE-78
critical
9.8
2024-01-11 CVE-2024-23059 OS Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the username parameter in the setDdnsCfg function.
network
low complexity
totolink CWE-78
critical
9.8
2024-01-11 CVE-2024-23060 OS Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDmzCfg function.
network
low complexity
totolink CWE-78
critical
9.8
2024-01-11 CVE-2024-23061 OS Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the minute parameter in the setScheduleCfg function.
network
low complexity
totolink CWE-78
critical
9.8