Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-01-19 | CVE-2024-0714 | OS Command Injection vulnerability in Sourcefabric Phoniebox A vulnerability was found in MiczFlor RPi-Jukebox-RFID up to 2.5.0. | 9.8 |
2024-01-18 | CVE-2023-51217 | OS Command Injection vulnerability in Tenhot Tws-200 Firmware 4.0201809201424 An issue discovered in TenghuTOS TWS-200 firmware version:V4.0-201809201424 allows a remote attacker to execute arbitrary code via crafted command on the ping page component. | 8.8 |
2024-01-12 | CVE-2023-49254 | OS Command Injection vulnerability in Hongdian H8951-4G-Esp Firmware Authenticated user can execute arbitrary commands in the context of the root user by providing payload in the "destination" field of the network test tools. | 8.8 |
2024-01-11 | CVE-2023-51984 | OS Command Injection vulnerability in Dlink Dir-822 Firmware 1.0.2 D-Link DIR-822+ V1.0.2 was found to contain a command injection in SetStaticRouteSettings function. | 9.8 |
2024-01-11 | CVE-2024-22942 | OS Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024 TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the hostName parameter in the setWanCfg function. | 9.8 |
2024-01-11 | CVE-2024-23057 | OS Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024 TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the tz parameter in the setNtpCfg function. | 9.8 |
2024-01-11 | CVE-2024-23058 | OS Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024 TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pass parameter in the setTr069Cfg function. | 9.8 |
2024-01-11 | CVE-2024-23059 | OS Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024 TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the username parameter in the setDdnsCfg function. | 9.8 |
2024-01-11 | CVE-2024-23060 | OS Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024 TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDmzCfg function. | 9.8 |
2024-01-11 | CVE-2024-23061 | OS Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024 TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the minute parameter in the setScheduleCfg function. | 9.8 |