Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-13 | CVE-2018-19988 | OS Command Injection vulnerability in D-Link Dir-868L Firmware 2.05B02 In the /HNAP1/SetClientInfoDemo message, the AudioMute and AudioEnable parameters are vulnerable, and the vulnerabilities affect D-Link DIR-868L Rev.B 2.05B02 devices. | 9.8 |
| 2019-05-13 | CVE-2018-19987 | OS Command Injection vulnerability in multiple products D-Link DIR-822 Rev.B 202KRb06, DIR-822 Rev.C 3.10B06, DIR-860L Rev.B 2.03.B03, DIR-868L Rev.B 2.05B02, DIR-880L Rev.A 1.20B01_01_i3se_BETA, and DIR-890L Rev.A 1.21B02_BETA devices mishandle IsAccessPoint in /HNAP1/SetAccessPointMode. | 9.8 |
| 2019-05-13 | CVE-2018-19986 | OS Command Injection vulnerability in D-Link Dir-818Lw Firmware and Dir-822 Firmware In the /HNAP1/SetRouterSettings message, the RemotePort parameter is vulnerable, and the vulnerability affects D-Link DIR-818LW Rev.A 2.05.B03 and DIR-822 B1 202KRb06 devices. | 9.8 |
| 2019-05-10 | CVE-2018-7084 | OS Command Injection vulnerability in multiple products A command injection vulnerability is present that permits an unauthenticated user with access to the Aruba Instant web interface to execute arbitrary system commands within the underlying operating system. | 9.8 |
| 2019-05-10 | CVE-2018-7082 | OS Command Injection vulnerability in multiple products A command injection vulnerability is present in Aruba Instant that permits an authenticated administrative user to execute arbitrary commands on the underlying operating system. | 7.2 |
| 2019-05-09 | CVE-2019-11353 | OS Command Injection vulnerability in Engeniustech Ews660Ap Firmware 2.0.284 The EnGenius EWS660AP router with firmware 2.0.284 allows an attacker to execute arbitrary commands using the built-in ping and traceroute utilities by using different payloads and injecting multiple parameters. | 10.0 |
| 2019-05-06 | CVE-2018-4061 | OS Command Injection vulnerability in Sierrawireless Airlink Es450 Firmware 4.9.3 An exploitable command injection vulnerability exists in the ACEManager iplogging.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. | 9.0 |
| 2019-05-03 | CVE-2019-1709 | OS Command Injection vulnerability in Cisco products A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to perform a command injection attack. | 7.2 |
| 2019-05-03 | CVE-2019-1699 | OS Command Injection vulnerability in Cisco Firepower Management Center A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to perform a command injection attack. | 7.2 |
| 2019-05-02 | CVE-2017-18372 | OS Command Injection vulnerability in multiple products The Billion 5200W-T TCLinux Fw $7.3.8.0 v008 130603 router distributed by TrueOnline has a command injection vulnerability in the Time Setting function, which is only accessible by an authenticated user. | 9.0 |