Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-30 | CVE-2019-10659 | OS Command Injection vulnerability in Grandstream Gxv3370 Firmware and Wp820 Firmware Grandstream GXV3370 before 1.0.1.41 and WP820 before 1.0.3.6 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in a /manager?action=getlogcat priority field. | 8.8 |
| 2019-03-30 | CVE-2019-10658 | OS Command Injection vulnerability in Grandstream Gwn7610 Firmware Grandstream GWN7610 before 1.0.8.18 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/controller.icc.update_nds_webroot_from_tmp update_nds_webroot_from_tmp API call. | 8.8 |
| 2019-03-30 | CVE-2019-10657 | OS Command Injection vulnerability in Grandstream Gwn7000 Firmware and Gwn7610 Firmware Grandstream GWN7000 before 1.0.6.32 and GWN7610 before 1.0.8.18 devices allow remote authenticated users to discover passwords via a /ubus/uci.apply config request. | 6.5 |
| 2019-03-30 | CVE-2019-10656 | OS Command Injection vulnerability in Grandstream Gwn7000 Firmware Grandstream GWN7000 before 1.0.6.32 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/uci.apply update_nds_webroot_from_tmp API call. | 8.8 |
| 2019-03-30 | CVE-2019-10655 | OS Command Injection vulnerability in Grandstream products Grandstream GAC2500 1.0.3.35, GXP2200 1.0.3.27, GVC3202 1.0.3.51, GXV3275 before 1.0.3.219 Beta, and GXV3240 before 1.0.3.219 Beta devices allow unauthenticated remote code execution via shell metacharacters in a /manager?action=getlogcat priority field, in conjunction with a buffer overflow (via the phonecookie cookie) to overwrite a data structure and consequently bypass authentication. | 7.5 |
| 2019-03-28 | CVE-2019-1745 | OS Command Injection vulnerability in Cisco IOS XE A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with elevated privileges. | 7.2 |
| 2019-03-26 | CVE-2019-10061 | OS Command Injection vulnerability in Node-Opencv Project Node-Opencv utils/find-opencv.js in node-opencv (aka OpenCV bindings for Node.js) prior to 6.1.0 is vulnerable to Command Injection. | 7.5 |
| 2019-03-21 | CVE-2018-3969 | OS Command Injection vulnerability in Getcujo Smart Firewall 7003 An exploitable vulnerability exists in the verified boot protection of the CUJO Smart Firewall. | 7.8 |
| 2019-03-21 | CVE-2019-7385 | OS Command Injection vulnerability in Raisecom products An authenticated shell command injection issue has been discovered in Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and HT803G GPON products with the firmware version ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 or below, The values of the newpass and confpass parameters in /bin/WebMGR are used in a system call in the firmware. | 7.8 |
| 2019-03-21 | CVE-2019-7384 | OS Command Injection vulnerability in Raisecom products An authenticated shell command injection issue has been discovered in Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and HT803G GPON products with the firmware version ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 or below. | 7.8 |