Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-01 | CVE-2018-5757 | OS Command Injection vulnerability in Audiocodes 420Hd IP Phone Firmware 3.0.0.535.106 An issue was discovered on AudioCodes 450HD IP Phone devices with firmware 3.0.0.535.106. | 8.8 |
| 2019-04-01 | CVE-2018-13285 | OS Command Injection vulnerability in Synology Router Manager Command injection vulnerability in ftpd in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command. | 8.8 |
| 2019-04-01 | CVE-2018-13284 | OS Command Injection vulnerability in Synology Diskstation Manager Command injection vulnerability in ftpd in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command. | 8.8 |
| 2019-03-30 | CVE-2019-10662 | OS Command Injection vulnerability in Grandstream Ucm6204 Firmware Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the backupUCMConfig file-backup parameter to the /cgi? URI. | 8.8 |
| 2019-03-30 | CVE-2019-10660 | OS Command Injection vulnerability in Grandstream Gxv3611Ir HD Firmware Grandstream GXV3611IR_HD before 1.0.3.23 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the /goform/systemlog?cmd=set logserver field. | 8.8 |
| 2019-03-30 | CVE-2019-10659 | OS Command Injection vulnerability in Grandstream Gxv3370 Firmware and Wp820 Firmware Grandstream GXV3370 before 1.0.1.41 and WP820 before 1.0.3.6 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in a /manager?action=getlogcat priority field. | 8.8 |
| 2019-03-30 | CVE-2019-10658 | OS Command Injection vulnerability in Grandstream Gwn7610 Firmware Grandstream GWN7610 before 1.0.8.18 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/controller.icc.update_nds_webroot_from_tmp update_nds_webroot_from_tmp API call. | 8.8 |
| 2019-03-30 | CVE-2019-10657 | OS Command Injection vulnerability in Grandstream Gwn7000 Firmware and Gwn7610 Firmware Grandstream GWN7000 before 1.0.6.32 and GWN7610 before 1.0.8.18 devices allow remote authenticated users to discover passwords via a /ubus/uci.apply config request. | 6.5 |
| 2019-03-30 | CVE-2019-10656 | OS Command Injection vulnerability in Grandstream Gwn7000 Firmware Grandstream GWN7000 before 1.0.6.32 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/uci.apply update_nds_webroot_from_tmp API call. | 8.8 |
| 2019-03-30 | CVE-2019-10655 | OS Command Injection vulnerability in Grandstream products Grandstream GAC2500 1.0.3.35, GXP2200 1.0.3.27, GVC3202 1.0.3.51, GXV3275 before 1.0.3.219 Beta, and GXV3240 before 1.0.3.219 Beta devices allow unauthenticated remote code execution via shell metacharacters in a /manager?action=getlogcat priority field, in conjunction with a buffer overflow (via the phonecookie cookie) to overwrite a data structure and consequently bypass authentication. | 9.8 |