Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-09 | CVE-2018-0631 | OS Command Injection vulnerability in NEC Aterm W300P Firmware 1.0.12/1.0.13/1.0.3 Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via targetAPSsid parameter. | 7.2 |
| 2019-01-09 | CVE-2018-0630 | OS Command Injection vulnerability in NEC Aterm W300P Firmware 1.0.12/1.0.13/1.0.3 Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via sysCmd parameter. | 7.2 |
| 2019-01-09 | CVE-2018-0629 | OS Command Injection vulnerability in NEC Aterm W300P Firmware 1.0.12/1.0.13/1.0.3 Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via HTTP request and response. | 7.2 |
| 2019-01-09 | CVE-2018-0628 | OS Command Injection vulnerability in NEC Aterm Wg1200Hp Firmware 1.0.31/1.0.8 Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via HTTP request and response. | 7.2 |
| 2019-01-09 | CVE-2018-0627 | OS Command Injection vulnerability in NEC Aterm Wg1200Hp Firmware 1.0.31/1.0.8 Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via targetAPSsid parameter. | 7.2 |
| 2019-01-09 | CVE-2018-0626 | OS Command Injection vulnerability in NEC Aterm Wg1200Hp Firmware 1.0.31/1.0.8 Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via sysCmd in formWsc parameter. | 7.2 |
| 2019-01-09 | CVE-2018-0625 | OS Command Injection vulnerability in NEC Aterm Wg1200Hp Firmware 1.0.31/1.0.8 Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via formSysCmd parameter. | 7.2 |
| 2019-01-02 | CVE-2018-20114 | OS Command Injection vulnerability in Dlink Dir-818Lw Firmware and Dir-860L Firmware On D-Link DIR-818LW Rev.A 2.05.B03 and DIR-860L Rev.B 2.03.B03 devices, unauthenticated remote OS command execution can occur in the soap.cgi service of the cgibin binary via an "&&" substring in the service parameter. | 9.8 |
| 2018-12-31 | CVE-2018-6342 | OS Command Injection vulnerability in Facebook React-Dev-Utils react-dev-utils on Windows allows developers to run a local webserver for accepting various commands, including a command to launch an editor. | 9.8 |
| 2018-12-31 | CVE-2018-18600 | OS Command Injection vulnerability in Guardzilla 180 Indoor Firmware and 180 Outdoor Firmware The remote upgrade feature in Guardzilla GZ180 devices allow command injection via a crafted new firmware version parameter. | 8.1 |