Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-28 | CVE-2018-15007 | OS Command Injection vulnerability in Skydevices SKY Elite 6.0L+ Firmware Sky/X6069Trxl601Sky/X6069Trxl601Sky:6.0/Mra58K/1482897127:User/Releasekeys The Sky Elite 6.0L+ Android device with a build fingerprint of SKY/x6069_trx_l601_sky/x6069_trx_l601_sky:6.0/MRA58K/1482897127:user/release-keys contains a pre-installed platform app with a package name of com.fw.upgrade.sysoper (versionCode=238, versionName=2.3.8) that contains an exported broadcast receiver app component named com.adups.fota.sysoper.WriteCommandReceiver that allows any app co-located on the device to supply arbitrary commands to be executed as the system user. | 7.8 |
| 2018-12-28 | CVE-2018-14998 | OS Command Injection vulnerability in Leagoo P1 Firmware The Leagoo P1 Android device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a hidden root privilege escalation capability to achieve command execution as the root user. | 6.8 |
| 2018-12-20 | CVE-2018-19239 | OS Command Injection vulnerability in Trendnet Tew-673Gru Firmware 1.00B40 TRENDnet TEW-673GRU v1.00b40 devices have an OS command injection vulnerability in the start_arpping function of the timer binary, which allows remote attackers to execute arbitrary commands via three parameters (dhcpd_start, dhcpd_end, and lan_ipaddr) passed to the apply.cgi binary through a POST request. | 7.2 |
| 2018-12-20 | CVE-2018-15722 | OS Command Injection vulnerability in Logitech Harmony HUB Firmware The Logitech Harmony Hub before version 4.15.206 is vulnerable to OS command injection via the time update request. | 8.1 |
| 2018-12-20 | CVE-2018-1000885 | OS Command Injection vulnerability in Phkp Project Phkp PHKP version including commit 88fd9cfdf14ea4b6ac3e3967feea7bcaabb6f03b contains a Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in function pgp_exec() phkp.php:98 that can result in It is possible to manipulate gpg-keys or execute commands remotely. | 9.8 |
| 2018-12-17 | CVE-2018-18555 | OS Command Injection vulnerability in Vyos 1.1.8 A sandbox escape issue was discovered in VyOS 1.1.8. | 9.9 |
| 2018-12-14 | CVE-2018-19007 | OS Command Injection vulnerability in Geutebrueck products In Geutebrueck GmbH E2 Camera Series versions prior to 1.12.0.25 the DDNS configuration (in the Network Configuration panel) is vulnerable to an OS system command injection as root. | 9.8 |
| 2018-12-11 | CVE-2018-20057 | OS Command Injection vulnerability in D-Link Dir-605L Firmware and Dir-619L Firmware An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. | 8.8 |
| 2018-12-06 | CVE-2018-19660 | OS Command Injection vulnerability in Moxa Nport W2X50A Firmware 1.11 An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build_18082311. | 8.8 |
| 2018-12-06 | CVE-2018-19659 | OS Command Injection vulnerability in Moxa Nport W2X50A Firmware 1.11 An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build_18082311. | 8.8 |