Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2018-11-27 CVE-2018-13338 OS Command Injection vulnerability in Terra-Master Terramaster Operating System 3.1.03
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "username" parameter during user creation.
network
low complexity
terra-master CWE-78
critical
 9.8
9.8
2018-11-27 CVE-2018-13336 OS Command Injection vulnerability in Terra-Master Terramaster Operating System 3.1.03
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "pwd" parameter during user creation.
network
low complexity
terra-master CWE-78
critical
 9.8
9.8
2018-11-27 CVE-2018-13330 OS Command Injection vulnerability in Terra-Master Terramaster Operating System 3.1.03
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands during group creation via the "groupname" parameter.
network
low complexity
terra-master CWE-78
7.2
7.2
2018-11-27 CVE-2018-16130 OS Command Injection vulnerability in MI Miwifi OS 2.22.15
System command injection in request_mitv in Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute arbitrary system commands via the "payload" URL parameter.
network
low complexity
mi CWE-78
8.8
8.8
2018-11-27 CVE-2018-13316 OS Command Injection vulnerability in Totolink A3002Ru Firmware 1.0.8
System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "subnet" POST parameter.
network
low complexity
totolink CWE-78
critical
 9.8
9.8
2018-11-27 CVE-2018-13314 OS Command Injection vulnerability in Totolink A3002Ru Firmware 1.0.8
System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ipAddr" POST parameter.
network
low complexity
totolink CWE-78
critical
 9.8
9.8
2018-11-27 CVE-2018-13307 OS Command Injection vulnerability in Totolink A3002Ru Firmware 1.0.8
System command injection in fromNtp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ntpServerIp2" POST parameter.
network
low complexity
totolink CWE-78
critical
 9.8
9.8
2018-11-27 CVE-2018-13306 OS Command Injection vulnerability in Totolink A3002Ru Firmware 1.0.8
System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ftpUser" POST parameter.
network
low complexity
totolink CWE-78
critical
 9.8
9.8
2018-11-27 CVE-2018-13023 OS Command Injection vulnerability in MI Miwifi OS 2.22.15
System command injection vulnerability in wifi_access in Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute system commands via the "timeout" URL parameter.
network
low complexity
mi CWE-78
8.8
8.8
2018-11-27 CVE-2018-16090 OS Command Injection vulnerability in Lenovo System Management Module Firmware 1.05
In System Management Module (SMM) versions prior to 1.06, the SMM certificate creation and parsing logic is vulnerable to post-authentication command injection.
network
high complexity
lenovo CWE-78
7.5
7.5