Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-09 | CVE-2018-0630 | OS Command Injection vulnerability in NEC Aterm W300P Firmware 1.0.12/1.0.13/1.0.3 Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via sysCmd parameter. | 7.2 |
| 2019-01-09 | CVE-2018-0629 | OS Command Injection vulnerability in NEC Aterm W300P Firmware 1.0.12/1.0.13/1.0.3 Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via HTTP request and response. | 7.2 |
| 2019-01-09 | CVE-2018-0628 | OS Command Injection vulnerability in NEC Aterm Wg1200Hp Firmware 1.0.31/1.0.8 Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via HTTP request and response. | 7.2 |
| 2019-01-09 | CVE-2018-0627 | OS Command Injection vulnerability in NEC Aterm Wg1200Hp Firmware 1.0.31/1.0.8 Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via targetAPSsid parameter. | 7.2 |
| 2019-01-09 | CVE-2018-0626 | OS Command Injection vulnerability in NEC Aterm Wg1200Hp Firmware 1.0.31/1.0.8 Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via sysCmd in formWsc parameter. | 7.2 |
| 2019-01-09 | CVE-2018-0625 | OS Command Injection vulnerability in NEC Aterm Wg1200Hp Firmware 1.0.31/1.0.8 Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via formSysCmd parameter. | 7.2 |
| 2019-01-02 | CVE-2018-20114 | OS Command Injection vulnerability in Dlink Dir-818Lw Firmware and Dir-860L Firmware On D-Link DIR-818LW Rev.A 2.05.B03 and DIR-860L Rev.B 2.03.B03 devices, unauthenticated remote OS command execution can occur in the soap.cgi service of the cgibin binary via an "&&" substring in the service parameter. | 9.8 |
| 2018-12-31 | CVE-2018-6342 | OS Command Injection vulnerability in Facebook React-Dev-Utils react-dev-utils on Windows allows developers to run a local webserver for accepting various commands, including a command to launch an editor. | 9.8 |
| 2018-12-31 | CVE-2018-18600 | OS Command Injection vulnerability in Guardzilla 180 Indoor Firmware and 180 Outdoor Firmware The remote upgrade feature in Guardzilla GZ180 devices allow command injection via a crafted new firmware version parameter. | 8.1 |
| 2018-12-28 | CVE-2018-15007 | OS Command Injection vulnerability in Skydevices SKY Elite 6.0L+ Firmware Sky/X6069Trxl601Sky/X6069Trxl601Sky:6.0/Mra58K/1482897127:User/Releasekeys The Sky Elite 6.0L+ Android device with a build fingerprint of SKY/x6069_trx_l601_sky/x6069_trx_l601_sky:6.0/MRA58K/1482897127:user/release-keys contains a pre-installed platform app with a package name of com.fw.upgrade.sysoper (versionCode=238, versionName=2.3.8) that contains an exported broadcast receiver app component named com.adups.fota.sysoper.WriteCommandReceiver that allows any app co-located on the device to supply arbitrary commands to be executed as the system user. | 7.8 |