Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2023-12-26 CVE-2023-51098 OS Command Injection vulnerability in Tenda W9 Firmware 1.0.0.7(4456)Cn
Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formSetDiagnoseInfo .
network
low complexity
tenda CWE-78
critical
9.8
2023-12-26 CVE-2023-51099 OS Command Injection vulnerability in Tenda W9 Firmware 1.0.0.7(4456)Cn
Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formexeCommand .
network
low complexity
tenda CWE-78
critical
9.8
2023-12-26 CVE-2023-51100 OS Command Injection vulnerability in Tenda W9 Firmware 1.0.0.7(4456)Cn
Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formGetDiagnoseInfo .
network
low complexity
tenda CWE-78
critical
9.8
2023-12-26 CVE-2023-45741 OS Command Injection vulnerability in Buffalo Vr-S1000 Firmware
VR-S1000 firmware Ver.
low complexity
buffalo CWE-78
6.8
2023-12-25 CVE-2022-39818 OS Command Injection vulnerability in Nokia Network Functions Manager for Transport 19.9
In NOKIA NFM-T R19.9, an OS Command Injection vulnerability occurs in /cgi-bin/R19.9/log.pl of the VM Manager WebUI via the cmd HTTP GET parameter.
network
low complexity
nokia CWE-78
8.8
2023-12-23 CVE-2023-7002 OS Command Injection vulnerability in Backupbliss Backup Migration
The Backup Migration plugin for WordPress is vulnerable to OS Command Injection in all versions up to, and including, 1.3.9 via the 'url' parameter.
network
low complexity
backupbliss CWE-78
7.2
2023-12-22 CVE-2023-50147 OS Command Injection vulnerability in Totolink A3700R Firmware 9.1.2U.5822B20200513
There is an arbitrary command execution vulnerability in the setDiagnosisCfg function of the cstecgi .cgi of the TOTOlink A3700R router device in its firmware version V9.1.2u.5822_B20200513.
network
low complexity
totolink CWE-78
critical
9.8
2023-12-22 CVE-2023-51033 OS Command Injection vulnerability in Totolink Ex1200L Firmware 9.3.5U.6146B20201023
TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi setOpModeCfg interface.
network
low complexity
totolink CWE-78
critical
9.8
2023-12-22 CVE-2023-51035 OS Command Injection vulnerability in Totolink Ex1200L Firmware 9.3.5U.6146B20201023
TOTOLINK EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution on the cstecgi.cgi NTPSyncWithHost interface.
network
low complexity
totolink CWE-78
critical
9.8
2023-12-22 CVE-2023-51028 OS Command Injection vulnerability in Totolink Ex1800T Firmware 9.1.0Cu.2112B20220316
TOTOLINK EX1800T 9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the apcliChannel parameter of the setWiFiExtenderConfig interface of the cstecgi.cgi.
network
low complexity
totolink CWE-78
critical
9.8