Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-30 | CVE-2024-24331 | OS Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024 TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setWiFiScheduleCfg function. | 9.8 |
| 2024-01-30 | CVE-2024-24332 | OS Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024 TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the url parameter in the setUrlFilterRules function. | 9.8 |
| 2024-01-30 | CVE-2024-24333 | OS Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024 TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the desc parameter in the setWiFiAclRules function. | 9.8 |
| 2024-01-30 | CVE-2023-5372 | OS Command Injection vulnerability in Zyxel Nas326 Firmware and Nas542 Firmware The post-authentication command injection vulnerability in Zyxel NAS326 firmware versions through V5.21(AAZF.15)C0 and NAS542 firmware versions through V5.21(ABAG.12)C0 could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands by sending a crafted query parameter attached to the URL of an affected device’s web management interface. | 7.2 |
| 2024-01-29 | CVE-2023-49038 | OS Command Injection vulnerability in Buffalo Ls210D Firmware 1.780.03 Command injection in the ping utility on Buffalo LS210D 1.78-0.03 allows a remote authenticated attacker to inject arbitrary commands onto the NAS as root. | 7.2 |
| 2024-01-29 | CVE-2024-0986 | OS Command Injection vulnerability in Issabel PBX 4.0.0 A vulnerability was found in Issabel PBX 4.0.0. | 9.8 |
| 2024-01-26 | CVE-2024-0921 | OS Command Injection vulnerability in Dlink Dir-816 A2 Firmware 1.10Cnb04 A vulnerability has been found in D-Link DIR-816 A2 1.10CNB04 and classified as critical. | 9.8 |
| 2024-01-26 | CVE-2024-0918 | OS Command Injection vulnerability in Trendnet Tew-800Mb Firmware 1.0.1.0 A vulnerability was found in TRENDnet TEW-800MB 1.0.1.0 and classified as critical. | 7.2 |
| 2024-01-26 | CVE-2023-38317 | OS Command Injection vulnerability in Opennds An issue was discovered in OpenNDS before 10.1.3. | 9.8 |
| 2024-01-26 | CVE-2023-38318 | OS Command Injection vulnerability in Opennds An issue was discovered in OpenNDS before 10.1.3. | 9.8 |