Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-29 | CVE-2018-18728 | OS Command Injection vulnerability in Tenda Ac15 Firmware, Ac18 Firmware and AC9 Firmware An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. | 9.8 |
| 2018-10-24 | CVE-2018-18638 | OS Command Injection vulnerability in Neatorobotics Botvac Connected Firmware 2.2.0 A command injection vulnerability in the setup API in the Neato Botvac Connected 2.2.0 allows network attackers to execute arbitrary commands via shell metacharacters in the ntp field within JSON data to the /robot/initialize endpoint. | 8.1 |
| 2018-10-24 | CVE-2018-15442 | OS Command Injection vulnerability in Cisco Webex Meetings Desktop and Webex Productivity Tools A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user. | 7.8 |
| 2018-10-19 | CVE-2018-12670 | OS Command Injection vulnerability in Sv3C H.264 POE IP Camera Firmware V2.3.4.2103S50Ntdb20170508B/V2.3.4.2103S50Ntdb20170823B SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices allow OS Command Injection. | 9.8 |
| 2018-10-17 | CVE-2018-16232 | OS Command Injection vulnerability in Ipfire An authenticated command injection vulnerability exists in IPFire Firewall before 2.21 Core Update 124 in backup.cgi. | 8.8 |
| 2018-10-17 | CVE-2018-10823 | OS Command Injection vulnerability in Dlink products An issue was discovered on D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. | 8.8 |
| 2018-10-17 | CVE-2018-3955 | OS Command Injection vulnerability in Linksys E1200 Firmware and E2500 Firmware An exploitable operating system command injection exists in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04). | 7.2 |
| 2018-10-17 | CVE-2018-3954 | OS Command Injection vulnerability in Linksys E1200 Firmware and E2500 Firmware Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04) are susceptible to OS command injection vulnerabilities due to improper filtering of data passed to and retrieved from NVRAMData entered into the 'Router Name' input field through the web portal is submitted to apply.cgi as the value to the 'machine_name' POST parameter. | 7.2 |
| 2018-10-17 | CVE-2018-3953 | OS Command Injection vulnerability in Linksys E1200 Firmware and E2500 Firmware Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04) are susceptible to OS command injection vulnerabilities due to improper filtering of data passed to and retrieved from NVRAM. | 7.2 |
| 2018-10-16 | CVE-2018-14772 | OS Command Injection vulnerability in Pydio Pydio 4.2.1 through 8.2.1 has an authenticated remote code execution vulnerability in which an attacker with administrator access to the web application can execute arbitrary code on the underlying system via Command Injection. | 7.2 |