Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2019-03-30 CVE-2019-10658 OS Command Injection vulnerability in Grandstream Gwn7610 Firmware
Grandstream GWN7610 before 1.0.8.18 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/controller.icc.update_nds_webroot_from_tmp update_nds_webroot_from_tmp API call.
network
low complexity
grandstream CWE-78
8.8
2019-03-30 CVE-2019-10657 OS Command Injection vulnerability in Grandstream Gwn7000 Firmware and Gwn7610 Firmware
Grandstream GWN7000 before 1.0.6.32 and GWN7610 before 1.0.8.18 devices allow remote authenticated users to discover passwords via a /ubus/uci.apply config request.
network
low complexity
grandstream CWE-78
6.5
2019-03-30 CVE-2019-10656 OS Command Injection vulnerability in Grandstream Gwn7000 Firmware
Grandstream GWN7000 before 1.0.6.32 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/uci.apply update_nds_webroot_from_tmp API call.
network
low complexity
grandstream CWE-78
8.8
2019-03-30 CVE-2019-10655 OS Command Injection vulnerability in Grandstream products
Grandstream GAC2500 1.0.3.35, GXP2200 1.0.3.27, GVC3202 1.0.3.51, GXV3275 before 1.0.3.219 Beta, and GXV3240 before 1.0.3.219 Beta devices allow unauthenticated remote code execution via shell metacharacters in a /manager?action=getlogcat priority field, in conjunction with a buffer overflow (via the phonecookie cookie) to overwrite a data structure and consequently bypass authentication.
network
low complexity
grandstream CWE-78
critical
9.8
2019-03-28 CVE-2019-1745 OS Command Injection vulnerability in Cisco IOS XE
A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with elevated privileges.
local
low complexity
cisco CWE-78
7.8
2019-03-26 CVE-2019-10061 OS Command Injection vulnerability in Node-Opencv Project Node-Opencv
utils/find-opencv.js in node-opencv (aka OpenCV bindings for Node.js) prior to 6.1.0 is vulnerable to Command Injection.
network
low complexity
node-opencv-project CWE-78
critical
9.8
2019-03-21 CVE-2018-3969 OS Command Injection vulnerability in Getcujo Smart Firewall 7003
An exploitable vulnerability exists in the verified boot protection of the CUJO Smart Firewall.
local
low complexity
getcujo CWE-78
7.8
2019-03-21 CVE-2019-7385 OS Command Injection vulnerability in Raisecom products
An authenticated shell command injection issue has been discovered in Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and HT803G GPON products with the firmware version ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 or below, The values of the newpass and confpass parameters in /bin/WebMGR are used in a system call in the firmware.
local
low complexity
raisecom CWE-78
7.8
2019-03-21 CVE-2019-7384 OS Command Injection vulnerability in Raisecom products
An authenticated shell command injection issue has been discovered in Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and HT803G GPON products with the firmware version ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 or below.
local
low complexity
raisecom CWE-78
7.8
2019-03-21 CVE-2019-7383 OS Command Injection vulnerability in Systrome products
An issue was discovered on Systrome Cumilon ISG-600C, ISG-600H, and ISG-800W devices with firmware V1.1-R2.1_TRUNK-20181105.bin.
local
low complexity
systrome CWE-78
7.8