Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2019-01-09 CVE-2018-0637 OS Command Injection vulnerability in NEC Aterm Hc100Rc Firmware 1.0.1
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via export.cgi encKey parameter.
network
low complexity
nec CWE-78
7.2
7.2
2019-01-09 CVE-2018-0636 OS Command Injection vulnerability in NEC Aterm Hc100Rc Firmware 1.0.1
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via FactoryPassword parameter of a certain URL, different URL from CVE-2018-0634.
network
low complexity
nec CWE-78
7.2
7.2
2019-01-09 CVE-2018-0635 OS Command Injection vulnerability in NEC Aterm Hc100Rc Firmware 1.0.1
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via filename parameter.
network
low complexity
nec CWE-78
7.2
7.2
2019-01-09 CVE-2018-0634 OS Command Injection vulnerability in NEC Aterm Hc100Rc Firmware 1.0.1
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via FactoryPassword parameter or bootmode parameter of a certain URL.
network
low complexity
nec CWE-78
7.2
7.2
2019-01-09 CVE-2018-0631 OS Command Injection vulnerability in NEC Aterm W300P Firmware 1.0.12/1.0.13/1.0.3
Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via targetAPSsid parameter.
network
low complexity
nec CWE-78
7.2
7.2
2019-01-09 CVE-2018-0630 OS Command Injection vulnerability in NEC Aterm W300P Firmware 1.0.12/1.0.13/1.0.3
Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via sysCmd parameter.
network
low complexity
nec CWE-78
7.2
7.2
2019-01-09 CVE-2018-0629 OS Command Injection vulnerability in NEC Aterm W300P Firmware 1.0.12/1.0.13/1.0.3
Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via HTTP request and response.
network
low complexity
nec CWE-78
7.2
7.2
2019-01-09 CVE-2018-0628 OS Command Injection vulnerability in NEC Aterm Wg1200Hp Firmware 1.0.31/1.0.8
Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via HTTP request and response.
network
low complexity
nec CWE-78
7.2
7.2
2019-01-09 CVE-2018-0627 OS Command Injection vulnerability in NEC Aterm Wg1200Hp Firmware 1.0.31/1.0.8
Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via targetAPSsid parameter.
network
low complexity
nec CWE-78
7.2
7.2
2019-01-09 CVE-2018-0626 OS Command Injection vulnerability in NEC Aterm Wg1200Hp Firmware 1.0.31/1.0.8
Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via sysCmd in formWsc parameter.
network
low complexity
nec CWE-78
7.2
7.2