Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-09 | CVE-2018-0625 | OS Command Injection vulnerability in NEC Aterm Wg1200Hp Firmware 1.0.31/1.0.8 Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via formSysCmd parameter. | 7.2 |
| 2019-01-02 | CVE-2018-20114 | OS Command Injection vulnerability in Dlink Dir-818Lw Firmware and Dir-860L Firmware On D-Link DIR-818LW Rev.A 2.05.B03 and DIR-860L Rev.B 2.03.B03 devices, unauthenticated remote OS command execution can occur in the soap.cgi service of the cgibin binary via an "&&" substring in the service parameter. | 9.8 |
| 2018-12-31 | CVE-2018-6342 | OS Command Injection vulnerability in Facebook React-Dev-Utils react-dev-utils on Windows allows developers to run a local webserver for accepting various commands, including a command to launch an editor. | 9.8 |
| 2018-12-31 | CVE-2018-18600 | OS Command Injection vulnerability in Guardzilla 180 Indoor Firmware and 180 Outdoor Firmware The remote upgrade feature in Guardzilla GZ180 devices allow command injection via a crafted new firmware version parameter. | 8.1 |
| 2018-12-28 | CVE-2018-15007 | OS Command Injection vulnerability in Skydevices SKY Elite 6.0L+ Firmware Sky/X6069Trxl601Sky/X6069Trxl601Sky:6.0/Mra58K/1482897127:User/Releasekeys The Sky Elite 6.0L+ Android device with a build fingerprint of SKY/x6069_trx_l601_sky/x6069_trx_l601_sky:6.0/MRA58K/1482897127:user/release-keys contains a pre-installed platform app with a package name of com.fw.upgrade.sysoper (versionCode=238, versionName=2.3.8) that contains an exported broadcast receiver app component named com.adups.fota.sysoper.WriteCommandReceiver that allows any app co-located on the device to supply arbitrary commands to be executed as the system user. | 7.8 |
| 2018-12-28 | CVE-2018-14998 | OS Command Injection vulnerability in Leagoo P1 Firmware The Leagoo P1 Android device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a hidden root privilege escalation capability to achieve command execution as the root user. | 6.8 |
| 2018-12-20 | CVE-2018-19239 | OS Command Injection vulnerability in Trendnet Tew-673Gru Firmware 1.00B40 TRENDnet TEW-673GRU v1.00b40 devices have an OS command injection vulnerability in the start_arpping function of the timer binary, which allows remote attackers to execute arbitrary commands via three parameters (dhcpd_start, dhcpd_end, and lan_ipaddr) passed to the apply.cgi binary through a POST request. | 7.2 |
| 2018-12-20 | CVE-2018-15722 | OS Command Injection vulnerability in Logitech Harmony HUB Firmware The Logitech Harmony Hub before version 4.15.206 is vulnerable to OS command injection via the time update request. | 8.1 |
| 2018-12-20 | CVE-2018-1000885 | OS Command Injection vulnerability in Phkp Project Phkp PHKP version including commit 88fd9cfdf14ea4b6ac3e3967feea7bcaabb6f03b contains a Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in function pgp_exec() phkp.php:98 that can result in It is possible to manipulate gpg-keys or execute commands remotely. | 9.8 |
| 2018-12-17 | CVE-2018-18555 | OS Command Injection vulnerability in Vyos 1.1.8 A sandbox escape issue was discovered in VyOS 1.1.8. | 9.9 |